Privacy & Data Protection Policy - DVC Digital Marketing

Brilliant Ideas Consulting Inc. d.b.a. Digital Visibility Concepts

Last Updated: November 10, 2025
Version: 1.0

INTRODUCTION

Thank you for choosing to be part of our community at Brilliant Ideas Consulting Inc., a corporation incorporated under the laws of the State of Florida, registered at 9702 SW 83rd Way, Gainesville, FL 32608, doing business as “Digital Visibility Concepts” (referred to in this document as “Digital Visibility Concepts,” “DVC,” “we,” “us,” or “our”). We are committed to protecting your personal information and your right to privacy.

When you visit our website https://digitalvisibilityconcepts.com/ (the “Website”), use our services, and interact with our platforms, you trust us with your personal information. We take your privacy very seriously. In this Privacy Policy, we seek to explain to you in the clearest way possible what information we collect, how we use it, and what rights you have in relation to it.

If you have any questions or concerns about our Privacy Policy, or our practices with regards to your personal information, please contact us at:

General Privacy Inquiries: privacy@digitalvisibilityconcepts.com
General Information: info@digitalvisibilityconcepts.com
Data Subject Rights Requests: privacy@digitalvisibilityconcepts.com

This Privacy Policy complies with the requirements set forth by:

General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
Florida Information Protection Act (FIPA)
Other applicable state and federal privacy laws

This Privacy Policy is designed to provide the highest privacy and data protection standards applicable globally.

IMPORTANT: This Privacy Policy applies to all information collected through our Website (https://digitalvisibilityconcepts.com/), and any related services, sales, marketing, or events (collectively, the “Services”). This includes our primary service lines:

SEO Services – Search engine optimization and organic ranking improvement
PPC Management – Paid advertising campaign management (Google Ads, Facebook Ads, etc.)
Social Media Management – Content creation and community management
Web Design & Development – Custom website design and development
Hosting & Maintenance – Dedicated hosting and ongoing website maintenance
Attorney Lead Intelligence – Probate, personal injury, and divorce lead generation
Direct Mail Services – Automated direct mail for lead generation clients

Please read this Privacy Policy carefully as it will help you make informed decisions about sharing your personal information with us. If there are any terms in this Privacy Policy that you do not agree with, please discontinue use of our Website and Services.

I. What Information Do We Collect?
II. How Do We Collect Your Personal Information?
III. How Do We Use Your Information?
IV. Why Do We Process Your Personal Data?
V. Will Your Information Be Shared With Anyone?
VI. Do We Use Cookies and Other Tracking Technologies?
VII. How Long Do We Keep Your Information?
VIII. How Do We Keep Your Information Safe?
IX. What Are Your Privacy Rights?
X. Do We Collect Information From Minors?
XI. Controls for Do-Not-Track Features
XII. Do California Residents Have Specific Privacy Rights?
XIII. International Data Transfers
XIV. Third-Party Services and Integrations
XV. Do We Make Updates to This Policy?
XVI. External Links
XVII. How Can You Contact Us About This Policy?

I. WHAT INFORMATION DO WE COLLECT?

We collect the following categories of personal data while you use our Services and/or Website, as further described in this Privacy Policy:

Personal Information Provided by You

Contact and Identity Information:

Name, alias, postal address, email address, phone number, mobile number
Company name, job title, business role
Business address and contact information
County of residence or business location

Financial Information:

Bank account numbers (for ACH payments)
Credit card numbers, debit card numbers
Payment card information (processed securely via PCI-DSS compliant processor)
Billing address and contact details
Payment history and transaction records

Business Information:

Company name, website URL, industry
Business size, revenue, target market
Competitor information
Marketing goals and objectives
Current marketing performance data
Analytics and website traffic data

Website and Marketing Data:

Current website performance metrics
Existing SEO rankings and backlink profiles
Social media account credentials and performance data
Google Ads, Facebook Ads, and other ad platform credentials
Google Analytics access and data
Google Search Console access and data
Email marketing platform data
CRM system data (if integrated)

