Política de Privacidad

1. Scope

This Privacy Policy explains how Digital Elephant (“we,” “our,” “us”) collects, uses, discloses, and safeguards personal information obtained through digitalelephant.com or any communication you initiate with us while you are located in the United States. The site is purely informational; all commercial engagements occur through separate, offline agreements. The policy is designed to satisfy the Federal Trade Commission Act and industry best practices as well as the requirements of state privacy laws now in force—including, without limitation, California’s Consumer Privacy Rights Act (CPRA), Virginia’s Consumer Data Protection Act (VCDPA), Colorado’s Privacy Act (CPA), Connecticut’s Data Privacy Act (CTDPA), Utah’s Consumer Privacy Act (UCPA), Oregon’s Consumer Privacy Act (OCPA), and Texas’s Data Privacy and Security Act (TDPSA).

2. Information We Collect

We may collect:

• Identifiers such as your name, email address, telephone number, and Internet Protocol (IP) address.

• Internet or network activity such as the pages you view, the links you click, the date and time of each visit, referring URLs, and general device information.

• Professional or employment-related information (for example, job title or company) if you choose to provide it in a contact form.

• Coarse geolocation (city and state) inferred from your IP address.

We do not intentionally collect sensitive personal data, precise geolocation, Social Security numbers, or information about children under 13. The site is not directed to children, and we do not knowingly collect information from any person under 13 years of age.

3. How We Use Personal Information

We use personal information only for the following purposes:

1. Operating and securing the website.

2. Responding to your inquiries and providing pre-contractual information you request.

3. Improving site performance through analytics that help us understand traffic patterns.

4. Sending marketing communications if—and only if—you have expressly opted in to receive them.

5. Complying with applicable laws, preventing fraud, and protecting our rights or the safety of others.

4. Cookies and Global Privacy Control

The site deploys essential cookies for basic functionality, preference cookies to remember your settings, and analytics cookies (for example, Google Analytics with IP anonymization). You can block non-essential cookies through the cookie banner. We also honor the browser-based Global Privacy Control (GPC) signal as a universal opt-out where state law requires us to do so.

5. Disclosures of Personal Information

We disclose information only in these circumstances:

• Service providers. We share data with trusted vendors—such as hosting, security, analytics, and email platforms—under contracts that forbid them to use the information for any purpose other than providing services to us.

• Legal or safety reasons. We may disclose data to comply with a court order or other legal requirement, to protect our rights, or to prevent harm.

• Corporate transactions. Information may be transferred in connection with a merger, asset sale, or similar transaction.

We do not “sell” personal information or “share” it for cross-context behavioral advertising under any state definition.

6. Your Privacy Rights

Depending on your state of residence, you may have the right to:

• Access the personal information we hold about you.

• Delete that information.

• Correct inaccuracies.

• Opt out of the sale of personal data, the sharing of data for targeted advertising, and certain forms of profiling.

• Appeal if we deny your request.

To exercise any right, email legal@digitalelephant.us, we will verify your identity (and, if relevant, the authority of your agent) and respond within the timeframe required by law, usually 45 days.

7. Data Security

We maintain administrative, technical, and physical safeguards consistent with the NIST SP 800-53 moderate control set. Measures include TLS 1.3 encryption in transit, AES-256 encryption at rest, multifactor authentication, role-based access controls, continuous monitoring, and annual penetration testing. No system is perfectly secure, but we use commercially reasonable efforts to protect your information.

8. Data Retention

We retain personal information only as long as necessary to fulfill the purposes set forth in this policy, to comply with legal obligations, to resolve disputes, and to enforce our agreements. Routine inquiry records are kept for up to 24 months; security logs are retained for no longer than 12 months, unless a longer period is required by law or necessary for legal reasons.

9. International Visitors

Our servers are located in the United States. If you visit the site from outside the U.S., your information will be transferred to, stored, and processed in the United States. By continuing to use the site, you consent to that transfer.

10. Changes to This Policy

We may revise this Privacy Policy at any time. When we do, we will post the updated version with a new “Last updated” date. If changes materially alter your rights, we will provide additional notice, for example by email or a banner on the home page. Continued use of the site after an update constitutes acceptance of the revised policy.

11. Acceptance

By using digitalelephant.com or by providing information to us, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, please do not use the site or submit personal information.