Privacy Policy

Last Updated: February 17, 2025

Effective Date: February 17, 2025 — NovaCraft Digital LLC ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

Information We Collect
How We Collect Information
How We Use Your Information
Legal Basis for Processing (GDPR)
How We Share Your Information
Data Retention
Data Security
International Data Transfers
Your Privacy Rights
California Privacy Rights (CCPA)
European Privacy Rights (GDPR)
Cookies & Tracking Technologies
Third-Party Links & Services
Children's Privacy
Changes to This Policy
Contact Information

1. Information We Collect

1.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you interact with our Website, create an account, subscribe to our services, fill out a contact form, sign up for our newsletter, or otherwise communicate with us. This information may include:

Identity Data: First name, last name, job title, and company name
Contact Data: Email address, phone number, mailing address, and billing address
Financial Data: Payment card details, billing information, and transaction history (processed and stored by our payment processor Stripe; we do not store complete card numbers)
Account Data: Username, password, account preferences, and communication preferences
Project Data: Project briefs, design requirements, brand assets, content materials, and other information you provide in connection with our services
Communication Data: Records and content of your correspondence with us, including emails, chat messages, support tickets, and phone call records

1.2 Information Collected Automatically

When you access our Website, we automatically collect certain technical and usage information through cookies, web beacons, and similar tracking technologies. This information may include:

Device Data: IP address, device type, operating system, browser type and version, screen resolution, and device identifiers
Usage Data: Pages visited, time spent on each page, click patterns, referring URLs, exit pages, date and time of visits, and browsing behavior
Location Data: Approximate geographic location derived from your IP address (city/country level only)
Performance Data: Page load times, error logs, and other diagnostic data used to monitor and improve website performance

1.3 Information from Third Parties

We may receive information about you from third-party sources, including: (a) analytics providers such as Google Analytics; (b) payment processors such as Stripe; (c) publicly available sources such as business directories and social media profiles; and (d) referral partners or clients who introduce you to our services.

2. How We Collect Information

We collect information through the following methods:

Direct Interactions: When you fill out forms, create an account, subscribe to services, send us an email, or communicate with us via phone, chat, or other channels
Automated Technologies: Through cookies, server logs, web beacons, pixels, and similar technologies when you browse our Website (see our Cookie Policy for details)
Third-Party Sources: From analytics providers, payment processors, social media platforms, and publicly available databases
Client-Provided Materials: Through content, assets, and data you upload or share with us in connection with project work

3. How We Use Your Information

We use the information we collect for the following purposes:

Purpose	Types of Data Used
Service Delivery: To provide, operate, maintain, and improve our services and deliver the Deliverables you have requested	Identity, Contact, Account, Project Data
Payment Processing: To process payments, manage billing, issue invoices, and prevent fraudulent transactions	Identity, Contact, Financial Data
Communication: To respond to inquiries, provide customer support, send service-related notices, and communicate project updates	Identity, Contact, Communication Data
Marketing: To send newsletters, promotional materials, and information about new services (with your consent where required)	Identity, Contact, Usage Data
Analytics & Improvement: To analyze website usage, understand user behavior, and improve our Website and services	Device, Usage, Performance Data
Legal Compliance: To comply with applicable laws, regulations, legal processes, and government requests	All data categories as necessary
Security: To detect, prevent, and address technical issues, fraud, and security threats	Device, Usage, Identity Data

We will not use your personal information for purposes materially different from those described above without providing you with notice and, where required by law, obtaining your consent.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):

Contractual Necessity: Processing is necessary for the performance of our contract with you (e.g., delivering services, processing payments)
Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving our services, marketing, fraud prevention, and network security, provided such interests are not overridden by your rights and freedoms
Consent: Where you have given explicit consent to the processing of your personal data for specific purposes (e.g., marketing communications, non-essential cookies). You may withdraw your consent at any time
Legal Obligation: Processing is necessary to comply with a legal obligation to which we are subject (e.g., tax reporting, responding to lawful requests from public authorities)

5. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information with the following categories of recipients:

Service Providers: Third-party vendors who assist us in operating our business, including payment processors (Stripe), hosting providers, email service providers, analytics platforms (Google Analytics), customer support tools, and project management software. These providers are contractually obligated to use your data only for the purposes of providing services to us and are bound by confidentiality obligations
Professional Advisors: Attorneys, accountants, auditors, and insurance providers as necessary for professional advice, compliance, and risk management
Legal Authorities: When required by law, regulation, legal process, or government request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request
Business Transfers: In connection with any merger, acquisition, sale of company assets, financing, or transfer of all or a portion of our business to another company, your information may be transferred as part of the transaction. We will notify you of any such change and the choices you may have regarding your information
With Your Consent: We may share your information with third parties when you have given us explicit permission to do so

6. Data Retention

We retain your personal information only for as long as reasonably necessary to fulfill the purposes for which it was collected, including to satisfy any legal, regulatory, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data, whether we can achieve those purposes through other means, and applicable legal requirements.