Attorney Lead Intelligence Data (Attorney Clients Only):

Bar license number and status
Practice areas and specializations
Geographic coverage areas (counties served)
Professional liability insurance information
State bar association membership
Lead conversion tracking data
Case acceptance criteria

Service-Related Information:

Service agreements and engagement contracts
Payment history and billing records
Communication preferences
Service requests and support tickets
Feedback and survey responses
Project briefs and creative assets
Content calendars and approval records

Information Automatically Collected

Device and Usage Information:

IP address, browser type, and device characteristics
Operating system and language preferences
Device name, country, and location information
Referring URLs and pages visited
Time spent on pages and navigation patterns
Search queries and interaction with Website features
Click-through data and conversion actions

Cookies and Tracking Data:

Session cookies and persistent cookies
Web beacons and pixel tags
Analytics data from third-party providers
Marketing attribution information
Remarketing and retargeting data
A/B testing and optimization data

Website Performance Data:

Page load times and performance metrics
Error logs and debugging information
Server response times
Bandwidth usage and resource consumption

Inferences and Derived Information

Profile and Preference Data:

Marketing needs assessment based on business information
Recommended service packages and strategies
Budget recommendations based on industry benchmarks
Competitive positioning analysis
Target audience insights
Campaign performance predictions
Client success metrics and engagement levels

Information From Third-Party Sources

Public and Commercial Sources:

Public database information (for lead generation services)
Obituary data from Legacy.com and funeral homes (probate leads)
Accident reports from law enforcement (personal injury leads)
Court filing data (divorce leads)
Business entity data from Secretary of State databases
Property records from county appraisers
Marketing leads and contact lists
Social media profile information (if you connect accounts)
Search results and paid listing information
Credit reporting agencies (for payment plan eligibility)

Platform Data:

Google Ads account performance data
Facebook Ads account data
Social media platform analytics
Website hosting provider data
Domain registrar information

Sensitive Personal Information

Under applicable privacy laws, the following categories are considered “sensitive” and receive additional protections:

Financial account numbers and payment card information
Social Security Numbers or Tax Identification Numbers (attorney clients)
Precise geolocation data
Account login credentials and passwords
Professional licensing information

II. HOW DO WE COLLECT YOUR PERSONAL INFORMATION?

Information You Provide Directly

Service Enrollment and Engagement:

When you request a consultation or demo
When you complete intake forms or engagement agreements
When you sign up for services
When you provide website access credentials
When you grant access to marketing platforms
When you subscribe to attorney lead generation services

Communication Channels:

Email correspondence with our team
Phone calls and text messages
Secure client portal uploads
Contact forms on our Website
Live chat interactions
Video conference meetings (Zoom, Google Meet)
Project management tools (Asana, Trello, etc.)

Payment Processing:

Credit card authorization forms
ACH payment setup information
Billing address and contact details

Service Delivery:

Website admin credentials (WordPress, hosting)
Google Analytics and Search Console access
Ad platform credentials (Google Ads, Facebook Ads)
Social media account access
Email marketing platform credentials
CRM system access
Domain registrar credentials
Hosting control panel access

Information Automatically Collected

Website Analytics: We automatically collect certain information when you visit or navigate our Website or use our Services. This includes:

Device and usage information via cookies and similar technologies
Page views, time on site, and navigation patterns
Traffic sources and referral information
Search terms used to find our Website
Form submissions and conversion events
Click-through rates and engagement metrics

We use third-party analytics providers (such as Google Analytics) to gather data about your usage of the Website. This helps us understand how our Services are used and improve user experience.

Cookies and Tracking Technologies: Like many businesses, we collect information through cookies and similar technologies. We use cookies to:

Enhance your experience and remember your preferences
Provide insights into how our Services are used
Assist in marketing efforts and measure campaign effectiveness
Maintain security and prevent fraud
Track conversion events and attribution

For more information about cookies and how to manage them, see Section VI below.

