Iron Edge Digital homeIron Edge Digital logo

Iron Edge Digital – Privacy Policy

Effective date: September 4, 2025

Iron Edge Digital (“we,” “us,” “our”) provides website design, build, and maintenance services for small businesses. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit our website, contact us, or engage us as a client. It also explains how we handle personal information we process on behalf of our clients when we provide managed web services (hosting, DNS, analytics wiring, form integrations, edits, etc.). This policy reflects the services and support included in our Express Website Packages.

If you do not agree with this Policy, please do not use our site or services.

1) Who we are & roles under privacy laws

Controller/Business (our website & marketing): For information we collect about you when you browse our site, contact us, or buy from us, we act as a “controller” (GDPR) / “business” (CPRA).

Processor/Service Provider (client projects): For information we handle for our clients—for example, contact form submissions generated on a client site, DNS records, or analytics configuration—we act as a “processor” (GDPR) / “service provider” (CPRA) and only use that data to deliver the contracted services.

2) Information we collect

A. From visitors to our site and prospects

  • Identifiers & contact details: name, email, phone, business name, role, and any info you include when you reach out.
  • Technical data: device/browser info, pages viewed, approximate location, and similar usage data collected via cookies or analytics tools (e.g., Google Analytics 4).
  • Communications: emails you send to info@ironedgedigital.com and related correspondence.

B. From clients (to perform the services)

  • Account/admin access: delegated access or credentials you provide (e.g., domain registrar, DNS provider, email/ESP, booking tools) so we can configure domains, SSL, SPF/DKIM/DMARC, and integrations.
  • Project content & assets: logos, brand colors, copy, images, and other materials you provide.
  • Configuration & telemetry: settings for analytics (GA4/Search Console), forms, uptime monitoring, and related implementation data.
  • Limited end-user information: we may temporarily see form test submissions or minimal metadata while wiring forms or troubleshooting deliverability; production form submissions generally route directly to your inbox or your chosen provider.

We do not sell personal information and we don’t keep client-site end-user content for our own marketing.

3) How we use information

A. For our website & marketing (as controller)

  • To respond to inquiries, provide quotes, and administer our relationship.
  • To operate, secure, and improve our site; understand usage (via GA4); and prevent spam/abuse.
  • To send service messages. With your consent or as allowed by law, to send product or promotional updates (you can opt out anytime).

B. For client services (as processor/service provider)

  • To configure domains/DNS/SSL and email deliverability (SPF/DKIM/DMARC).
  • To implement analytics (GA4) and Google Search Console and submit sitemaps.
  • To host, back up (daily with 14-day retention), monitor uptime, and execute edit requests under your plan’s SLA.
  • To provide exports/migrations at your request and as described in your plan.

We use information only as necessary to deliver the contracted services, per your instructions and our agreement.

4) Cookies & tracking

  • Analytics: We use Google Analytics 4 to understand aggregate traffic and conversions. GA4 uses cookies and similar technologies; see Google’s docs for details on how GA4 handles IP and event data.
  • Spam protection: We may use honeypots or reCAPTCHA-style checks on forms to reduce spam.
  • Your controls: You can adjust cookie settings in your browser. If we display a cookie banner on our site, use it to manage optional analytics cookies.

5) Legal bases (EEA/UK only)

Where GDPR applies, our legal bases include:

  • Contract: to deliver services.
  • Legitimate interests: site security, quality improvements.
  • Consent: where required for certain cookies/marketing.
  • Legal obligations: records, compliance.

6) Sharing & disclosures

We share personal information only with:

  • Vendors/Sub-processors that help us deliver services (e.g., hosting, backup, uptime monitoring, DNS/registrar, email/ESP integrations, analytics). We require appropriate confidentiality and security commitments.
  • Payment processors for invoicing and payments (we don’t store full card data).
  • Professional services (legal/accounting) and authorities if required by law or to protect rights/security.
  • Transfers at your direction, such as handing off site exports or giving collaborators access you request.

A current list of key vendors is available on request.

7) Data retention

  • Website & sales inquiries: normally retained for up to 24 months after last interaction unless you ask us to delete sooner or we need to retain for legal/accounting.
  • Client project data: retained for the life of the engagement plus up to 36 months (to support audits, exports, or history), unless you request deletion earlier and it doesn’t conflict with legal obligations.
  • Backups: daily backups with approximately 14-day retention on hosting platforms.

8) Security

We use reasonable administrative, technical, and physical safeguards appropriate to the sensitivity of the data (least-privilege access, TLS/SSL, vendor security controls, credential hygiene). No method of transmission or storage is 100% secure; we can’t guarantee absolute security.

9) Your rights & choices

U.S. state privacy (e.g., CA/CO/CT/VA/UT)

Depending on your state, you may have rights to access, correct, delete, port, and opt out of certain data uses (e.g., targeted advertising or profiling). We do not sell personal information. To exercise rights, email support@ironedgedigital.com with the subject “Privacy Request” and tell us what you’d like to do. We may verify your identity before responding.

EEA/UK residents

You may have rights under GDPR, including access, rectification, erasure, restriction, portability, and objection. You may also lodge a complaint with your local supervisory authority.

Marketing emails

You can unsubscribe using the link in any email or by contacting us.

10) Children’s privacy

Our site and services are not directed to children under 13 (or equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children.

11) International transfers

If we transfer personal data internationally (for example, to vendors in other countries), we rely on appropriate safeguards such as standard contractual clauses or other lawful mechanisms.

12) Client responsibilities (when we act as your processor)

Clients are responsible for:

  • Providing accurate privacy notices to their own website visitors and customers.
  • Configuring their chosen analytics and marketing tools in line with applicable law.
  • Providing lawful instructions to us as their service provider/processor.

We can provide a privacy notice & cookie banner template suitable for client sites as part of Express plans.

13) Changes to this Policy

We may update this Policy from time to time. The “Effective date” will always show the latest version. Material changes will be highlighted on this page.

14) How to contact us

Questions or privacy requests: info@ironedgedigital.com