Privacy Policy - Digital Mindshare LLC

1. Introduction

Digital Mindshare LLC (“Digital Mindshare,” “we,” “us,” or “our”) is a marketing technology consulting practice registered in the State of New York. We operate the website digitalmindshare.net (the “Site”) and provide marketing technology advisory, diagnostic, and transformation services to business clients.

This Privacy Policy describes how we collect, use, store, share, and protect personal information when you visit our Site, submit inquiries through our contact form, or otherwise interact with us. It also explains your rights under applicable privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), the General Data Protection Regulation (“GDPR”), the New York SHIELD Act, and other relevant federal and state regulations.

By using our Site, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of the Site.

2. Information We Collect

2.1 Information You Provide Directly

When you submit our contact form, we collect the following personal information:

First and last name
Email address
Phone number
Free-text message describing your inquiry
Timeline preference (selected from predefined options)
Approximate marketing technology stack size (selected from predefined options)

2.2 Information Collected Automatically

When you visit the Site, certain information is collected automatically through cookies, tracking technologies, and server logs, including:

Google Analytics 4 (GA4): We use GA4 to collect aggregated usage data including pages visited, session duration, traffic sources, device type, browser type, approximate geographic location (city/region level), and interaction events. GA4 uses first-party cookies to distinguish unique users and sessions. Google may process this data on servers located in the United States. GA4 does not collect personally identifiable information by default in our configuration.

Google Tag Manager (GTM): We use GTM to manage the deployment of analytics and tracking scripts on the Site. GTM itself does not collect personal data but facilitates the loading of tags that may.

Cloudflare Turnstile: Our contact form uses Cloudflare Turnstile, a bot-detection service, to protect against spam and abuse. Turnstile may collect device and browser characteristics, interaction patterns, and IP addresses to distinguish human visitors from automated traffic. Cloudflare processes this data as a service provider subject to its own privacy policy.

CookieYes Consent Management Platform: We use CookieYes to manage cookie consent preferences on the Site. CookieYes sets a cookie to record your consent choices and may collect anonymized data about consent interactions. CookieYes processes this data as a service provider in accordance with its own privacy policy.

Server Logs: Our hosting provider, WP Engine, automatically collects standard server log information including IP addresses, browser user-agent strings, referring URLs, and timestamps of requests.

2.3 Information We Do Not Collect

We do not collect sensitive personal information as defined under the CCPA/CPRA (e.g., Social Security numbers, financial account details, precise geolocation, racial or ethnic origin, biometric data, health information, or sexual orientation). We do not collect payment information through the Site. We do not use advertising pixels (e.g., Meta Pixel, LinkedIn Insight Tag). We do not sell, share for cross-context behavioral advertising, or otherwise monetize your personal information.

3. How We Use Your Information

We use the personal information we collect for the following business purposes:

To respond to your inquiries submitted through the contact form
To evaluate whether our services are a fit for your needs
To communicate with you about potential or ongoing engagements
To analyze Site traffic and usage patterns to improve Site performance and content
To protect the Site from spam, abuse, and fraudulent activity
To manage and honor your cookie consent preferences
To comply with legal obligations and enforce our rights

We do not use your information for automated decision-making, profiling, or targeted advertising.

4. How We Share Your Information

We do not sell or share your personal information with third parties for their own marketing purposes. We may disclose your information to the following categories of service providers who assist us in operating the Site and conducting our business:

Hosting Provider (WP Engine): Provides website hosting infrastructure. WP Engine may process server log data as part of delivering hosting services.

Analytics Provider (Google LLC): Processes aggregated analytics data through Google Analytics 4 and Google Tag Manager to help us understand how visitors use the Site.

Bot Protection (Cloudflare, Inc.): Processes interaction and device data through Cloudflare Turnstile to protect the contact form from automated abuse.

Consent Management (CookieYes): Manages cookie consent preferences and records your consent choices. CookieYes processes consent interaction data as a data processor on our behalf.

Email Service: Contact form submissions are delivered to us via email through Gravity Forms. Form data transits through our hosting infrastructure to our email provider for delivery.

Scheduling Tools: We may in the future integrate a third-party scheduling tool (such as Calendly) to facilitate appointment booking. If implemented, this tool would collect your name, email address, and scheduling preferences. This Privacy Policy will be updated before any such integration is activated.

We may also disclose personal information if required by law, regulation, legal process, or governmental request, or to protect our rights, property, or safety, or the rights, property, or safety of others.

5. Cookies and Tracking Technologies

5.1 Cookie Consent

We use CookieYes as our consent management platform. When you first visit the Site, a cookie consent banner will appear allowing you to accept or decline non-essential cookies. Your preferences are stored in a cookie set by CookieYes and will be honored for subsequent visits. You may change your cookie preferences at any time by clicking the cookie settings link in the Site footer or by clearing your browser cookies and revisiting the Site.

Analytics cookies (Google Analytics 4) will not be loaded until you have provided consent, in compliance with GDPR requirements. Strictly necessary cookies (Cloudflare Turnstile, CookieYes consent record) are loaded without prior consent as they are essential to the operation and legal compliance of the Site.

5.2 Categories of Cookies

Strictly Necessary Cookies: Cloudflare Turnstile sets cookies required for bot protection and form functionality. CookieYes sets a cookie to store your consent preferences. These cookies are essential to the operation of the Site and cannot be disabled.

Analytics Cookies (Require Consent): Google Analytics 4 sets first-party cookies (e.g., _ga, _ga_[ID]) to distinguish unique users, track session activity, and measure traffic sources. These cookies typically expire between 30 minutes and 2 years depending on the specific cookie. These cookies are only loaded after you provide consent through the CookieYes banner.