Information From Third-Party Sources

Public Databases and Data Sources: We may obtain information from:

For Lead Generation Services:

Legacy.com and funeral home websites (obituary data)
County property appraiser databases (property values, ownership)
Secretary of State business entity databases (business ownership)
Court filing systems (divorce petitions, probate filings)
Law enforcement accident reports (personal injury cases)
Skip-tracing services (contact information enhancement)
Public records databases (asset discovery)

For Marketing Services:

Public databases and records
Joint marketing partners and referral sources
Social media platforms (if you interact with us)
Credit reporting agencies (for payment plan qualification)
Business directories and listings

Service Provider Integrations:

Google Ads (campaign performance data)
Facebook Ads (campaign metrics and audience data)
Google Analytics (website traffic and behavior)
Social media platforms (engagement and follower data)
Payment processors (transaction confirmation data)
Hosting providers (server performance and uptime)
Email marketing platforms (delivery and engagement metrics)

We will inform you about the source of information and the type of information we have collected about you within a reasonable period after obtaining the personal data, but at the latest within one month.

Information Through Platform Access

SEO Services:

Google Search Console data and webmaster reports
Google Analytics traffic and behavior data
Backlink profile data
Website audit results
Competitor ranking data

PPC Management:

Google Ads account structure and performance
Facebook Ads campaign data and audience insights
Conversion tracking data
Landing page performance metrics
Ad spend and budget information

Social Media Management:

Social media account credentials and access
Follower demographics and engagement data
Post performance metrics
Community management interactions
Social listening and sentiment data

Web Development:

Website content management system access
Hosting control panel credentials
FTP/SFTP access credentials
Database access information
Domain registrar access

Attorney Lead Intelligence:

Bar license verification data
Practice area and geographic coverage
Lead receipt and follow-up tracking
Conversion and case acceptance data

III. HOW DO WE USE YOUR INFORMATION?

In Short: We process your information for purposes based on legitimate business interests, the fulfillment of our contract with you, compliance with our legal obligations, and/or your consent.

We use personal information collected via our Services for a variety of business purposes described below. We indicate the specific processing grounds we rely on next to each purpose.

Service Delivery and Performance

Providing Services (Contract Performance):

SEO Services: Conducting website audits, keyword research, on-page optimization, link building, content creation, technical SEO improvements, local SEO optimization, reporting and analytics
PPC Management: Setting up and managing ad campaigns, conducting keyword research, creating ad copy, optimizing bids and budgets, tracking conversions, providing performance reports
Social Media Management: Creating content calendars, designing graphics and posts, scheduling content, managing community engagement, monitoring brand mentions, providing analytics reports
Web Design & Development: Creating website designs, developing custom functionality, integrating CMS platforms, implementing e-commerce features, configuring hosting and domains, providing post-launch support
Hosting & Maintenance: Managing server infrastructure, performing security updates, backing up data, monitoring uptime and performance, resolving technical issues, updating content as requested
Attorney Lead Intelligence: Scraping obituary and court filing data, researching estate and case values, skip-tracing contact information, scoring and qualifying leads, delivering daily leads via portal and email
Direct Mail Services: Designing letter templates, automating mail triggering, personalizing mailings, processing printing and postage, tracking delivery, providing performance reports

Client Communication (Contract Performance & Legitimate Interest):

Responding to your inquiries and support requests
Providing service updates and status reports
Sending campaign performance reports
Delivering completed work product and deliverables
Scheduling meetings and appointments
Requesting additional information, credentials, or approvals
Coordinating with third-party platforms and services

Payment and Billing

Transaction Processing (Contract Performance):

Processing payments and managing billing
Charging recurring monthly fees for ongoing services
Processing project deposits and final payments
Applying credit card processing fees (3%)
Managing payment defaults and collections
Issuing invoices and payment confirmations
Processing refunds when applicable

Payment Card Security (Legal Obligation & Legitimate Interest):

