Last Updated: July 1, 2025
Plain-Language Snapshot
• We collect only the business + contact info we need to talk with you and deliver services.
• We use analytics + marketing pixels to understand traffic and improve performance.
• Client data stays yours; we access it only to do the work you’ve asked for.
• Please do not send PHI unless we’ve signed a BAA.
• You can request access, correction, deletion (subject to legal/contract limits), and marketing opt‑outs.
• Contact us anytime at hello@winterlessdigitalmarketing.com.
1. Scope
This Privacy Policy explains how Winterless Digital, LLC (“Winterless,” “we,” “us”) collects, uses, shares, and protects information when you:
- Visit our websites, landing pages, or microsites;
- Submit forms, book calls, download resources, or subscribe to communications;
- Engage us for marketing, creative, or consulting services; or
- Communicate with us by email, messaging platforms, support tickets, or project tools.
If a signed agreement with you includes privacy or data terms that conflict with this Policy, the signed agreement controls for that engagement.
2. Information You Provide
We collect information you submit directly, such as name, company, role/title, email, phone, billing contact + address, project notes, goals, platform access credentials, and uploaded files (logos, creative assets, data exports). These materials may contain personal information if you include it.
3. Data in Client Systems We Access
To deliver services you may authorize us to access your ad accounts, analytics, CMS, CRM, scheduling, reputation, or marketing automation platforms. Data in those systems may include campaign metrics, user IDs, lead form submissions, and limited customer or patient contact details. We use that data only to perform the services you’ve requested and according to your instructions. You retain ownership of data in your systems.
4. Payment Information
We use third‑party payment processors (e.g., Stripe) to collect payments. We do not store full payment card numbers on our servers. The processor’s own privacy and security terms apply when you submit payment information.
5. Communications & Support Data
If you email us, schedule calls, or open support requests, we may store the content of those communications (including attachments) in our project tools and email systems so we can respond, track work, and improve service.
6. Information Collected Automatically
When you visit our sites we (and service providers) may automatically collect: IP address, device + browser info, referring/exit pages, pages viewed, timestamps, approximate location inferred from IP, and interaction data (scrolls, clicks, downloads). We use cookies, pixels, tags, local storage, and similar technologies to support site functionality and measure performance.
6.1 Cookies & Similar Technologies
- Essential cookies support site login, security, and form submission.
- Analytics cookies help us understand traffic patterns and site usage.
- Marketing pixels (from platforms like Meta or Google) help us measure ad effectiveness and reach similar audiences.
You can control cookies through browser settings; disabling some may affect site functionality.
7. How We Use Information
We use the information described above to:
- Respond to inquiries and provide proposals;
- Deliver and manage marketing + consulting services under contract;
- Configure and optimize campaigns, websites, and creative assets;
- Provide reporting and strategic recommendations;
- Invoice and process payments;
- Improve our websites, content, and offerings;
- Enforce agreements, secure systems, and prevent fraud;
- Comply with legal, tax, and accounting obligations.
8. Legal Bases for Processing (EEA/UK)
Where GDPR or UK GDPR applies, our legal bases include: (a) Contract necessity; (b) Legitimate interests (service improvement, security, portfolio reference where permitted); (c) Consent (for certain marketing outreach); and (d) Legal obligations.
9. How We Share Information
We share data only as needed and with appropriate safeguards:
- Service Providers / Sub processors – Hosting, email delivery, CRM, scheduling, analytics, payments, and advertising platforms that process data on our behalf. We require them to handle data responsibly. A current list is available on request; we will notify active clients before materially adding processors that handle client data.
- At Your Direction – When you ask us to connect platforms, import contact lists, or coordinate with another vendor, we will share the necessary data.
- Legal / Safety – To comply with law, regulation, subpoena, or court order; to protect rights, property, or safety; or to detect and prevent fraud or abuse.
- Business Transfers – If we undergo a merger, acquisition, financing, or asset sale, information may transfer as part of that transaction, subject to this Policy.
10. Confidentiality of Client Information
We treat nonpublic client information as confidential and use it only to perform contracted services or as required by law.
11. Data Security
We use administrative, technical, and physical safeguards appropriate to the sensitivity of the data involved: role‑based access, MFA where available, secure password handling, periodic access reviews, and vendor diligence. No system is perfectly secure; please grant least‑privilege access and revoke it when work ends.
12. Data Retention
We retain client project data for as long as the engagement remains active and for a reasonable period afterward (generally 12–24 months) to support historical reporting, continuity, and legal recordkeeping. We may retain aggregated or anonymized data for analytics. If you want data deleted sooner, contact us—unless law or contract requires retention, we’ll accommodate reasonable requests.
13. PHI / HIPAA Notice
We do not intentionally collect or store Protected Health Information (PHI). If your project requires PHI, we must sign a BAA and confirm technical safeguards before any PHI is shared. Otherwise, provide only de‑identified or aggregated data.
14. Your Privacy Choices & Rights
Depending on your location, you may have rights to:
- Request a copy of information we hold about you;
- Ask us to correct inaccurate data;
- Request deletion (subject to legal/contract limits);
- Opt out of marketing emails using the unsubscribe link;
- Manage cookies/targeting via browser tools or site banners where available.
To exercise a right, email hello@winterlessdigitalmarketing.com with “Privacy Request” in the subject line. We may need to verify your identity before acting.
15. Do Not Track / Global Privacy Control
Browsers and extensions may send Do Not Track (DNT) or Global Privacy Control (GPC) signals. Our systems do not currently respond to DNT signals. We will honor legally required GPC or similar opt‑out preference signals as our tooling supports them.
16. Children’s Privacy
Our services target businesses, not children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided information, contact us and we will delete it.
17. International Transfers
If you are outside the United States, your information may be processed in the U.S. or other countries with different data protection laws. Where legally required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for cross‑border transfers.
18. Changes to This Privacy Policy
We may update this Policy from time to time. We’ll revise the “Last Updated” date above and notify active clients of material changes (e.g., new categories of data, new sharing practices) at least 15 days before they take effect.
19. Contact
Privacy questions, data requests, or other concerns:
Email: hello@winterlessdigitalmarketing.com
Mail: Winterless Digital, LLC
1 SE Ocean Blvd.
Stuart, FL 34994
USA
