Skip to main content
DigitalFamilyIT·AI·SEOAgency
Legal

Privacy Policy

Effective date: May 20, 2026

This Privacy Policy explains how Digital Family LLC ('we', 'us', 'our') collects, uses, discloses and protects personal information when you visit digital-family.ai or contact us. It is written to comply with the California Consumer Privacy Act as amended by the CPRA, the comprehensive state privacy laws operational in the United States as of May 2026, the California Online Privacy Protection Act (CalOPPA), the EU and UK GDPR, and other applicable laws.

1. Who we are

Digital Family LLC (trading as “Digital Family”) is a California limited liability company providing IT, AI and SEO services. For the purposes of the CCPA we are the “business” that determines the purposes and means of processing personal information collected through this Site. For the purposes of the GDPR we act as the “data controller” for personal data collected through this Site and as a “data processor” for personal data we process on behalf of clients under a separate Data Processing Agreement.

Legal entity: Digital Family LLC
Postal address: 1265 Rosecrans St, San Diego, CA 92106, United States
Contact: info@digital-family.ai

2. Information we collect

2.1 Information you provide

  • Contact form & brief submissions: name, work email, company, budget range and project brief, plus a timestamped record of your consent ticks.
  • Email correspondence and any files or attachments you choose to share with us by email or other channels.
  • Marketing opt-in: only if you tick the optional marketing checkbox, we add your email to our newsletter list (case studies, AI/SEO insights, occasional offers). You can unsubscribe at any time via the link in every email or by emailing us.
  • Engagement data: if you become a client, the contact details, contractual documents and project files needed to deliver the engagement.

2.2 Information collected automatically

  • Device and browser metadata (user agent, language, timezone).
  • Approximate location derived from IP address (city/region level).
  • Pages viewed, referrer, and aggregated interaction events (only with your analytics consent).
  • Server logs (IP, request path, status code, timestamp) kept for security and debugging.
  • Cookie identifiers (see our Cookie Policy).

2.3 CCPA categories of personal information collected (last 12 months)

  • Identifiers (Cal. Civ. Code §1798.140(v)(1)(A)): name, email, IP address, cookie IDs.
  • Customer records (§1798.140(v)(1)(B)): company name, billing details for clients.
  • Commercial information (§1798.140(v)(1)(D)): services discussed or purchased, project history.
  • Internet or other electronic network activity (§1798.140(v)(1)(F)): browsing on this Site, referrer, interaction with our emails.
  • Geolocation data (§1798.140(v)(1)(G)): approximate, IP-based only.
  • Professional or employment-related information (§1798.140(v)(1)(I)): job title, company, role — when you choose to share it in a brief.
  • Inferences (§1798.140(v)(1)(K)): basic preferences derived from your interactions, used only to improve responses to you.

We do not collect “sensitive personal information” as defined under the CCPA (e.g. SSNs, driver’s licence numbers, precise geolocation, biometric or genetic data, health data, or contents of email or text messages other than what you choose to send us).

3. Sources of personal information

  • You, when you fill in a form, email us, or engage us as a client.
  • Your device and browser, automatically, when you visit the Site.
  • Service providers acting on our behalf (e.g. our analytics provider).
  • Publicly available sources (e.g. your company website) when we research a prospective engagement.

4. Why we use personal information

We use personal information for the following business and commercial purposes:

  • To respond to enquiries and proposals you send us.
  • To deliver and improve our services and the Site.
  • To send marketing communications, only with your consent.
  • To comply with legal obligations (tax, accounting, anti-fraud, court orders).
  • To detect, prevent and address fraud, abuse and security issues.
  • To establish, exercise or defend legal claims.

We do not use your personal information for automated decisions that produce legal or similarly significant effects, and we do not engage in profiling of consumers under any state privacy law.

5. Legal bases (GDPR / UK GDPR)

  • Consent — for analytics cookies and marketing emails.
  • Performance of a contract — when you engage us for services or request a proposal.
  • Legitimate interests — to operate, secure and improve our Site, balanced against your rights.
  • Legal obligation — to comply with tax, accounting and other laws.

6. Disclosure of personal information & service providers

We do not sell personal information and we do not“share” personal information for cross-context behavioral advertising as those terms are defined under the CCPA. We have not done so in the preceding 12 months and we have no actual knowledge of selling or sharing the personal information of any consumer under 16 years of age.

We disclose personal information only to the following categories of recipients, each acting under written confidentiality and data-protection obligations as a “service provider” or “contractor”:

  • Hosting & infrastructure (DigitalOcean, LLC and our CDN/edge providers): host the Site, the API server and stored form submissions on our behalf.
  • Analytics (Google LLC — Google Analytics 4, property G-2286KPN22L, and Google Search Console): pseudonymous usage data, only when you consent to analytics cookies. IP addresses are processed by Google for the purposes of providing the analytics service.
  • Email delivery: our email provider transmits replies to you and, if you opt in, marketing emails.
  • Professional advisors: accountants, lawyers and auditors under confidentiality.
  • Authorities: when required by law, subpoena, or to protect our rights, property or safety, or that of others.
  • Successors: a buyer or successor in the event of a merger, acquisition, reorganisation or asset sale, with notice on this Site.

7. International transfers

We are based in the United States. Our service providers may also be located in the US, the EU, the UK or other regions. When personal data is transferred from the EEA, the UK or Switzerland to a country without an adequacy decision, we rely on Standard Contractual Clauses, the UK International Data Transfer Addendum, or another valid transfer mechanism. You may request a copy of the relevant safeguards by emailing us.