Maintaining PCI-DSS compliance for payment card data
Encrypting and tokenizing payment information
Detecting and preventing fraudulent transactions
Processing chargebacks and disputes

Marketing and Communications

Marketing and Promotions (Consent & Legitimate Interest):

Sending marketing emails about our services
Providing educational content and digital marketing tips
Announcing new services or features
Inviting you to webinars and events
Sharing success stories and case studies
You can opt-out of marketing communications at any time

Targeted Advertising (Consent & Legitimate Interest):

Displaying relevant advertisements on third-party platforms
Measuring effectiveness of marketing campaigns
Tailoring content based on your interests
Retargeting visitors who have shown interest in our Services
Creating lookalike audiences based on existing clients

Referral Programs (Consent):

Processing referrals when you recommend our Services
Tracking referral rewards and incentives
Communicating with referred prospects

Business Operations

Administration and Operations (Legitimate Interest):

Managing client accounts and relationships
Maintaining client portal access
Organizing and storing client credentials and assets
Quality assurance and training purposes
Internal reporting and analytics
Performance evaluation and service improvement

Security and Fraud Prevention (Legitimate Interest & Legal Obligation):

Monitoring for fraudulent activity and unauthorized access
Protecting against security threats and cyberattacks
Investigating suspicious transactions or activities
Maintaining system security and data integrity
Enforcing our Terms of Service and policies
Preventing abuse of lead generation services

Analytics and Improvement (Legitimate Interest):

Analyzing usage trends and service effectiveness
Identifying areas for service improvement
Evaluating marketing campaign performance
Conducting customer satisfaction surveys
Developing new features and services
Using aggregated and anonymized data for research
Benchmarking client performance against industry standards

Legal and Compliance

Legal Obligations (Legal Obligation):

Complying with applicable laws and regulations
Responding to subpoenas and legal process
Meeting professional licensing requirements
Complying with state and federal advertising laws
Maintaining required records and documentation
Responding to regulatory inquiries
Cooperating with law enforcement when required

Dispute Resolution (Legitimate Interest & Legal Obligation):

Enforcing our Terms of Service and engagement agreements
Defending against legal claims or litigation
Participating in arbitration proceedings
Collecting unpaid fees through legal means
Investigating and resolving client complaints

Vital Interests (Vital Interest):

Preventing illegal activities or suspected fraud
Protecting safety of individuals
Investigating potential policy violations
Taking action regarding threats to any person

Specialized Service Uses

SEO Specific:

Accessing and analyzing website performance data
Implementing on-page optimization changes
Building backlinks and managing link profiles
Creating and optimizing content
Monitoring search engine rankings
Tracking organic traffic and conversions

PPC Specific:

Managing ad platform accounts on your behalf
Creating and testing ad copy and creative
Adjusting bids and budgets for optimization
Implementing conversion tracking
Creating audience segments and targeting
Analyzing competitor ad strategies

Social Media Specific:

Accessing social media accounts on your behalf
Creating and scheduling posts
Responding to comments and messages
Monitoring brand mentions and sentiment
Analyzing engagement metrics
Managing social media advertising campaigns

Web Development Specific:

Accessing website files and databases
Implementing design and functionality changes
Configuring hosting and server settings
Installing security updates and patches
Debugging errors and resolving issues
Migrating websites between hosts

Lead Generation Specific:

Scraping public obituary and court filing data
Researching estate and case asset values
Skip-tracing contact information
Scoring and prioritizing leads
Delivering leads to exclusive territory holders
Tracking lead quality and conversion rates

Direct Mail Specific:

Accessing lead data for mail merge
Personalizing letters with recipient information
Triggering automated mailings based on lead delivery
Processing printing and postage
Tracking mail delivery and performance

IV. WHY DO WE PROCESS YOUR PERSONAL DATA?

In Short: We only process information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfill business obligations.

