Privacy Policy

Introduction.

This Privacy Policy explains what personal information SAVAGE PIXEL LLC("we", "us", "our") collects when you visit savagepixelseo.com, send us a message, or engage us for services, and what we do with that information. It also explains your rights under the EU/UK General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act as amended by the CPRA ("CCPA"), along with similar US state laws.

We do not sell personal information. We do not run advertising cookies. We do not use your data to train AI models. We collect the minimum we need to reply to you and run our business, and we delete it when we no longer need it.

Who we are (data controller).

For data we collect about you, SAVAGE PIXEL LLC is the data "controller" under the GDPR and a "business" under the CCPA. That means we decide why and how your data is processed, and we are accountable for it.

We are a small studio and we do not have a Data Protection Officer ("DPO") — our team is below the threshold that requires one. Privacy questions go directly to the people who run the company.

Data we collect.

We collect data in three ways: directly from you, automatically when you visit our site, and from third-party services we use to run the business.

Information you provide directly.

• Contact form & email: name, email address, company name, project scope, budget range, and any details you choose to share in the free-text field.
• Calls & meetings: notes we take during discovery calls (kept in our internal project management tool).
• Client onboarding: if you engage us, billing address, tax identification (where legally required), and access credentials to systems we'll be working on.

Information collected automatically.

• Server logs: IP address, browser type, operating system, referring URL, requested URL, response code, and timestamp. Retained 14 days, then deleted.
• Analytics: aggregated, anonymized page views via Plausible Analytics. No cookies, no fingerprinting, no cross-site tracking. See our Cookie Policy for details.

Information from third parties.

• Payment processors: if you pay us, our payment processor (Stripe) shares back a confirmation, last 4 of card, and country. We never see your full card number.
• Public sources: if we're evaluating a prospective engagement, we may look at your company website, LinkedIn, or other public information you've published.

Sensitive personal information.

We do not knowingly collect any of the categories the CCPA defines as "sensitive personal information" (such as Social Security numbers, precise geolocation, racial or ethnic origin, religious beliefs, union membership, health data, sex life or sexual orientation, biometric identifiers, or contents of private communications). If a client engagement requires us to handle any such data, we will sign a separate Data Processing Agreement before receiving it.

How we use your data.

• To respond to inquiries. Contact-form submissions exist so we can reply to you.
• To deliver services we're hired for. Client data is used to build the websites and run the SEO programs you engage us for.
• To invoice and accept payment. Billing info is used to issue invoices and accept payment through Stripe.
• To operate and secure the site. Server logs help us debug issues and identify attacks.
• To improve the site in aggregate. Anonymized analytics tell us which pages people read.
• To comply with legal obligations. Tax records, invoicing, and responses to lawful government requests.

We do not use your data for behavioral advertising, cross-context behavioral advertising, profiling that produces legal or similarly significant effects, training of AI models, sale to data brokers, or enrichment with third-party datasets.

Legal bases for processing (GDPR).

If you are located in the EU, UK, or another GDPR-equivalent jurisdiction, we process your personal data under the following legal bases (GDPR Article 6):

Cookies & tracking.

We use one essential session cookie and zero marketing or analytics cookies. We do not show a consent banner because consent is not required for strictly essential cookies under EU law. A full technical breakdown lives on our Cookie Policy page.

Who we share your data with.

We share personal data only with a small, named list of vendors who process data on our behalf. Each is bound by a written contract requiring confidentiality and GDPR-compliant data handling. Current sub-processors:

The full, current list of sub-processors — including any updates — lives on our Trust & Security page. We will notify active clients in writing at least 30 days before adding a new sub-processor that handles their data.

We may also disclose personal data when required by law (subpoena, court order, lawful government request) or to protect our rights, property, or safety, or those of others. Where we are legally permitted, we will notify you of any such request.

We have never sold or shared personal information for cross-context behavioral advertising within the meaning of the CCPA, and we have no plans to.

International data transfers.

We are based in the United States. If you are located outside the US (in the EU, UK, or elsewhere), your personal data will be transferred to and processed in the United States and other countries where our sub-processors operate.

For transfers of personal data from the EEA, UK, or Switzerland to the United States or other third countries, we rely on the following safeguards:

• Standard Contractual Clauses (SCCs): the European Commission's 2021 SCCs are in place with our sub-processors that transfer data outside the EEA.
• UK International Data Transfer Addendum: we apply the UK IDTA where personal data leaves the United Kingdom.
• Supplementary measures: encryption in transit, access controls, and minimum-necessary data sharing.

