Smart Web Ninja respects the privacy rights and data protection of EU citizens under the GDPR regulations. This policy outlines our compliance efforts and commitments.
Personal Data Collection
Smart Web Ninja collects data through:
- Contact forms - to respond to inquiries
- Checkout forms - to process orders
- Mailing list forms - to send opt-in communications
- Live chat - to address support needs
We collect names, emails, addresses, phone numbers, and payment information as needed for these purposes.
Temporary login cookies are used to detect browser cookie acceptance. Additional user account cookies store login info and preferences.
Sensitive financial data is encrypted and processed under PCI compliance standards.
The data Smart Web Ninja collects is used only to:
- Provide, maintain, and improve our services
- Process orders and payments
- Respond to inquiries and support needs
- Send mailing list or other communications based on consent
- Enhance website performance, security, and analytics
Data is not shared, sold or rented to third parties except to:
- Deliver our services (web hosts, processors like Stripe, etc)
- Add new customers to our mailing list via Zapier and ConvertKit
- Provide website backups via ManageWP for under 90 days
Smart Web Ninja implements appropriate technical and organizational measures to protect user data, including:
- Encryption of sensitive data
- Required strong passwords and 2FA access controls
- Restricted personnel data access
- Activity and change logging
- Secure backup and recovery systems
- Ongoing GDPR staff training
Most data is stored indefinitely to maintain records and service continuity. Website backups are kept for under 90 days.
Mailing list data is kept until the subscriber opts out or data becomes invalid.
Data Subject Requests
EU citizens can access, update, restrict, erase, or export their personal data by contacting us. Requests are processed within 30 days free of charge.
If a breach impacting EU user data occurs, Smart Web Ninja will notify affected users and the EU authority within 72 hours as per GDPR requirements.