We may process or share data based on the following legal bases:

Consent

We may process your data if you have given us specific consent to use your personal information for a specific purpose
You provide consent when you sign engagement agreements or accept our Terms of Service
You provide consent when you grant us access to your accounts and platforms
You may withdraw your consent at any time by contacting privacy@digitalvisibilityconcepts.com
Withdrawal of consent does not affect processing that occurred before withdrawal

Performance of a Contract

Where we have entered into an engagement agreement with you, we process your personal information to fulfill the terms of our contract
This includes delivering SEO, PPC, social media, web development, hosting, lead generation, or direct mail services
Processing payments and managing billing obligations
Providing support and responding to service requests
Accessing accounts and platforms necessary to deliver contracted services

Legitimate Interests

We may process your data when it is reasonably necessary to achieve our legitimate business interests, provided your rights do not override these interests
Legitimate interests include:
- Fraud prevention and security
- Network and information security
- Improving and providing our Services
- Marketing our services to potential clients
- Analytics and business intelligence
- Protecting our intellectual property rights
- Enforcing our legal rights and contracts
- Operating efficient business processes
- Optimizing service delivery and client outcomes

Legal Obligations

We may process your information where we are legally required to do so
This includes:
- Complying with tax and financial reporting requirements
- Responding to court orders, subpoenas, or legal process
- Meeting professional licensing obligations
- Complying with advertising and marketing regulations
- Responding to government requests
- Complying with PCI-DSS requirements for payment data
- Maintaining records per legal retention requirements

Vital Interests

We may process your information where we believe it is necessary to:
- Investigate, prevent, or take action regarding potential violations of our policies
- Protect against suspected fraud or illegal activities
- Safeguard situations involving potential threats to safety of any person
- Serve as evidence in litigation in which we are involved
- Respond to emergency situations

V. WILL YOUR INFORMATION BE SHARED WITH ANYONE?

In Short: We only share information with your consent, to comply with laws, to provide you with services, or to protect our rights.

We take every effort to protect your personal data and have taken necessary steps to this end. Our employees have access to personal data only to the extent necessary to properly perform their individual tasks. We only share personal information with third parties if it is necessary to serve the applicable purpose.

Third-Party Service Providers

Vendors and Contractors (Service Performance): We may share your data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work:

Payment Processing:

Payment gateway providers (PCI-DSS compliant)
Credit card processors (Stripe, Square, etc.)
ACH processing services
Fraud detection and prevention services
Billing and invoicing platforms

Technology and Infrastructure:

Cloud hosting services (AWS, DigitalOcean, secure servers in United States)
Data storage providers
Email delivery services (SendGrid, Mailgun)
Customer relationship management (CRM) systems
Client portal platforms
Backup and disaster recovery services
Content delivery networks (CDNs)

Marketing and Analytics:

Website analytics providers (Google Analytics, Hotjar)
Email marketing platforms (Mailchimp, Constant Contact)
Advertising networks (Google Ads, Facebook Ads)
Social media platforms (Facebook, Instagram, LinkedIn)
Marketing automation tools
A/B testing and optimization platforms
Heatmap and session recording tools

Lead Generation Services:

Skip-tracing and contact information providers (TLOxp, LexisNexis)
Obituary data sources (Legacy.com)
Public records data providers
Court filing data sources
Property records databases
Direct mail printing and fulfillment services

Professional Services:

Indian development team for web development support (under strict confidentiality)
Freelance designers and copywriters (under NDA)
Legal counsel (when necessary)
Professional liability insurance carriers
Accounting and tax professionals

When third parties process your personal data, this is only possible according to instructions given by us. We ensure that all third parties with access to your personal information have implemented appropriate technical and organizational measures to maintain our intended level of privacy and security.

Business Transfers

Mergers and Acquisitions: We may share or transfer your information in connection with, or during negotiations of:

Merger with another company
Sale of company assets
Financing or investment transactions
Acquisition of all or a portion of our business by another company
Bankruptcy or insolvency proceedings

In such cases, we will ensure the acquiring party agrees to protect your personal information consistent with this Privacy Policy.

