Privacy Policy

This Privacy Policy explains how Digito ("Digito", "we", "us", or "our") collects, uses, stores and protects information when you visit digito.ai (the "Site") or engage with our services. We are committed to handling your personal data responsibly and in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR) where applicable.

1. Information We Collect

We collect the following categories of information:

Category	Examples	How collected
Contact data	Name, email address, company name	Contact and booking forms
Communication data	Messages and enquiries you send us	Contact forms, email
Newsletter data	Email address	Newsletter sign-up form
Usage data	Pages visited, browser type, device, referrer, IP address	Automatically via server logs and analytics (if enabled)

We do not knowingly collect personal data from children under the age of 16. If you believe we have inadvertently collected such data, please contact us immediately at privacy@digito.ai.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To respond to enquiries — processing contact and demo requests and communicating with prospective clients.
• To deliver our services — managing project engagements, communicating updates and delivering deliverables.
• To send newsletters — sending studio updates, project announcements and industry news to subscribers who have opted in. You may unsubscribe at any time.
• To improve the Site — understanding how visitors use the Site to improve content and performance.
• To comply with legal obligations — retaining records where required by applicable law.

3. Legal Basis for Processing (GDPR)

Where the GDPR applies, we rely on the following legal bases to process your personal data:

• Consent — for newsletter subscriptions and optional communications. You may withdraw consent at any time.
• Legitimate interests — for responding to enquiries and improving the Site, where our interests are not overridden by your rights.
• Contractual necessity — for delivering services under a client agreement.
• Legal obligation — where we are required to retain data by law.

4. Cookies and Tracking

Our Site uses essential technical cookies only — such as those required for security and basic functionality. We do not use advertising cookies, cross-site tracking cookies, or third-party analytics cookies without your explicit consent.

If we introduce optional analytics in the future, we will update this policy and request your consent where required by law.

5. Third-Party Services

We use a limited number of trusted third-party providers to operate our Site and services:

• Cloudflare — provides hosting, CDN and security services. Cloudflare may process technical data (such as IP addresses) in accordance with their Privacy Policy.
• Resend — used to deliver transactional emails (contact form confirmations). Data submitted through our forms is transmitted to Resend for delivery. See Resend's Privacy Policy.
• Google Fonts — used to load typography. Google may collect limited technical data when fonts are loaded. We use preconnect and preload techniques to minimize data transfer.

We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy or as required by law:

• Contact enquiries — up to 2 years from the date of last contact.
• Newsletter subscriptions — until you unsubscribe or request deletion.
• Client project data — as specified in the applicable project agreement, or up to 5 years for accounting and legal compliance.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or disclosure. These include encrypted data transmission (HTTPS/TLS), access controls, and secure third-party infrastructure.

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we take reasonable steps to protect your information.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate or incomplete data.
• Erasure — request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
• Restriction — request that we limit how we process your data in certain circumstances.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@digito.ai. We will respond within 30 days.

9. International Data Transfers

Some of our third-party providers may process data in countries outside your own. Where such transfers occur, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms recognized under applicable law to ensure your data remains protected.

10. Links to Other Sites

Our Site may contain links to external websites. We are not responsible for the privacy practices of those sites. We encourage you to read the privacy policies of any third-party sites you visit.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the Site after changes are posted constitutes acceptance of the revised policy.