Privacy Policy
Last updated: June 16, 2026Who We Are
Surefaze Design is the data controller responsible for the processing of personal data described in this Privacy Policy.
Data Controller: Surefaze Design
Email: [email protected]
Address: Palmer, Alaska
What Data We Collect
We collect the following types of personal data when you visit our website or use our services for web design and development, marketing, CMO, and website maintenance services:
Cookie consent preferences: your choices about cookies and similar technologies (recorded through our consent management system).
Device and connection information: IP address, browser type, device type, operating system, and similar technical information needed to load and protect the website.
Contact and inquiry information: information you provide when you contact us, such as your name, email address, message content, and any information you choose to include about your project or needs.
Service and project information: information needed to provide our services, such as business details, project requirements, and communications related to delivering web design, development, marketing, CMO, or maintenance work.
Payment and billing information: billing details and payment-related information needed to process payments for our services. Payment processing is handled through payment processors; we do not need to receive or store full payment card details to provide our services.
Marketing email information: your email address and your marketing preferences when you subscribe to receive marketing communications from us.
Analytics data (with your consent): information about how you use the website, collected through analytics technologies that may use cookies or similar identifiers, to help us understand website performance and improve the site.
Sources of data:
We collect data directly from you when you contact us or provide information for services and billing.
We collect some data automatically from your device when you use the website (such as IP address and browser information).
We collect data from cookies and similar technologies where required, and non-essential cookies are used only after you make your choices through our cookie controls.
Whether you must provide data:
Providing basic technical data is necessary to use the website. Providing contact, service, and billing information is necessary if you want us to respond to you and provide paid services. Providing marketing and analytics data is optional and depends on your choices (for example, subscribing to emails or consenting to analytics).
How We Use Your Data
We use your personal data for the following purposes, each with a corresponding legal basis under applicable data protection law:
To provide our services and manage our relationship with you (contract): to deliver web design and development, marketing, CMO, and website maintenance services, manage projects, and communicate with you about the services you request.
To respond to inquiries and requests (contract): to communicate with you and provide information you request about our services, proposals, and next steps.
To process payments and billing (contract): to invoice you and process payments for services you purchase.
To send marketing emails (consent): to send newsletters or promotional communications where you have opted in. You can unsubscribe at any time using the link in the email or by contacting us.
To collect analytics data (consent): to measure and understand website usage and improve the website, where you have consented to analytics cookies or similar technologies.
To protect our website and services (legitimate interest): to maintain security, prevent abuse and fraud, and troubleshoot issues using security and technical monitoring that is necessary to keep our website reliable and secure.
Who We Share Your Data With
We share personal data only as needed to operate our website and provide our services:
Payment processors: we share billing and transaction-related information with payment processors to process payments securely and to handle refunds or payment disputes where relevant. These providers process personal data according to their own privacy policies.
Email service providers: we use email service providers to send service-related communications and, where you have consented, marketing emails. These providers process personal data according to their own privacy policies.
Analytics services: where you consent to analytics, analytics services may receive usage and device information to help us understand website performance. These providers process personal data according to their own privacy policies.
Consent management (processed internally): we use our own consent management system (Trustwards) to record and manage your cookie preferences. This data is processed internally and not shared with third parties.
We may also disclose personal data where required by law, or where necessary to establish, exercise, or defend legal claims.
International Data Transfers
Based on our latest website scan, the only detected provider related to cookies/consent is our own consent management system (Trustwards), which is based in Spain (EU). As a result, consent data recorded through Trustwards is not transferred outside the EU/EEA, the UK, or Switzerland.
If we use third-party providers located outside the EU/EEA, the UK, or Switzerland to deliver services (such as payment processing, email delivery, or analytics), we will use appropriate safeguards for those transfers as required by applicable law, such as Standard Contractual Clauses approved by the European Commission, or reliance on an adequacy framework where applicable.
How Long We Keep Your Data
Until the account is deleted.
Cookie consent records: 10 years (to demonstrate compliance and address potential claims within legal limitation periods).
Security logs and technical records: 12 months.
Tax and accounting records: 10 years (legal requirement).
Analytics data: until consent is withdrawn or according to the analytics tool retention settings.
Marketing email data: until consent is withdrawn or user unsubscribes.
Your Rights
Your rights depend on where you live and which laws apply, but we provide the rights described below where applicable.
For individuals in the EU/EEA, the UK, and Switzerland, you have the right to:
Access your personal data.
Correct inaccurate or incomplete data.
Delete your personal data (the “right to be forgotten”).
Restrict processing of your personal data.
Receive your personal data in a portable format and have it transferred where technically feasible.
Object to processing based on legitimate interests.
Withdraw consent at any time for processing based on consent (this does not affect processing that occurred before you withdrew consent).
Not be subject to automated decision-making, including profiling, that produces legal effects or similarly significantly affects you.
For California consumers, you have the right to:
Know what personal information is collected, used, shared, or sold.
Delete personal information.
Opt out of the sale or sharing of personal information for cross-context behavioral advertising (“Do Not Sell or Share My Personal Information”).
Correct inaccurate personal information.
Limit the use and disclosure of sensitive personal information.
Not be discriminated against for exercising your privacy rights.
How to exercise your rights:
To submit a request, contact us at [email protected]. We may ask for information to verify your identity and to understand your request.
Response times:
For GDPR requests, we aim to respond within one month.
For CCPA/CPRA requests, we respond within 45 days, and we may extend once by an additional 45 days when reasonably necessary, with notice to you.
Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.
Children's Privacy
Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
Data Security
We implement appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. No method of transmission over the Internet or method of electronic storage is 100% secure, so we cannot guarantee absolute security. We take reasonable precautions to reduce risk and to protect the data we process.
Data Breach Notification
We maintain procedures to detect, report, and investigate security incidents. If a personal data breach occurs that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and provide information about the nature of the breach, the likely consequences, and the measures taken or proposed to address it.
If you suspect a security issue involving our website or your personal data, please contact us at [email protected].
How to Lodge a Complaint
If you have concerns about how we handle your personal data, we encourage you to contact us first so we can try to resolve the issue.
If you are in the EU/EEA, the UK, or Switzerland, you have the right to lodge a complaint with the competent data protection authority in your jurisdiction.
If you are a California consumer, you may also contact the California Privacy Protection Agency (CPPA) at https://cppa.ca.gov/ or the California Attorney General.
Updates to This Policy
We review and update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. The “Last updated” date at the top of this policy indicates when it was last changed. If we make significant changes, we will provide notice by email or by a notice on our website. Changes take effect from the date indicated at the top of this policy. Where processing is based on consent, we will request new consent when required.
Contact Us
Email: [email protected]
Address: Palmer, Alaska
Data Controller: Surefaze Design
California Privacy Rights (CCPA/CPRA)
This section applies to California consumers and serves as our Notice at Collection.
Categories of personal information we collect (in the last 12 months):
Identifiers (such as name, email address, IP address, and other online identifiers).
Internet or other electronic network activity information (such as interactions with our website, and analytics data where you consent).
Commercial information (such as records of services purchased and billing-related details).
Professional or employment-related information (such as business contact details you provide in connection with services).
Business and commercial purposes for collecting personal information:
To provide web design and development, marketing, CMO, and website maintenance services.
To communicate with you, respond to inquiries, and provide customer support.
To process payments and manage billing.
To send marketing communications where you have chosen to receive them.
To operate, maintain, and secure our website and services.
To measure and improve website performance through analytics where you consent.
Sale or sharing of personal information:
We do not sell personal information.
We do not share personal information for cross-context behavioral advertising.
Your CCPA/CPRA rights and how to use them:
Right to know: You can request details about the personal information we collected, used, disclosed, and the purposes for doing so.
Right to delete: You can request deletion of personal information, subject to legal exceptions.
Right to correct: You can request correction of inaccurate personal information.
Right to opt out (“Do Not Sell or Share My Personal Information”): Because we do not sell or share personal information for cross-context behavioral advertising, we do not offer such processing. If this changes, we will provide a clear opt-out method. We also honor Global Privacy Control (GPC) signals as valid opt-out requests where applicable.
Right to limit use of sensitive personal information: We do not use or disclose sensitive personal information for purposes that would require offering a right to limit beyond what is permitted by law. If our practices change, we will provide the required limitation right.
Submitting requests:
Email us at [email protected] with your request. You may also use an authorized agent to submit requests on your behalf; we may require proof of authorization and may still need to verify your identity directly.
Verification:
To protect your information, we will take reasonable steps to verify your identity before fulfilling certain requests. The information we request for verification will depend on the nature of the request and the sensitivity of the information involved.
Timing and non-discrimination:
We respond to verifiable consumer requests within 45 days, with a possible extension of an additional 45 days when reasonably necessary (we will notify you if an extension is needed). We do not discriminate against you for exercising your CCPA/CPRA rights.
Privacy Notice
Last updated: June 16, 2026Notice at Collection
This Notice at Collection is provided for California consumers and explains the categories of personal information Surefaze Design collects and the business or commercial purposes for which we collect and use it, as required by the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA).
Categories of Personal Information We Collect
We collect the following categories of personal information:
Identifiers (such as name, email address, address, and phone number).
Internet or other electronic network activity information (such as browsing history, search history, and interactions).
How We Use Your Information
We collect and use personal information for the following business or commercial purposes:
To process transactions.
To provide customer support.
To improve our services.
For marketing purposes.
Sale and Sharing of Personal Information
Surefaze Design does not sell personal information and does not share personal information for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA. Based on our current website scan, we use Trustwards as our own consent management platform to help manage privacy choices; Trustwards is not a third party data recipient for these purposes.
Retention
We retain personal information for as long as necessary to fulfill the purposes described in this Notice at Collection, to comply with legal obligations, and to resolve disputes.
Your California Privacy Rights
If you are a California consumer, you have the following rights under the CCPA/CPRA, subject to certain exceptions:
Right to know/access: You may request that we disclose the personal information we collected about you and how we used it.
Right to delete: You may request that we delete personal information we collected from you.
Right to correct: You may request that we correct inaccurate personal information we maintain about you.
Right to opt-out of sale/sharing: You may direct us not to sell or share your personal information. We do not sell or share personal information, but you may still submit a request.
Right to limit use of sensitive personal information: You may request that we limit the use and disclosure of sensitive personal information. (This right applies only if we collect sensitive personal information as defined by the CCPA/CPRA.)
Right to non-discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA/CPRA rights.
How to submit a request: Email us at [email protected]. We will respond within 45 days, subject to verification of your request where required or permitted by law.
Global Privacy Control (GPC): We honor opt-out preference signals sent through the Global Privacy Control where required under the CCPA/CPRA.
Contact Us
Surefaze Design
Email: [email protected]