Legal and Regulatory Authorities

Government and Legal Compliance: We may disclose your information if we believe in good faith that such disclosure is necessary to:

Comply with U.S. federal and state laws or other applicable laws
Respond to court orders, judicial requests, subpoenas, or warrants
Comply with regulatory inquiries from licensing boards
Meet national security or law enforcement requirements
Protect DVC from fraudulent or unlawful usage
Respond to DMCA takedown notices or IP infringement claims

Protection of Rights and Safety

Legal Defense and Enforcement: We reserve the right to disclose information that we believe, in good faith, is appropriate or necessary to:

Investigate and defend ourselves against third-party claims or allegations
Enforce our Terms of Service, engagement agreements, or other policies
Protect the security and integrity of our Services
Protect the rights, property, or safety of DVC, our clients, or others
Collect unpaid fees through legal means
Pursue arbitration or litigation
Prevent fraud, abuse, or unauthorized access

With Your Consent

Authorized Disclosures: We may share your information with third parties when you have given us explicit permission to do so:

Sharing campaign performance data with your internal team members you designate
Providing portfolio examples to prospective clients (with your approval)
Including your business in case studies or testimonials (with your consent)
Sharing information with your other service providers (designers, developers, marketers)
Referrals to other professionals you request

Attorney Lead Intelligence – Special Considerations

For Lead Generation Services:

Lead data (obituaries, accident reports, court filings) sourced from public records
Lead data delivered exclusively to one attorney per territory (no sharing with other attorneys)
Aggregate statistics may be used for service improvement (no individual lead data shared)
Lead source data retained for quality assurance and dispute resolution

Information We Do NOT Share

Prohibited Disclosures:

We do NOT sell your personal information to third parties
We do NOT rent or trade your information for promotional purposes
We do NOT share your ad campaign strategies or website optimization plans without authorization
We do NOT disclose your website credentials or login information to unauthorized parties
We do NOT share lead data with competing attorneys in the same territory

VI. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We use cookies and similar tracking technologies to collect and store your information.

What Are Cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners to make their websites work more efficiently and to provide reporting information.

Types of Cookies We Use

Essential Cookies (Required):

Session management and authentication
Security and fraud prevention
Load balancing and performance
User preference storage
Shopping cart functionality (if applicable)
These cookies are necessary for the Website to function and cannot be disabled

Analytics Cookies (Optional):

Google Analytics for usage statistics
Page view tracking and navigation patterns
Traffic source and referral analysis
User behavior and engagement metrics
Conversion tracking and goal completion
These help us understand how visitors use our Website

Marketing Cookies (Optional):

Advertising network cookies (Google Ads, Facebook Pixel)
Retargeting and remarketing pixels
Campaign attribution tracking
Conversion tracking across platforms
Social media integration pixels
Lead form tracking and attribution
These help us serve relevant advertisements and measure ROI

Preference Cookies (Optional):

Language and region preferences
Display settings and accessibility options
Form auto-fill information
Chat widget preferences
These enhance your user experience

Third-Party Cookies

We may use third-party services that place cookies on your device:

Google Analytics: Website analytics and user behavior tracking
Google Ads: Conversion tracking and remarketing
Facebook Pixel: Ad performance tracking and retargeting
LinkedIn Insight Tag: B2B marketing and conversion tracking
Hotjar: Heatmaps and session recordings for UX optimization
Other advertising networks and marketing partners

These third parties may use cookies to track your activity across websites and build profiles for targeted advertising.

Cookie Management

How to Control Cookies:

Most web browsers are set to accept cookies by default. You can:

Browser Settings: Configure your browser to refuse cookies or alert you when cookies are being sent
Cookie Preferences: Use our cookie preference center (if available) to manage optional cookies
Opt-Out Tools: Use industry opt-out tools at http://www.aboutads.info/choices/ or http://www.networkadvertising.org/choices/
Do Not Track: Enable Do-Not-Track settings in your browser (see Section XI)
Privacy Browser Extensions: Use browser extensions that block tracking cookies

Effect of Disabling Cookies: If you choose to remove cookies or reject cookies, this could affect certain features or services of our Website:

You may need to re-enter information more frequently
Some website features may not function properly
Your preferences may not be saved
Analytics and personalization may be limited
Form submissions may not work correctly
You may see less relevant advertising

However, disabling cookies will NOT prevent you from accessing our core Services or contacting us for consultations.

