1. Scope & Roles
This Policy applies to our websites, products, and services (the "Services"). For data processed through our consent platform on behalf of a customer (e.g., consents, preferences, webhooks), we act as a data processor/service provider. For our own website analytics, marketing, and account management, we act as a controller/business.
2. Data We Process
Account & Billing
Name, email, company, role, billing contact, plan, and transaction details.
Product Usage
Log and telemetry data (IP, user agent, request metadata, timestamps) to secure and improve Services.
Consent Records (Customer Data)
Email or other identifiers, consent status, source, and optional metadata (e.g., campaign, locale). Processed under customer instructions.
Support
Content of tickets, attachments, and contact details to resolve issues.
SDK & Webhooks. Our SDKs avoid collecting sensitive categories by default. Webhook payloads are signed and include identifiers required for your integration. See SDKs and Webhooks.
3. How We Use Data
- Provide, maintain, and secure the Services
- Operate consent capture, syncing, and audit logs on your behalf
- Detect, prevent, and investigate fraud or abuse
- Comply with legal obligations and enforce agreements
- Communicate product updates and marketing (with your consent or as permitted by law)
- Research and improve features, including anonymized or aggregated analytics
4. Legal Bases (EEA/UK)
| Purpose | Legal basis |
|---|---|
| Provide the Services | Contract performance |
| Security & fraud prevention | Legitimate interests |
| Marketing communications | Consent / Legitimate interests (B2B) |
| Compliance (tax, record‑keeping) | Legal obligation |
7. Security
- Encryption in transit and at rest
- Least‑privilege access controls and audit logging
- Signed webhooks and delivery retries with idempotency
- Secure SDLC and vulnerability management
No method of transmission or storage is 100% secure. We continuously improve our safeguards and notify customers of material incidents as required by law and contract.
8. Retention
We retain personal data only as long as necessary for the purposes described, to comply with legal obligations, or to resolve disputes. Customers may configure retention for consent logs where available.
9. Your Rights
| Region | Your rights | How to exercise |
|---|---|---|
| EEA/UK (GDPR) | Access, rectification, erasure, restriction, portability, objection, withdraw consent | Use the Data Request form or email privacy@whistlerdigital.com. |
| US (CCPA/CPRA) | Know, delete, correct, limit use of sensitive data, opt‑out of sale/sharing | Use the Data Request form. We do not sell personal data. |
| Other | We honor applicable local rights | Contact us and we will assist. |
When we act as a processor, we will forward requests to the relevant customer/controller and assist as required.
10. Children
Our Services are not directed to children under 16 and we do not knowingly collect such data. If you believe a child provided data to us, contact us and we will take appropriate action.
11. Changes to this Policy
We may update this Policy. We will post the new version here and, if changes are material, notify you via product notice or email.
12. Contact
Email: privacy@whistlerdigital.com
Mailing: Whistler Digital — Privacy, 123 Example Street, Example City
If we are unable to resolve your concern, you may have the right to contact your local data protection authority.