You can request copies of the relevant transfer safeguards by emailing privacy@savagepixelseo.com.

How long we keep your data.

You can request earlier deletion at any time using the rights described below — we will comply except where we are legally required to keep the data (mostly tax and accounting).

How we keep your data safe.

We apply reasonable technical and organizational measures to protect personal data against unauthorized access, loss, alteration, and disclosure. These include:

• HTTPS / TLS 1.2+ encryption for all data in transit.
• Encryption at rest for sensitive data stored with our sub-processors.
• Two-factor authentication on every account that touches client or visitor data.
• Principle of least privilege: team members only see data needed for their work.
• Regular security review of our sub-processors.

In the unlikely event of a data breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours of becoming aware, as required by GDPR Article 33 and applicable US state breach-notification laws. Full details on our Trust & Security page.

Your rights under GDPR.

If you are located in the EEA, UK, or Switzerland, you have the following rights regarding your personal data:

1. Right of access (Art. 15). Request a copy of the personal data we hold about you.
2. Right to rectification (Art. 16). Ask us to correct inaccurate or incomplete data.
3. Right to erasure (Art. 17). Ask us to delete your data (subject to legal-retention exceptions).
4. Right to restriction (Art. 18). Ask us to limit how we use your data while a request is being processed.
5. Right to data portability (Art. 20). Receive your data in a portable, machine-readable format.
6. Right to object (Art. 21). Object to processing based on legitimate interests.
7. Right to withdraw consent (Art. 7(3)). Where processing is based on consent, you can withdraw it at any time.
8. Right to lodge a complaint (Art. 77). If you believe we have mishandled your data, you can complain to your local supervisory authority.

To exercise any of these rights, email privacy@savagepixelseo.com from the address we have on file or with information sufficient to verify your identity. We will respond within 30 days. There is no charge.

Your rights under the CCPA / CPRA.

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you the following rights:

1. Right to know. Request the categories and specific pieces of personal information we have collected about you, the sources, the business purpose, and the categories of third parties we have shared it with, over the preceding 12 months.
2. Right to delete. Request deletion of personal information we have collected, subject to legal-retention exceptions.
3. Right to correct. Request correction of inaccurate personal information.
4. Right to opt out of sale or sharing. We do not sell personal information and do not share it for cross-context behavioral advertising. There is nothing to opt out of, but the right remains available.
5. Right to limit use of sensitive personal information. We do not knowingly collect sensitive personal information for any inferential purpose.
6. Right to non-discrimination. We will not charge you different prices or provide a different quality of service if you exercise any of these rights.

California residents may submit a verifiable consumer request by emailing privacy@savagepixelseo.com or calling +1 (912) 915-2590. You may also designate an authorized agent to make a request on your behalf; we will require written authorization and verify your identity directly.

We honor Global Privacy Control (GPC) signals as a valid opt-out request where applicable.

Other US state privacy rights.

If you are a resident of Colorado, Virginia, Connecticut, Utah, Texas, Oregon, Montana, or another US state with a comprehensive privacy law, you have substantially similar rights — to access, correct, delete, port your data, and opt out of targeted advertising or sale (neither of which we do).

To exercise any of these rights, contact us at privacy@savagepixelseo.com. We do not discriminate against residents who exercise their rights. You may appeal a denied request by replying to our response with the word "appeal" in the subject line.

Children's privacy.

This site and our services are not directed at children under 16, and we do not knowingly collect personal information from children under 16 — including data covered by the US Children's Online Privacy Protection Act (COPPA) for children under 13.

If you believe we have inadvertently collected data from a child, contact us at privacy@savagepixelseo.com and we will delete it.

Automated decision-making.

We do not subject you to decisions based solely on automated processing — including profiling — that produce legal or similarly significant effects. A human reviews every contact-form submission, every engagement decision, and every billing action.

Changes to this policy.

We review this policy at least once a year, and update it whenever we materially change how we collect or use data. The "Last updated" date at the top of this page is authoritative. We will keep prior versions on request.

For material changes that affect existing clients or EU/UK/California residents, we will notify the affected people by email at least 30 days before the change takes effect. Continued use of the site after the effective date constitutes acceptance of the updated policy.

How to contact us.

For any privacy question, request, or complaint: