Loading...
Loading...
Amity Website Design — How We Collect, Use & Protect Your Data
Contact form data, analytics usage data, and temporarily — client credentials needed to perform project work.
We do not sell, rent, or trade your personal data. We do not run ad campaigns targeting visitors of this site.
Google Analytics 4 and Meta Pixel are used for analytics and marketing measurement. Both are fully disclosed below.
Amity Website Design, operated by its principal owner in Martha's Vineyard, Massachusetts (“we,” “us,” or “our”), is the data controller responsible for personal data collected through this website (amitywebsitedesign.com, the “Site”) and through the provision of our professional services.
This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, who we share it with, and what rights you have. It applies to:
This Policy does not apply to third-party websites we may link to. Those sites operate under their own privacy policies.
Our services are directed primarily at individuals and businesses in the Martha's Vineyard and greater Massachusetts area. If you are located outside the United States — including in the European Economic Area (EEA) or United Kingdom — your data will be transferred to and processed in the United States. By using our Site or services, you acknowledge this transfer. Where applicable, we extend data subject rights consistent with the GDPR as described in Section 11.
When you submit a contact form or otherwise contact us, we collect your name, email address, phone number, business name, website URL (if provided), and message content. This data is used solely to respond to your inquiry and evaluate potential projects.
When you visit our Site, data is automatically collected by our analytics tools (Sections 6 & 7), including:
Clients share business information, project briefs, content, and other materials necessary to complete work. We process this data solely to perform the agreed services.
Clients sometimes share hosting, domain registrar, CMS, and other credentials to allow us to perform project work. See Section 9 for full disclosure of how we handle this sensitive data.
We retain records of email correspondence and project communications for the duration of the client relationship and as required for legal and accounting purposes.
We do not collect payment card numbers directly — all payment processing is handled by third-party processors (Section 8.3). We do not collect Social Security numbers, government IDs, biometric data, or health information. We do not knowingly collect data from individuals under 18.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Responding to inquiries and evaluating projects | Contact form data, communications | Legitimate interest; pre-contractual steps |
| Performing project work under a signed agreement | Client data, credentials | Contract performance |
| Sending project updates, invoices, communications | Name, email, phone | Contract performance; legitimate interest |
| Analyzing site traffic and improving user experience | Usage data, analytics cookies | Legitimate interest (consent for EU visitors) |
| Measuring advertising effectiveness | Meta Pixel data, usage data | Legitimate interest (consent for EU visitors) |
| Complying with legal obligations | All relevant data | Legal obligation |
| Protecting our rights and the rights of third parties | All relevant data | Legitimate interest; legal obligation |
We do not sell, rent, lease, or trade your personal data to any third party for their independent use, marketing purposes, or financial gain.
We do not send unsolicited marketing emails. Service-related updates to existing clients are sent only where necessary. You may opt out at any time by contacting us at the address in Section 16.
Cookies are small text files placed on your device by a website. They allow the site to recognize your browser and remember certain information. Disabling certain cookies may affect Site functionality.
| Category | Purpose | Can Be Disabled? |
|---|---|---|
| Strictly Necessary | Required for core Site functionality — security, session management, form submissions. | No — required |
| Analytics | Google Analytics 4 cookies for understanding traffic and improving the Site. See Section 6. | Yes |
| Marketing / Advertising | Meta Pixel cookies for measuring advertising effectiveness. See Section 7. | Yes |
| Functional / Preference | Remember user preferences. Set by WordPress for administrators and form functionality. | Yes |
You can manage or disable cookies through your browser settings:
We use Google Analytics 4, a web analytics service by Google LLC. GA4 helps us understand how visitors interact with our Site — which pages are most visited, where visitors come from, and how they navigate. This information helps us improve Site content and user experience.
| Cookie | Purpose | Expiry |
|---|---|---|
_ga | Unique Client ID to distinguish visitors; calculates visits, sessions, and campaigns. | Up to 2 years |
_ga_<id> | Stores and updates session state: session ID, count, and engagement. | Up to 2 years |
_gid | Differentiates users within a single day; resets daily. | 24 hours |
_gat / _dc_gtm_<id> | Throttles request rate. Set by Google Tag Manager. | 1–10 minutes |
_ga, _gid, and related cookies in your browser settings.For more on how Google uses this data: How Google uses information from our site.
We use the Meta Pixel, a tracking tool provided by Meta Platforms, Inc. It allows us to measure the effectiveness of any advertising campaigns we run on Facebook and Instagram, and to understand actions taken on our Site.
| Cookie | Type | Purpose | Expiry |
|---|---|---|---|
_fbp | First-party | Browser identification for ad targeting and measurement. | 90 days |
_fbc | First-party | Stores Facebook Click ID from fbclid URL parameter. | 90 days |
fr | Third-party (facebook.com) | Primary Facebook advertising cookie for targeting and measurement. | 90 days |
_fbp, _fbc cookies and cookies from facebook.com in your browser;We share personal data with third parties only to the extent necessary to operate and deliver our services. All third parties are prohibited from using your data for any other purpose.
| Provider | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Google LLC | Google Analytics 4 — website analytics | Anonymized usage data, cookies | View |
| Meta Platforms, Inc. | Meta Pixel — advertising measurement | Usage data, IP address, browser/device info | View |
Our Site is hosted on servers provided by our web hosting provider. The hosting provider may process certain technical data (server logs, IP addresses) in the course of providing hosting services, subject to their own privacy policy.
We do not store, process, or access full payment card numbers at any time. Payments are handled directly by PCI-DSS compliant third-party processors, which may include:
We may disclose personal data if required by law, court order, or government request, or if we believe in good faith such disclosure is necessary to: (a) comply with a legal obligation; (b) protect our rights or property; (c) prevent or investigate wrongdoing; or (d) protect the personal safety of users or the public.
To perform project work, we may request temporary access to: web hosting control panels (cPanel, Plesk), domain registrar accounts (GoDaddy, Namecheap, Cloudflare), CMS administrator accounts (WordPress, Squarespace), FTP/SFTP servers, Google Search Console, Google Analytics, and Meta Business Suite. Access is requested only when required and only for the duration of that specific task.
We expressly disclaim liability for security incidents arising from credentials shared via insecure methods, vulnerabilities in the client's own hosting environment, weak or reused passwords, or failure to change credentials after project completion. See Section 12 of our Terms and Conditions for full provisions.
We strongly advise all clients to change every password and access credential shared with us within five (5) business days of project completion. This includes hosting, domain registrar, CMS, and any API tokens provided.
| Data Type | Retention Period | Reason |
|---|---|---|
| Contact / inquiry data (no project commenced) | Up to 12 months | Follow-up and lead evaluation |
| Active client project data and communications | Duration of project + 3 years after completion | Contract performance; dispute resolution |
| Financial records (invoices, payment records) | 7 years | Massachusetts and federal tax requirements |
| Client credentials | Deleted within 5 business days of project completion | Security; data minimization |
| Analytics data (GA4) | Up to 14 months (GA4 default, configurable) | Trend analysis |
| Meta Pixel data | Per Meta's retention policies (typically ~180 days server-side) | Ad measurement; controlled by Meta |
When data is no longer needed, it is permanently deleted from active systems. Physical documents containing personal information are destroyed in a manner that renders them unreadable, consistent with Massachusetts M.G.L. c. 93I.
Depending on your location and applicable law, you may have the following rights. We respond to verified requests within 30–45 days.
Request a copy of the personal data we hold about you and how we use it.
Request correction of inaccurate or incomplete personal data.
Request deletion of your personal data, subject to legal retention requirements.
Request we limit use of your data while a dispute or correction is pending.
Request your data in a structured, machine-readable format (GDPR right).
Object to processing based on legitimate interests, including direct marketing.
California residents (CCPA/CPRA): opt out of "sale" or "sharing" of data for cross-context behavioral advertising.
We will not deny services, charge different rates, or provide degraded service for exercising any privacy right.
Email info@amitywebsitedesign.com with the subject line “Privacy Rights Request.” Include your name, contact information, and a description of the right you wish to exercise. We may verify your identity before processing. No fee for reasonable requests.
California residents have rights under CCPA as amended by CPRA, including the right to know, delete, correct, opt out of sale/sharing, and non-discrimination. As a small business, we may fall below mandatory CCPA thresholds, but we extend these rights as a matter of good practice. To submit a “Do Not Sell or Share My Personal Information” request, contact us at info@amitywebsitedesign.com. We honor Global Privacy Control (GPC) signals where technically feasible.
EEA and UK residents have additional rights under GDPR / UK GDPR including rights of access, rectification, erasure, restriction, portability, and objection. You also have the right to lodge a complaint with your national supervisory authority. Legal bases for our processing are described in Section 4.
Massachusetts residents have rights under M.G.L. c. 93H. In the event of a qualifying data security breach, we will notify affected individuals, the Massachusetts Attorney General, and the Office of Consumer Affairs and Business Regulation as required by law.
Our Site and services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at info@amitywebsitedesign.com immediately. Upon verification, we will promptly delete the information. We comply with the Children's Online Privacy Protection Act (COPPA).
We implement reasonable administrative, technical, and physical safeguards consistent with industry standards and Massachusetts 201 CMR 17.00, including:
No method of Internet transmission or electronic storage is 100% secure. While we use commercially reasonable means to protect your data, we cannot guarantee absolute security. You transmit data to us at your own risk.
In the event of a qualifying data security breach under M.G.L. c. 93H, we will notify affected Massachusetts residents, the Attorney General, and the Office of Consumer Affairs without unreasonable delay. Where a breach involves Social Security numbers, we will offer 18 months of free credit monitoring as required by Massachusetts law.
If Amity Website Design is involved in a merger, acquisition, or asset sale, your personal data may be transferred to the acquiring entity as part of that transaction. We will provide notice via a prominent Site announcement or email before data becomes subject to a materially different privacy policy. Any successor entity will be bound by this Policy unless you are notified of changes and given an opportunity to object.
Prospective purchasers may review aggregate, anonymized business information during due diligence under a binding NDA. No client names, personal data, or project-specific details will be disclosed to prospective purchasers without prior written consent, except as required to complete an actual acquisition by a qualified successor who assumes all obligations under this Policy.
Our Site may contain links to third-party websites for informational purposes. This Privacy Policy applies only to our Site and services. We have no control over and assume no responsibility for the content or privacy practices of any third-party site. We encourage you to review the privacy policy of every site you visit.
We may update this Privacy Policy to reflect changes in our practices or legal requirements. All changes are reflected in the Effective Date at the top of this page. For material changes, we will provide at least 14 days' notice to active clients by email where practicable.
This Policy is governed by the laws of the Commonwealth of Massachusetts. Disputes are resolved in the courts of Dukes County, Massachusetts, consistent with our Terms and Conditions.
For any questions, concerns, or privacy rights requests regarding this Policy: