Privacy Policy

1. Who we are and how to contact us

The data controller responsible for personal information collected through the Website is:

Design Digital Studios — FZE
Trade name: DesignDigitalStudios
Registered address: [Registered Office Address], United Arab Emirates
Represented by: Syed Umar Ahmed, Proprietor
Privacy contact email: privacy@designdigitalstudios.com
Website: designdigitalstudios.com

For all privacy-related questions, requests, or complaints, please contact us at the email address above. Where we act as a data processor on behalf of a client, please contact that client first; we will support their response.

2. Scope of this Policy

This Policy applies to personal information we collect or process in connection with:

• Your use of the Website and any pages, forms, or features hosted on it;
• Communications you initiate with us (email, contact forms, scheduling links, phone, messaging applications, social platforms, or in-person meetings);
• Discovery meetings, sales conversations, proposals, onboarding questionnaires, and project intake;
• Performance of our Services for clients under a separately executed Service Agreement;
• Marketing emails, newsletters, podcast or video appearances, and content distribution.

This Policy does not apply to: (a) third-party websites or platforms we link to or appear on; (b) information our clients independently collect from their own customers, prospects, or website visitors; or (c) personal information processed by our clients on platforms they own and operate (such as their own YouTube channel, CRM, email platform, or website). Those activities are governed by the privacy policies of those clients and platforms.

3. Information we collect

3.1 Information you provide directly

• Identifiers and contact data: name, business name, business email address, business phone number, mailing address, professional title, firm or RIA name, registration or licensing references you choose to share, and similar professional identifiers.
• Discovery and onboarding information: answers you provide on intake forms, questionnaires, discovery calls, scoping conversations, and project briefs, including descriptions of your practice, ideal client, services, niche, competitors, content goals, and review process.
• Brand and content materials: headshots, logos, brand colors, fonts, written or recorded content, scripts, interview recordings, video recordings, audio recordings, captions, written commentary, and similar creative inputs.
• Account access information: login credentials, access tokens, or shared editor permissions you elect to grant to platforms such as YouTube, LinkedIn, Instagram, TikTok, podcast hosts, scheduling tools, or other publishing platforms, where you have asked us to manage publishing on your behalf.
• Billing and payment information: billing name, billing address, invoice details, and the records of completed transactions. Card and bank-account information is collected and processed by our payment processor (Stripe). We do not store full card or bank-account numbers on our servers.
• Communications: the content of emails, messages, calls, voicemails, recorded meetings (where lawfully recorded with notice), screenshots, and feedback you choose to share.
• Marketing preferences: subscription preferences, opt-ins, opt-outs, and engagement signals you provide.

3.2 Information collected automatically

When you visit the Website, certain information is collected automatically by us and by third-party services we use:

• Device and browser data: IP address, browser type and version, operating system, device type, screen resolution, language preference, and time zone.
• Usage data: pages visited, referring and exit pages, dwell time, click paths, scroll behavior, search terms entered on the Website, and similar interaction data.
• Cookies and similar technologies: see Section 7 for details.
• Approximate location: derived from your IP address (typically at the city or region level).

3.3 Information from third parties

• Public professional information: publicly listed business information, professional bios, press mentions, and publicly accessible posts on professional platforms (such as LinkedIn) that we use for outbound outreach, qualification, or proposal preparation.
• Referral information: if you are introduced to us by a mutual contact, partner, podcast host, or existing client, we may receive your name, contact details, and the context of the introduction.
• Service providers: our analytics, advertising, scheduling, email, payment, and hosting providers may share information with us as described in their own privacy policies.

4. Sources of information

The categories described in Section 3 come from: (a) you, directly; (b) automated collection on the Website; (c) third-party platforms and tools we use to operate our business; and (d) publicly available professional sources.

5. How we use information

We use personal information for the following purposes:

1. Operating the Website — serving pages, maintaining performance, security, and basic functionality.
2. Responding to inquiries — replying to contact-form submissions, email, and scheduling requests.
3. Delivering the Services — producing, scripting, editing, scheduling, distributing, and reporting on content under a Service Agreement, including all activities described in Section 1 of that Agreement.
4. Billing and payments — invoicing, collecting fees, processing refunds where applicable, and maintaining accounting records.
5. Communications — sending operational messages (onboarding, project updates, performance reports, scheduling confirmations) and, where you have opted in or where permitted by applicable law, marketing communications.
6. Improving our Services — analyzing aggregated usage patterns, refining content frameworks, and improving the operating cadence we deliver to clients.
7. Marketing and case studies — promoting our work, with appropriate consent or contractual permission, including portfolio use and case-study citation as outlined in our standard Service Agreement.
8. Compliance and legal obligations — complying with applicable laws, responding to lawful requests, enforcing our agreements, defending against claims, and exercising our legal rights.
9. Security and fraud prevention — detecting, preventing, and investigating fraudulent, unauthorized, or harmful activity.

We do not sell personal information for monetary consideration. See Section 15 for details applicable to California residents.

6. Legal bases for processing (EEA, UK, Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the legal bases on which we process your personal information are:

• Contract — processing necessary to take steps before entering into, or to perform, a contract with you (for example, delivering the Services).
• Legitimate interests — operating our business, marketing our Services to professional audiences, securing the Website, preventing fraud, and similar interests that are not overridden by your rights and freedoms.
• Consent — for non-essential cookies, marketing emails where required by law, and any other processing for which we ask for your consent. You may withdraw consent at any time.
• Legal obligation — complying with applicable law, regulatory requests, or court orders.

7. Cookies, analytics, and tracking technologies

The Website uses cookies and similar technologies (such as pixels, web beacons, local storage, and tags) to operate, secure, and improve the site, to understand how visitors use it, and to support our marketing.

The categories of cookies we may use include:

• Strictly necessary cookies — required for the Website to function, including session, security, and load-balancing cookies.
• Functional cookies — remembering preferences such as language, region, or form inputs.
• Analytics cookies — helping us understand aggregated usage patterns (for example, through providers such as Google Analytics or comparable services).
• Advertising cookies — supporting marketing measurement and audience building on platforms we may use, such as LinkedIn, YouTube, Google, or similar networks.

You can control cookies through your browser settings, through the cookie preference controls we may make available on the Website, or through third-party opt-out tools such as the Digital Advertising Alliance opt-out, the European Interactive Digital Advertising Alliance opt-out, and the Network Advertising Initiative opt-out. Disabling certain cookies may affect Website functionality.

8. How we share and disclose information

We share personal information only as described in this Policy and as permitted or required by applicable law. The categories of recipients are:

• Service providers and processors acting on our instructions (see Section 9).
• Our team and contractors who need access to perform the Services, all under written confidentiality and data-handling expectations.
• Professional advisors — legal counsel, accountants, auditors, and similar advisors, where reasonably necessary.
• Authorities — law enforcement, regulators, courts, and similar bodies where required by law, court order, or to protect the rights, property, or safety of any person.
• Business transfers — in connection with a merger, acquisition, financing, reorganization, sale of assets, or insolvency, your information may be transferred as part of the transaction or proceedings, subject to confidentiality obligations.
• With your direction or consent — for example, when you ask us to publish content under your name on platforms you operate or to which you have granted us access.

We do not sell or rent personal information for monetary consideration. We do not share personal information with third parties for their independent direct marketing without your consent.

9. Third-party service providers we use

To operate the Website and deliver the Services, we use third-party providers across the following categories. Each provider has its own privacy policy and security practices. We choose providers we consider reputable and we maintain agreements with them where appropriate.

• Website hosting and content delivery — for serving the Website and protecting it from malicious traffic.
• Payment processing — Stripe, for credit-card and similar payment processing. Stripe processes payment data under its own terms and privacy notice.
• Analytics — for measuring traffic and usage of the Website.
• Email delivery and marketing — for sending operational emails, newsletters, and marketing communications.
• Customer relationship and project management — for managing prospect, client, and project records.
• Scheduling — for booking discovery meetings and check-in calls.
• Video conferencing and messaging — for conducting calls, recording approved sessions, and exchanging messages.
• File storage and collaboration — for transferring and storing content production materials.
• Advertising platforms — such as LinkedIn, Google, YouTube, and similar platforms where we run paid campaigns.

A current list of subprocessors will be provided to clients on request.

10. International data transfers

Design Digital Studios — FZE is established in the United Arab Emirates. Our clients are primarily located in the United States and Canada. Our service providers may store or process personal information in the United States, the European Economic Area, the United Kingdom, the United Arab Emirates, India, the Philippines, or other jurisdictions.

Where personal information is transferred from the EEA, the UK, or Switzerland to a country that has not received an adequacy decision, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Agreement or Addendum, supplementary measures where required, or your explicit consent. You may request a copy of the relevant safeguards by writing to us at the privacy contact in Section 1.

11. Data retention

We retain personal information only for as long as necessary for the purposes described in this Policy and as required to comply with our legal, accounting, or reporting obligations. Typical retention periods are:

• Prospect inquiries and discovery records: up to 24 months from last interaction, unless you ask us to delete them earlier.
• Active client records (including produced content, scripts, briefs, and communications): for the duration of the engagement and up to 7 years after termination, to support recordkeeping and to defend against potential claims.
• Billing and tax records: for the period required by applicable law (typically 5 to 10 years).
• Marketing list data: until you unsubscribe or until the data is no longer relevant.
• Website analytics data: typically 14 to 26 months in third-party analytics tools, depending on the provider's defaults.

When we no longer need personal information, we delete it, anonymize it, or restrict its further processing.

12. Information security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include access controls, encryption in transit, vendor due diligence, password discipline, and limiting access to personnel and contractors who need it to perform the Services.

No method of transmission over the internet or method of electronic storage is fully secure. While we work to protect personal information, we cannot guarantee absolute security. Please use secure means to share sensitive materials with us and notify us immediately at privacy@designdigitalstudios.com if you believe your interaction with us has been compromised.

13. Client business information and end-customer data

Our Services are designed around the client's professional expertise, opinions, and educational content. We do not request, and we ask our clients not to share with us, the nonpublic personal information ("NPI") of their end customers, prospects, or clients.

"NPI" includes the kinds of information regulated under the United States Gramm-Leach-Bliley Act and SEC Regulation S-P, the Health Insurance Portability and Accountability Act, the Internal Revenue Code's Section 7216 protections for tax-return information, the Fair Credit Reporting Act, and similar U.S. and international privacy regimes.

If a client's interview material or supporting documents incidentally contain NPI, the client is responsible for redacting that information before sharing it with us. We will treat any incidentally disclosed NPI as strictly confidential, will not retain it beyond what is necessary, and will not use it for any purpose other than producing the deliverables requested under the Service Agreement. Where a client requires us to act as a "service provider" or "processor" with respect to specific personal information, the parties will execute a separate written data-processing addendum before that processing begins.

14. Your privacy rights

Depending on where you live, you may have the following rights:

• Access — request a copy of personal information we hold about you.
• Correction — ask us to correct inaccurate or incomplete information.
• Deletion — ask us to delete personal information, subject to exceptions for legal, accounting, or recordkeeping obligations.
• Portability — receive a copy of your information in a portable format.
• Restriction or objection — ask us to restrict or object to certain processing.
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
• Opt out of marketing — unsubscribe from marketing emails using the link in any message or by writing to us.
• Lodge a complaint — with the relevant supervisory authority in your jurisdiction.

