Compliance Statement: This Privacy Policy complies with GDPR, CCPA, CAN-SPAM Act, COPPA, and Fair Information Practices. We are committed to protecting your personal information with transparency and respect.
Business Type: Web Design, Development, and Digital Solutions
Website Solutions is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the rights you have over that data.
2What Personal Data We Collect and Why
Contact Form Data
When you submit our contact form, we collect:
Full Name
Email Address
Message/Inquiry
Optional: Phone Number, Company Name
Purpose: To respond to your inquiry and provide requested services. Contact form data is NOT automatically added to marketing lists without your explicit consent. We retain this data for 2 years to maintain customer service history.
Comments & User-Generated Content
When you leave a comment on our site, we collect:
Your name and email address (you provide)
IP address and browser user agent string
The comment text itself
Purpose: To display and moderate comments, and to detect spam. An anonymized hash of your email may be sent to Gravatar (Gravatar Privacy Policy) to display your profile picture. You can manage your Gravatar profile at gravatar.com.
Retention: Comments and comment metadata are retained indefinitely to allow us to auto-approve follow-up comments and maintain conversation history.
Newsletter & Marketing Communications
If you explicitly opt-in to our newsletter or marketing communications, we collect:
Email address
Name (if provided)
Preferences (e.g., topics of interest)
Purpose: To send periodic newsletters, product updates, and promotional content. You will only receive marketing emails if you explicitly opt-in. We use a double opt-in process: after you submit your email, you will receive a confirmation email with a link to verify your subscription. See Unsubscribe section below.
Cookie & Tracking Data
What are cookies? Cookies are small text files placed on your device by our website to remember information about you and enhance your browsing experience.
Essential Cookies
Session Cookie: Briefly stored to check if your browser accepts cookies (contains no personal data; deleted when you close your browser)
Login Cookies (if applicable): Last 2 days; remembers your login session. Select "Remember Me" to extend to 2 weeks
Comment Form Cookies: Saves your name, email, and website (if provided) for future comments; expires in 1 year
Analytics & Tracking
We may use third-party analytics services to understand how visitors interact with our website. Currently, we do not use Google Analytics or similar tools, but may enable them in the future. If enabled, we will update this policy and clearly disclose which analytics services are active.
If we enable Google Analytics: Data collected includes device type, browser, pages visited, time on page, referral source, and aggregated demographics. Google Analytics data is anonymized and governed by Google's Privacy Policy.
Media & Image Uploads
If you upload images to our website, avoid uploading images with embedded location data (EXIF GPS). Visitors to the website can download and extract location data from images, so please remove sensitive metadata before uploading.
Server Logs
Our web server automatically collects:
IP address
Browser type and version
Pages accessed and time spent
Referrer URL
Errors and requests
Purpose: To diagnose technical issues, optimize performance, and detect security threats. Server logs are retained for 90 days, then deleted.
3How We Use Your Information
We use your personal data for the following purposes:
Customer Service: To respond to inquiries, answer questions, and provide technical support
Transaction Processing: To process orders, invoices, and payments for services rendered
Marketing: To send newsletters, product updates, and promotional content (only to opted-in subscribers)
Site Improvement: To analyze usage patterns and improve website features and functionality
Spam Detection: To filter comments and prevent fraudulent activity
Legal Compliance: To comply with applicable laws, regulations, and legal requests from authorities
Security: To detect, prevent, and respond to fraud, abuse, and security incidents
4Legal Basis for Processing (GDPR)
GDPR Compliant
For users in the European Union and other jurisdictions with GDPR-equivalent laws, we process your data based on one or more of the following legal grounds:
Consent: You have explicitly given permission (e.g., newsletter sign-up, contact form submission)
Contract Performance: We need your data to provide services you've requested (e.g., web design, technical support)
Legal Obligation: We are required by law to process your data (e.g., tax records, fraud prevention)
Legitimate Interest: We have a legitimate business interest that does not override your privacy rights (e.g., improving website security, preventing abuse)
5Data Retention
We retain personal data only for as long as necessary to fulfill the purposes listed above or as required by law:
Contact Form Submissions: 2 years (for customer service and legal records)
Comments & Metadata: Indefinitely (to manage and moderate comments)
Newsletter/Marketing Lists: Until you unsubscribe
Customer Accounts (if registered): Until account deletion; you can request deletion at any time
Server Logs: 90 days, then automatically deleted
Website Analytics: Per Google's retention policy (typically 26 months)
Login & Session Cookies: 2 days (or 2 weeks if "Remember Me" is selected)
Comment Preference Cookies: 1 year
Important: Even after deletion, backup copies may exist for up to 60 days due to standard data backup procedures. However, these backups will not be used for any active business purposes.
