Privacy Policy

1. Summary (TL;DR)

2. Information We Collect

2.1 Information you provide directly

When you fill out our contact form, request a free audit, or email us, we collect:

• Name — so we know how to address you.
• Email address — to reply to your inquiry and send project updates.
• Phone number (optional) — only if you provide it for faster communication.
• Business name and website URL — to perform the free audit.
• Project details — anything you tell us about your goals, budget, or timeline.

2.2 Information collected automatically

When you visit our website, we automatically collect:

• Technical data — IP address (truncated), browser type, device type, screen resolution.
• Usage data — pages visited, time on page, referring URL, exit page.
• Cookies — see Section 4 below.

2.3 Information from third parties

We do not buy, rent, or import contact lists. Every lead we contact is sourced through publicly available business directories (e.g., Google Maps, Yelp) or our own outreach. If you received an email from us and wish to opt out, see Section 8.

3. How We Use Your Information

We use your information for these specific, legitimate purposes:

• To respond to your inquiry and deliver the free website audit you requested.
• To deliver our services — project communication, file sharing, invoicing.
• To send project updates during an active engagement.
• To improve our website and services — analyzing which content is useful.
• To send marketing emails — only if you've explicitly opted in, and only until you unsubscribe.
• For cold outreach — we may email businesses we identify as potential clients, based on publicly available information. Every email includes a one-click unsubscribe link.
• Legal compliance — retaining records as required by tax and business law.

We do not: sell your data, use it for unrelated purposes, or profile you for third-party advertising.

4. Cookies & Tracking Technologies

We use a minimal set of cookies. Here's the full inventory:

• Essential cookies — remembering your cookie consent preference. Always active.
• Analytics cookies — anonymous traffic statistics (e.g., page views). Active only after you accept.
• Preference cookies — remembering settings like dark mode (if implemented).

We do not use advertising cookies, cross-site tracking pixels, or fingerprinting.

Managing cookies

You can control cookies through:

• The cookie consent banner shown on first visit.
• Your browser settings (most browsers let you block or delete cookies).
• Opting out of analytics via Google's opt-out tool.

Note: Blocking essential cookies may prevent the contact form from working correctly.

5. Information Sharing

We do not sell, rent, or trade your personal information. We share data only in these limited cases:

• Service providers — we use third-party tools (listed in Section 6) that process data on our behalf under strict contracts.
• Legal requirements — if compelled by law, court order, or government regulation.
• Business transfer — in the event of a merger, acquisition, or asset sale, data may transfer to the successor entity (you'll be notified by email).
• With your consent — for any other purpose, only with your explicit permission.

6. Third-Party Services

We use the following third-party services. Each has its own privacy policy — we encourage you to review them:

• Formspree — handles contact form submissions. Their policy.
• PayPal — processes client payments. Their policy.
• Cloudflare — hosts our website and provides CDN/security. Their policy.
• Email provider (e.g., Google Workspace) — delivers our email. Their policy.
• Analytics (if enabled) — privacy-respecting analytics. We do not use Google Analytics.

These providers are contractually bound to process data only as we instruct and to maintain appropriate security.

7. Data Retention

We keep your data only as long as needed for the purpose it was collected:

• Contact form inquiries — 24 months, then automatically deleted unless you become a client.
• Client records — 7 years (required for tax and legal compliance in the US).
• Marketing email lists — until you unsubscribe, then deleted within 30 days.
• Cold outreach lists — deleted after first contact if no response, or immediately upon opt-out request.
• Website analytics — aggregated and anonymized after 13 months.

You can request early deletion at any time — see Section 8.

8. Your Privacy Rights

Depending on where you live, you may have the following rights over your personal data:

8.1 GDPR rights (EU/UK residents)

• Access — request a copy of your data.
• Rectification — correct inaccurate data.
• Erasure ("right to be forgotten") — request deletion.
• Restriction — limit how we use your data.
• Data portability — receive your data in a machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — at any time, without giving a reason.

You also have the right to lodge a complaint with your local data protection authority (e.g., ICO in the UK).

8.2 CCPA/CPRA rights (California residents)

• Know — what personal information we collect and who we share it with.
• Delete — request deletion of your personal information.
• Opt-out — of the "sale" or "sharing" of personal information. (We don't sell data, but you can opt out anyway.)
• Limit — the use of sensitive personal information.
• Non-discrimination — we won't deny service for exercising these rights.

8.3 CAN-SPAM rights (US email recipients)

• Every marketing email includes a clear unsubscribe link.
• Unsubscribe requests are processed within 10 business days.
• Our physical address is included in every commercial email.

8.4 How to exercise your rights

9. Data Security

We take reasonable technical and organizational measures to protect your data:

• Encryption in transit — all traffic uses HTTPS/TLS 1.2+.
• Encryption at rest — provider-managed encryption for stored data.
• Access control — data access limited to the founder; no shared credentials.
• Regular audits — quarterly review of access logs and data inventory.
• Vendor due diligence — we only use providers with strong security practices.

No system is 100% secure. In the event of a breach affecting your rights, we'll notify you and the relevant authorities within 72 hours, as required by GDPR Article 33.

10. Children's Privacy

Our services are intended for businesses and adults. We do not knowingly collect personal information from children under 13 (COPPA) or under 16 (GDPR). If you believe we've collected data from a child, please contact us and we'll delete it immediately.

11. International Data Transfers

We are based in the United States. Some of our service providers (e.g., Cloudflare, PayPal) may process data in other countries. For EU/UK residents, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• UK International Data Transfer Agreement (IDTA).
• The EU-US Data Privacy Framework (if/when our providers certify).

12. Changes to This Policy

We may update this policy from time to time. When we do:

• Material changes — we'll notify you by email (if you're a client or subscriber) and update the "Last updated" date above.
• Minor changes — only the "Last updated" date changes.
• The current version is always available at this URL.

13. Contact Us

For any privacy-related question, request, or complaint:

• Email: privacy@alpha-seed-web-design.com
• General: hello@alpha-seed-web-design.com
• Response time: within 30 days (GDPR) or 45 days (CCPA).

If you're not satisfied with our response, you have the right to complain to your local data protection authority.