5.3 Managing Cookies

You can control or delete cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified when a cookie is set. Disabling analytics cookies will not affect the functionality of the Site but will prevent us from collecting usage data about your visit. For information on managing cookies in your browser, consult your browser’s help documentation.

We honor Global Privacy Control (GPC) signals and Do Not Track (DNT) browser signals as opt-out requests where applicable under the CCPA/CPRA.

6. Data Retention

We retain personal information only for as long as reasonably necessary to fulfill the purposes for which it was collected, or as required by law. Our specific retention practices are as follows:

Contact Form Submissions: Form data is transmitted to us via email and is not stored in the website’s database. We retain inquiry emails for a maximum of 24 months from the date of submission. If an inquiry leads to a client engagement, related correspondence may be retained for the duration of the engagement plus 36 months to support contractual and legal obligations.

Analytics Data: Google Analytics data is retained according to Google’s standard retention settings. We have configured GA4 user-level data retention to 14 months. Aggregated, non-identifiable reporting data may persist beyond this period.

Cookie Consent Records: CookieYes retains records of your consent choices for the duration required to demonstrate compliance with applicable consent requirements (typically 12 months, after which consent is re-requested).

Server Logs: WP Engine retains server log data in accordance with its standard data retention policies, typically no longer than 90 days.

Cloudflare Data: Cloudflare retains Turnstile-related data in accordance with its own data processing terms, generally for limited periods necessary to provide the service.

When personal information is no longer needed for its collected purpose and is not subject to a legal retention requirement, we will delete or anonymize it within a reasonable timeframe.

7. Your Privacy Rights

7.1 Rights Under the CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
Right to Delete: You may request that we delete personal information we have collected from you, subject to certain legal exceptions.
Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising. There is no need to opt out, but you may still submit such a request and we will confirm our practices.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise any of these rights, contact us using the information provided in Section 12 below. We will verify your identity before processing your request and will respond within 45 days, as required by law.

7.2 Rights Under the GDPR (EEA/UK Residents)

If you are located in the European Economic Area or the United Kingdom, you have the following rights under the General Data Protection Regulation or UK GDPR:

Right of Access: You may request a copy of the personal data we hold about you.
Right to Rectification: You may request correction of inaccurate or incomplete data.
Right to Erasure: You may request deletion of your personal data where there is no compelling reason for continued processing.
Right to Restrict Processing: You may request that we limit how we use your data in certain circumstances.
Right to Data Portability: You may request your data in a structured, commonly used, machine-readable format.
Right to Object: You may object to the processing of your personal data based on legitimate interests.
Right to Withdraw Consent: Where processing is based on consent (including cookie consent managed through CookieYes), you may withdraw it at any time by adjusting your cookie preferences or contacting us directly.

Our legal basis for processing personal data of EEA/UK residents is legitimate interest (responding to business inquiries you initiate) and consent (for analytics cookies, managed through CookieYes). To exercise any of these rights, contact us using the information in Section 12. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

7.3 Rights Under the New York SHIELD Act

The New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act requires businesses that collect private information of New York residents to implement reasonable security safeguards. We maintain administrative, technical, and physical safeguards designed to protect the personal information of New York residents in accordance with the SHIELD Act’s requirements.

8. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

SSL/TLS encryption for all data transmitted between your browser and our Site
Cloudflare’s web application firewall and DDoS protection
Managed WordPress hosting with WP Engine, which maintains SOC 2 Type II compliance
Access controls limiting who can view contact form submissions
Regular software updates and security patches

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

9. International Data Transfers

Digital Mindshare is based in the United States. If you access the Site from outside the United States, your information may be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Site and submitting information to us, you consent to such transfer, storage, and processing. Where required by applicable law (including the GDPR), we rely on appropriate safeguards for international data transfers, including standard contractual clauses where applicable.

10. Children’s Privacy

The Site is intended for business professionals and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children under 13 (or under 16 in jurisdictions where applicable). If we become aware that we have inadvertently collected personal information from a child under the applicable age, we will take steps to delete it promptly. If you believe that a child has provided personal information to us, please contact us using the information in Section 12.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Effective Date” at the top of this page. We encourage you to review this Privacy Policy periodically. Your continued use of the Site after any changes constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, wish to exercise any of your privacy rights, or need to report a data-related concern, please contact us at:

Digital Mindshare LLC

PO Box 141

Port Jefferson Station, NY 11776

Email: info@digitalmindshare.net

We will acknowledge receipt of your request within 5 business days and respond substantively within the timeframes required by applicable law (45 days under CCPA/CPRA; 30 days under GDPR).

13. Additional Disclosures for California Residents

The following disclosures are provided in compliance with the CCPA/CPRA:

Categories of Personal Information Collected in the Preceding 12 Months: Identifiers (name, email address, phone number); Internet or other electronic network activity information (browsing history, interaction data via Google Analytics); Geolocation data (approximate, city/region level, via analytics); Inferences drawn from the above (e.g., general interest categories derived from analytics).

Business Purpose for Collection: Responding to inquiries; evaluating prospective client fit; improving the Site; protecting against fraud and abuse; managing cookie consent compliance.

Categories of Third Parties: Service providers only (hosting, analytics, bot protection, consent management, email delivery). We do not disclose personal information to third parties for purposes other than providing services on our behalf.

Sale or Sharing of Personal Information: We have not sold or shared (as defined under the CCPA/CPRA) any personal information in the preceding 12 months, nor do we intend to do so.

Retention Periods: As described in Section 6 of this Privacy Policy.

Sensitive Personal Information: We do not collect sensitive personal information as defined under the CCPA/CPRA.