To exercise any right, contact us at privacy@designdigitalstudios.com. We may need to verify your identity before responding. We aim to respond within 30 days, or sooner where required by law.

15. California residents (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA").

15.1 Categories of personal information

In the past 12 months, we may have collected the following CCPA/CPRA categories of personal information: identifiers; commercial information; internet or other electronic network activity information; geolocation data (approximate); professional or employment-related information; and inferences drawn from these categories. We may have collected these categories from the sources described in Sections 3 and 4 and used them for the purposes described in Section 5.

15.2 Sale and sharing of personal information

We do not sell personal information for monetary consideration. We do not knowingly "share" personal information for cross-context behavioral advertising as those terms are defined under California law without an applicable opt-out mechanism. To the extent any cookie or pixel on the Website triggers such "sharing," you may opt out by adjusting your cookie preferences or by submitting the request described below.

15.3 Sensitive personal information

We do not use or disclose sensitive personal information for purposes that would require us to offer a "limit the use of sensitive personal information" right under California law.

15.4 Your California rights

• Right to know what personal information we collect, use, and disclose.
• Right to delete personal information.
• Right to correct inaccurate personal information.
• Right to opt out of the sale or sharing of personal information.
• Right to limit the use and disclosure of sensitive personal information.
• Right to non-discrimination for exercising these rights.

15.5 How to submit a request

Submit California requests to privacy@designdigitalstudios.com. Authorized agents may submit requests on your behalf with proof of authorization and verification of your identity.

15.6 Shine the Light

California Civil Code Section 1798.83 permits California residents to request information about disclosures of personal information to third parties for those parties' direct marketing purposes. We do not disclose personal information for third-party direct marketing purposes covered by this section.

16. EEA, UK, and Switzerland residents (GDPR/UK GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the rights described in Section 14 are available to you under the EU General Data Protection Regulation, the UK GDPR, the Swiss Federal Act on Data Protection, and related laws. You also have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or place of an alleged infringement. Our legal bases for processing are described in Section 6, and details of international transfers and safeguards are described in Section 10.

If you would like to designate an EU or UK representative, please contact us; we will assess and respond as required by applicable law.

17. Canada residents (PIPEDA and provincial laws)

If you are a resident of Canada, your personal information is handled in line with the Personal Information Protection and Electronic Documents Act ("PIPEDA") and applicable provincial privacy laws (such as Quebec's Law 25, Alberta's PIPA, and British Columbia's PIPA). You have the right to access and correct your personal information and to withdraw consent, subject to legal and contractual restrictions.

For commercial electronic messages, we comply with Canada's Anti-Spam Legislation ("CASL") and obtain consent or rely on a valid permitted basis where required. To unsubscribe, use the link in any commercial message or contact us directly.

18. Children

The Website and the Services are intended for business and professional audiences. We do not knowingly collect personal information from children under 16. If you believe a child has provided personal information to us, please contact us at privacy@designdigitalstudios.com and we will delete it.

19. Do Not Track and Global Privacy Control

Some browsers transmit "Do Not Track" or "Global Privacy Control" signals. Where we are required by law to honor a recognized opt-out preference signal (such as a Global Privacy Control signal), we will treat it as a valid request to opt out of the sale or sharing of personal information for the browser or device transmitting it. We do not otherwise respond differently to "Do Not Track" signals because there is no consensus standard.

20. Third-party websites and links

The Website may contain links to third-party websites, platforms, social-media pages, podcast hosts, scheduling tools, and other resources. We do not control and are not responsible for the privacy practices or content of those third parties. Review their privacy notices before using them.

21. Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices, services, technology, legal requirements, or for other operational reasons. The "Last updated" date at the top of this page indicates when the Policy was last revised. Material changes will be communicated by posting a notice on the Website or by other reasonable means. Your continued use of the Website or Services after the updated Policy takes effect constitutes acceptance of the updated Policy.

22. How to contact us about privacy