In general:

Active client data: Retained for the duration of the business relationship plus three (3) years after the last interaction
Financial and billing records: Retained for seven (7) years in accordance with IRS requirements and applicable tax laws
Project files and deliverables: Retained for one (1) year after project completion, unless otherwise agreed with the client
Marketing and newsletter data: Retained until you unsubscribe or request deletion
Website analytics data: Retained for twenty-six (26) months, consistent with Google Analytics default settings

Upon expiration of the applicable retention period, personal data will be securely deleted or anonymized in accordance with our data destruction procedures.

7. Data Security

We implement appropriate technical and organizational security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit using TLS/SSL protocols
Encryption of sensitive data at rest
Secure password hashing and multi-factor authentication for internal systems
Regular security assessments and vulnerability testing
Access controls that limit access to personal data to authorized personnel who need the information to perform their duties
Regular employee training on data protection and security best practices
Incident response procedures for promptly addressing security breaches

While we strive to protect your personal information using commercially reasonable safeguards, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data. In the event of a data breach that may affect your personal information, we will notify you and the relevant authorities as required by applicable law.

8. International Data Transfers

Our operations are based in the United States. If you are located outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. The data protection laws of these countries may differ from those of your jurisdiction.

For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on: (a) Standard Contractual Clauses approved by the European Commission; (b) the data recipient's certification under an applicable data transfer framework; or (c) other lawful transfer mechanisms as appropriate. By providing your information to us, you consent to the transfer and processing of your data in the United States and other jurisdictions as described herein.

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. Subject to applicable law, these may include:

Right of Access: The right to request a copy of the personal information we hold about you
Right to Rectification: The right to request correction of inaccurate or incomplete personal information
Right to Erasure: The right to request deletion of your personal information, subject to certain exceptions (e.g., legal retention requirements)
Right to Restrict Processing: The right to request that we limit the processing of your personal information under certain circumstances
Right to Data Portability: The right to receive your personal information in a structured, commonly used, and machine-readable format
Right to Object: The right to object to the processing of your personal information for certain purposes, including direct marketing
Right to Withdraw Consent: Where processing is based on consent, the right to withdraw your consent at any time without affecting the lawfulness of processing conducted prior to withdrawal
Right to Non-Discrimination: The right not to receive discriminatory treatment for exercising your privacy rights

To exercise any of these rights, please contact us at privacy@novacraftdigital.org. We will respond to your request within thirty (30) days, or within the timeframe required by applicable law. We may request verification of your identity before processing your request.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

The right to know what personal information we have collected about you in the preceding twelve (12) months, the categories of sources, the business or commercial purpose for collection, and the categories of third parties with whom we share personal information
The right to delete personal information we have collected, subject to certain exceptions
The right to correct inaccurate personal information
The right to opt out of the sale or sharing of personal information (we do not sell personal information)
The right to limit the use and disclosure of sensitive personal information

To submit a verifiable consumer request, please email privacy@novacraftdigital.org with the subject line "CCPA Request." We will verify your identity and respond within forty-five (45) days. You may designate an authorized agent to make a request on your behalf, provided you supply a signed written authorization.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, you have the rights described in Section 9 above, as well as the right to lodge a complaint with your local supervisory authority if you believe our processing of your personal data violates applicable data protection law.

For EU/UK data protection inquiries, please contact us at privacy@novacraftdigital.org. While we are a US-based company and have not appointed an EU representative at this time, we are committed to responding to all data protection requests promptly and in compliance with applicable regulations.

12. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to collect and store information when you visit our Website. For detailed information about the types of cookies we use, their purposes, and how to manage your cookie preferences, please refer to our Cookie Policy.

You can control cookie settings through your browser preferences. Please note that disabling certain cookies may affect the functionality of our Website.

13. Third-Party Links & Services

Our Website may contain links to third-party websites, services, or applications that are not operated or controlled by us. This Privacy Policy does not apply to any third-party services. We encourage you to review the privacy policies of any third-party services you access through our Website. We are not responsible for the privacy practices, content, or security of any third-party websites or services.

14. Children's Privacy

Our Services are not directed to individuals under the age of eighteen (18), and we do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete such information as promptly as possible. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@novacraftdigital.org.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will: (a) update the "Last Updated" date at the top of this page; (b) post the revised policy on our Website; and (c) notify active subscribers via email at least thirty (30) days before the changes take effect. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

16. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

NovaCraft Digital LLC
Data Protection Inquiries
30 N Gould St Ste R
Sheridan, WY 82801, USA
Email: privacy@novacraftdigital.org
Phone: +1 (307) 622-4996
Website: novacraftdigital.org

We take your privacy seriously. If you have any questions about how your data is handled, please do not hesitate to reach out. We are committed to transparency and protecting your personal information.