8. Data retention

We keep personal data only for as long as needed for the purposes described in this policy and to comply with legal obligations. Typical retention periods:

  • Contact-form submissions & project briefs: up to 24 months from last contact, then deleted or anonymised.
  • Email correspondence: up to 36 months for ongoing relationship management, then archived or deleted.
  • Marketing list: until you unsubscribe or 24 months of inactivity, whichever is sooner.
  • Client engagement records (contracts, invoices): for the duration of the engagement plus 7 years to comply with US tax and accounting law.
  • Server / security logs: up to 12 months.
  • Cookie consent record: up to 12 months from your choice, then we ask again.
  • Analytics data (Google Analytics 4): retained according to Google’s controls; we set user-level retention to 14 months.

9. Security

We implement reasonable technical and organisational measures designed to protect personal information from unauthorised access, disclosure, alteration or destruction, including TLS in transit, access controls, least-privilege administration, encrypted backups and routine patching. No method of transmission over the internet is 100% secure; in the event of a security incident affecting your personal information we will notify you and the relevant authorities as required by California Civil Code §1798.82 and other applicable state breach-notification laws.

10. Your privacy rights — US (multi-state)

Depending on your state of residence, you may have all or some of the following rights in respect of personal information we hold about you:

  • Right to know / access what personal information we have collected, the sources, the purposes, and the categories of recipients.
  • Right to delete personal information we hold about you, subject to legal exceptions.
  • Right to correct inaccurate personal information.
  • Right to data portability — receive a copy in a structured, commonly used and machine-readable format.
  • Right to opt out of sale or sharing of personal information (we do not sell or share — see Section 6).
  • Right to opt out of targeted advertising (we do not engage in targeted advertising).
  • Right to opt out of profiling that produces legal or similarly significant effects (we do not perform such profiling).
  • Right to limit use of sensitive personal information (we do not collect sensitive personal information).
  • Right of non-discrimination for exercising any of these rights.
  • Right to appeal a denial of any of these requests (see Section 12).

These rights apply, in the manner and to the extent set out in each statute, to residents of: California (CCPA / CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MTCDPA), Florida (FDBR), Iowa, Delaware, New Hampshire, Nebraska, New Jersey, Tennessee, Minnesota, Maryland, Indiana, Kentucky and Rhode Island. If you live in a state with a comprehensive privacy law that is not listed (for example, because it has just come into force), you may exercise equivalent rights and we will respond in line with that state’s requirements.

11. EU and UK rights (GDPR / UK GDPR)

If you are located in the EEA, the UK or Switzerland, you have the following rights: access, rectification, erasure, restriction of processing, data portability, objection, and withdrawal of consent at any time without affecting prior lawful processing. You may also lodge a complaint with your local supervisory authority (for example, the UK Information Commissioner’s Office at ico.org.uk).

12. How to exercise your rights

To exercise any of these rights, email info@digital-family.ai with the subject line “Privacy rights request”. Tell us which right you are exercising and which email address or other identifier we should match against.

  • Verification: for security, we verify your identity by matching the information you provide against what we already hold (typically the email address you have used with us, plus one additional data point). For sensitive requests we may ask for a signed declaration under penalty of perjury, as permitted by 11 CCR §7062.
  • Authorised agents: you may use an authorised agent to submit a request on your behalf. The agent must provide written, signed permission from you and we may still ask you to verify your identity directly.
  • Response time: within 45 calendar days (extendable by another 45 days where necessary, with notice to you) for California requests; within similar windows for other US state requests; within one month for GDPR requests.
  • Appeal: if we deny your request, you may appeal by replying to our response email. We will reach a decision within 60 days (Virginia, Colorado, Connecticut, Texas and other states with an appeal right). If your appeal is denied, you may contact your state Attorney General.
  • No fee: we do not charge a fee for the first verifiable request in any twelve-month period; manifestly unfounded or excessive requests may be refused or charged.

13. Global Privacy Control (GPC)

We treat a valid GPC browser signal as a request to opt out of any sale or sharing of personal information for the browser sending it, in line with the California Attorney General’s guidance and the equivalent requirements in Colorado, Connecticut and other states. Because we do not sell or share personal information for cross-context behavioral advertising in the first place, this signal does not change our processing, but it is honoured and logged.

14. Children’s privacy

Our services are intended for businesses. We do not knowingly collect personal information from children under 13 (under the Children’s Online Privacy Protection Act, COPPA) and we do not knowingly sell or share the personal information of consumers under 16 (under the CCPA). If you believe a child has provided us with personal information, please contact us so we can delete it.

15. Notice for California residents under CalOPPA

Under the California Online Privacy Protection Act (Cal. Bus. & Prof. Code §22575 et seq.) we disclose: this Site does not honour browser “Do Not Track” signals because no consensus standard exists, but it does honour the Global Privacy Control as described above. We do not allow third parties to collect personally identifiable information about your online activities over time and across third-party websites when you use this Site.

Shine the Light (Cal. Civ. Code §1798.83): California residents may once per year request a notice describing what categories of personal information we share with third parties for their direct marketing purposes. We do not currently share personal information with third parties for their own direct marketing.

16. Changes to this policy

We may update this Privacy Policy from time to time. The “Effective date” at the top of this page reflects the latest revision. Material changes will be notified by a notice on the Site or by email at least 15 days before they take effect, when we hold a valid email address for you.

17. Contact

Privacy questions, requests or complaints? Email info@digital-family.ai or write to Digital Family LLC, 1265 Rosecrans St, San Diego, CA 92106, United States.

Related legal documents

Questions about this document? Email us at info@digital-family.ai or write to Digital Family LLC, 1265 Rosecrans St, San Diego, CA 92106, United States.

This document is provided for transparency. It is not legal advice. If you need advice specific to your situation, please consult a qualified attorney.