6Your Rights Over Your Data
GDPR CompliantCCPA Compliant
EU / GDPR Users
If you reside in the European Union or equivalent jurisdiction, you have the following rights:
Right of Access: Request a copy of all personal data we hold about you
Right to Rectification: Request correction of inaccurate or incomplete data
Right to Erasure ("Right to Be Forgotten"): Request deletion of your personal data (with exceptions for legal/contractual obligations)
Right to Data Portability: Request your data in a portable, machine-readable format (e.g., CSV, JSON)
Right to Restrict Processing: Request that we limit how we use your data
Right to Object: Object to marketing communications, profiling, or processing based on legitimate interest
Right to Withdraw Consent: Withdraw consent for any processing where consent is the legal basis
Right to Lodge a Complaint: File a complaint with your local data protection authority if you believe we've violated your rights
California / CCPA Users
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
Right to Know: Request what personal information we collect, use, and share
Right to Delete: Request deletion of personal information we've collected
Right to Opt-Out of Sale: Opt-out of the sale or sharing of your personal information (we do not sell data; see below)
Right to Correct: Request correction of inaccurate personal information
Right to Limit Use: Limit our use of your sensitive personal information
How to Exercise Your Rights
To exercise any of these rights, please contact us at:
7Third Parties & Data Sharing
What We Do NOT Do
We do NOT sell or trade your personal information to third parties
We do NOT share your data with marketing companies without your explicit consent
We do NOT use your data to create profiles for targeted advertising (except for retargeting pixels you've consented to)
Third Parties We Engage
We may share your data with third-party service providers only when necessary to provide services you've requested. These partners are contractually obligated to keep your information confidential:
Web Hosting Provider: Stores website files and databases; they have access to server logs and contact form data
Email Service Provider (if applicable): Manages newsletter distribution; they have access to subscriber email addresses and names
Spam Detection Service: Analyzes comments to detect and filter spam
Gravatar (Automattic): Displays profile pictures for commenters; receives anonymized email hash only
Analytics Service (if enabled): Collects anonymized usage data; governed by their privacy policy
Payment Processor (if applicable): Processes payments; has access to transactional data
Data Sharing with Legal Authorities
We may disclose your information when required by law or in response to:
Valid legal process (subpoena, court order, search warrant)
Government or law enforcement requests
Protection of our rights, privacy, safety, or property
Protection of users from fraudulent, harmful, or illegal activity
Data Transfers Outside Your Country
If our hosting provider or service partners are located outside your country (e.g., EU residents whose data is processed by US-based companies), we ensure adequate safeguards are in place, such as:
Data Processing Agreements (DPA) with Standard Contractual Clauses (SCC)
Adequacy Decisions (e.g., EU-US Data Privacy Framework)
Binding Corporate Rules (BCR) where applicable
8How We Protect Your Information
Security Measures
HTTPS Encryption: Our website uses SSL/TLS encryption for all data transmitted between your browser and our servers (indicated by the padlock icon in your browser)
Regular Security Scanning: Our website is scanned weekly for security vulnerabilities and malware
Malware Protection: We use real-time malware monitoring and removal tools
Firewall: Our servers are protected by a Web Application Firewall (WAF) to block malicious traffic
Access Controls: Only authorized personnel have access to customer data; access is logged and monitored
Password Security: Passwords are hashed and salted using industry-standard algorithms; we never store plain-text passwords
Regular Backups: Data is backed up daily; backups are encrypted and stored securely
Limitations
While we implement comprehensive security measures, no system is 100% secure. We cannot guarantee absolute security of your information transmitted over the internet. You acknowledge the inherent risks of online data transmission.
9Compliance & Regulations
GDPRGeneral Data Protection Regulation (GDPR)
We comply with the GDPR for all EU and UK residents. This includes providing transparent privacy notices, respecting data subject rights, conducting Data Protection Impact Assessments (DPIA) for risky processing, and maintaining Data Processing Agreements with service providers.
CCPACalifornia Consumer Privacy Act (CCPA)
We comply with the CCPA for California residents. We provide transparent notice, honor consumer rights requests, do not sell personal information, and do not discriminate against consumers for exercising their rights.
CAN-SPAMCAN-SPAM Act
All marketing emails comply with the CAN-SPAM Act requirements:
Clear identification that the email is an advertisement
We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided personal information, we will promptly delete that data and not use it for any purpose.
If you believe a child under 13 has submitted information to our website, please contact us immediately at privacy@904websitesolutions.com.
Fair Information PracticesFair Information Practices Principles
Our privacy practices align with the Fair Information Practices Principles, which form the foundation of US privacy law and have influenced global data protection standards. We have implemented the following practices:
Notice/Awareness: This privacy policy clearly discloses what data we collect and how we use it
Choice/Consent: You have control over your data; we seek explicit consent for marketing communications and optional processing
Access/Participation: You can request to see, update, or delete your personal data
Integrity/Security: We maintain accurate, complete information and protect it with security measures
Enforcement/Redress: Individuals have legal recourse if we fail to comply with this policy
10Contact Us
Privacy Inquiries & Data Subject Requests
If you have questions about this Privacy Policy or wish to exercise any of your rights, please contact our Data Protection team:
Unsubscribe from Marketing Communications
CAN-SPAMTo unsubscribe from our newsletter or marketing emails:
Method 1 (Recommended): Click the "Unsubscribe" link at the bottom of any marketing email. Your email will be removed from our list within 10 business days.
Note: Unsubscribing from marketing communications will not affect transactional emails (order confirmations, password resets, service announcements).
Report a Privacy Violation
If you believe we have violated your privacy rights, please contact us immediately at privacy@904websitesolutions.com. We take all complaints seriously and will investigate thoroughly.
Additional Options:
EU Residents: File a complaint with your national Data Protection Authority. Find your authority here.
California Residents: File a complaint with the California Attorney General. Learn more.
Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:
Posting the updated policy on our website with a new "Last Updated" date
Sending a notification email to registered users (if applicable)
Requiring your consent for material changes that affect how we process your data
Your continued use of our website after policy updates constitutes your acceptance of the changes.
