Privacy Policy

Last updated: February 9, 2026

This Privacy Policy explains how we collect, use, store, and protect your personal and business data when you engage our web development services or use our website. By visiting our site or signing a service agreement, you agree to the terms described in this policy.

Data Collected

We collect data in two categories: Service Data, necessary to build and maintain your digital products, and Optional Data, which we collect only with your consent.

Service Data

Account & Project Data: Name, business email, phone number, billing address, and payment information. We also collect project-specific data such as hosting credentials, domain registrar logins, and brand assets provided by you.

Technical Data: IP address, browser type, device information, and website usage patterns via cookies to ensure our development tools and site function correctly.

Communication Data: Records of emails, project management comments (e.g., via Slack or Trello), and support requests.

Optional Data

With your consent, we may collect data for case studies (such as your business logo or testimonials), newsletter opt-ins, and responses to client satisfaction surveys.

Purpose of Data Collection

We use your data primarily to:

  • Deliver web development, design, and maintenance services.
  • Manage project timelines and facilitate communication.
  • Secure your website and hosting environment.
  • Comply with tax and legal obligations for B2B contracts.

With your consent, we may use your business name and project results in our portfolio or marketing materials. You may withdraw this consent at any time.

Data Sharing

We do not sell your data. We share information only with essential third-party partners:

  • Infrastructure: Secure hosting providers (e.g., Hetzner, Cloudflare) and domain registrars.
  • Payments: Secure processors such as Stripe for invoicing.
  • Tools: Project management and communication tools (e.g., Slack, Notion, or Calendly).
  • Analytics: We use Umami to improve our service delivery.

We ensure all partners comply with strict privacy standards and handle your data solely to fulfill the services you’ve hired us to perform.

User & Client Rights

You have the right to access, correct, or delete the personal data we hold. As a business client, you may also request the transfer of your project files and data (Data Portability) upon the conclusion of our contract.

If you are covered by the CCPA or GDPR, you have additional rights regarding data restriction and breach notification. To exercise these rights, contact us at privacy@oakpassdigital.com.

Data Security

We implement “Privacy by Design” in our development process:

  • Encryption: SSL/TLS encryption for all data transfers and encrypted storage for any client credentials.
  • Access Control: We use password managers and two-factor authentication (2FA) for all internal and client-related accounts.
  • Client Isolation: We ensure that data and environments for different clients remain strictly separated.

Data Retention

  • Project Files: We retain project code and assets for 3 years after project completion to provide ongoing support, unless you request immediate deletion.
  • Financial Records: Invoices and payment history are kept for 7 years for tax purposes.
  • Credentials: We recommend clients change all passwords after a project is handed over; however, we purge our records of your credentials within 60 days of contract termination.

Cookies and Tracking

We use essential cookies to manage your login sessions and secure our client portal. You can manage your preferences through our Cookie Settings or your browser.

Regional Compliance

Notice to California Residents: We comply with the CCPA regarding the collection and “sale” (sharing) of personal information.

Contact and Governance

Email: privacy@oakpassdigital.com

If we make significant changes to this policy, we will notify you by email. All updates take effect 30 days after notification.