Other Tracking Technologies

Web Beacons and Pixels:

Small graphic images used to track page views and email opens
Help us understand email campaign effectiveness
Used in conjunction with cookies for conversion tracking
May be disabled by blocking images in emails

Local Storage:

Browser-based storage for preferences and settings
Can be cleared through browser settings
May be used for client portal functionality
More persistent than session cookies

Session Replay Tools:

Tools like Hotjar that record user sessions for UX analysis
Help us understand how users navigate our Website
Recordings are anonymized and used only for improvement
Can be opted out through privacy settings

VII. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless otherwise required by law.

General Retention Periods

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law.

Active Client Records:

Retained for duration of engagement plus 7 years
Required for legal compliance and potential disputes
Necessary for warranty and support obligations

General Account Information:

7 years after service termination or last activity
Aligns with standard business record retention
Supports legal defense and compliance

Financial and Payment Records:

Minimum 7 years per accounting and tax requirements
Required for audit support and tax reporting
Necessary for dispute resolution and chargeback defense

Website and Marketing Data:

3 years after last interaction or opt-out
Used for analytics and improvement
Maintains suppression lists indefinitely (to honor opt-outs)

Lead Generation Data:

Lead data delivered to clients retained for 1 year
Source data (obituaries, court filings) retained for 3 years
Quality assurance and dispute resolution purposes
Aggregate statistics retained indefinitely (anonymized)

Website Analytics:

2-3 years after collection
Used for trend analysis and improvement
Can be deleted sooner upon request

Project Files and Creative Assets:

3 years after project completion
Includes design files, website backups, ad creative
Available for future reference or updates

Communications Records:

Email and chat transcripts: 7 years
Call recordings (if any): 7 years
Support tickets: 3 years after resolution

Special Retention Circumstances

Legal Holds: If information is subject to legal proceedings, investigations, or disputes, we will retain it until the matter is resolved, even if beyond normal retention periods.

Regulatory Requirements: Certain records may need to be retained longer based on:

State and federal record-keeping requirements
Professional liability insurance requirements
Specific state laws governing digital marketing or lead generation
Tax and accounting regulations

Client Request: We will retain information longer if you specifically request extended retention for your business records.

Data Deletion and Anonymization

When Retention Period Ends: When we have no ongoing legitimate business need to process your personal information, we will either:

Delete the information securely and permanently
Anonymize the data so it no longer identifies you
Archive it securely with restricted access until deletion is possible

Backup Archives: If immediate deletion is not possible because your personal information has been stored in backup archives, we will:

Securely store your personal information
Isolate it from any further processing
Delete it according to our backup retention schedule (typically within 90 days)

Right to Request Deletion: You may request deletion of your personal information at any time by contacting privacy@digitalvisibilityconcepts.com. We will comply with your request subject to legal retention requirements and legitimate business needs.

VIII. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a comprehensive system of organizational and technical security measures.

Technical Security Measures

Encryption and Data Protection:

Data in Transit: TLS 1.2+ encryption for all data transmission
Data at Rest: AES-256 encryption for stored data
Payment Card Data: PCI-DSS Level 2 compliance standards
CVV Codes: Never stored after initial transaction
Tokenization: Credit card numbers stored as encrypted tokens only
Database Encryption: Sensitive fields encrypted at database level

Network Security:

Multi-layered firewall protection
Network segmentation to isolate sensitive systems
Intrusion detection and prevention systems (IDS/IPS)
DDoS protection and mitigation
Regular security patches and updates
Vulnerability scanning and penetration testing
Web application firewall (WAF) protection

Access Controls:

Multi-factor authentication (MFA) for system access
Role-based access controls (RBAC)
Principle of least privilege (minimum necessary access)
Unique user credentials for all personnel
Automatic session timeouts
Password complexity requirements and rotation policies
Privileged access management (PAM) for critical systems

Application Security:

Secure coding practices and code reviews
Input validation and sanitization
SQL injection and XSS prevention
CSRF protection
Security headers and configurations
Regular security testing and audits
Third-party security assessments

Physical Security Measures

Facility Security:

Controlled access to office facilities
Surveillance systems and security monitoring
Visitor logs and escort requirements
Secure document storage (locked cabinets)
Clean desk policy for sensitive information
Secure document destruction (cross-cut shredding)
Alarm systems and 24/7 monitoring

Device Security:

Encrypted laptops and mobile devices
Remote wipe capabilities
Automatic screen locks
Secure disposal of hardware
Device management and tracking systems

Organizational Security Measures

Personnel Security:

Background checks for employees with data access
Confidentiality and non-disclosure agreements
Regular security awareness training
Clear security policies and procedures
Incident response training
Limited personnel access to sensitive data
Segregation of duties for critical functions

Vendor Management:

Due diligence on all third-party providers
Written data protection agreements (DPAs)
Regular vendor security assessments
Verification of vendor security certifications (SOC 2, ISO 27001)
Contractual security requirements
Vendor access monitoring and audit rights

Business Continuity:

Regular data backups (encrypted and tested)
Disaster recovery plans and procedures
Business continuity planning
Incident response plans
Data redundancy and failover systems
Regular testing of recovery procedures

Monitoring and Response

Security Monitoring:

24/7 security monitoring and alerts
Log analysis and anomaly detection
Security information and event management (SIEM)
Regular security audits and reviews
Compliance assessments
Threat intelligence monitoring
Automated vulnerability scanning

Incident Response:

Documented incident response procedures
Rapid response team activation
Forensic investigation capabilities
Breach notification procedures (see Section VIII.D)
Post-incident review and improvement
Regular incident response drills

Compliance and Certifications

Standards and Regulations:

PCI-DSS compliance for payment card data
GDPR-compliant data protection measures
CCPA/CPRA privacy compliance
SOC 2 Type II principles (security, availability, confidentiality)
Industry best practices and frameworks (NIST, CIS)

Regular Assessments:

Annual security assessments
Quarterly vulnerability scans
Penetration testing (annual or bi-annual)
Compliance audits
Third-party security reviews

Data Breach Notification

In the Event of a Data Breach:

If we discover a data breach that affects your personal information, we will:

Investigate Immediately:
1. Contain the breach and secure affected systems
1. Determine scope and impact of the breach
1. Identify affected individuals and data types
1. Preserve evidence for investigation
Notify You Promptly:
1. Within timeframe required by applicable law (typically 30-72 hours for GDPR, varies by state law)
1. Via email to your address on file
1. Through prominent notice on our Website if widespread
1. Direct phone contact for critical breaches
Provide Details:
1. Description of the incident and date discovered
1. Types of information involved
1. Steps we have taken to address the breach
1. Recommended actions you should take
1. Contact information for questions
1. Resources and support available
Offer Assistance:
1. Credit monitoring services if financial data exposed (as required by law)
1. Identity theft protection resources
1. Dedicated support contact for breach-related questions
1. Guidance on protective measures
Regulatory Notification:
1. Notify applicable regulators as required by law
1. Cooperate with law enforcement investigations
1. File required reports with state attorneys general
1. Notify payment card networks if card data affected

Limitations and User Responsibility

No Guarantee of Absolute Security: While we implement industry-standard security measures, we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk.

Your Responsibilities:

Use strong, unique passwords for your accounts
Enable multi-factor authentication when available
Keep your login credentials confidential
Do not share your account access
Use secure internet connections (avoid public Wi-Fi for sensitive activities)
Keep your devices and software updated
Be cautious of phishing attempts and suspicious emails
Report suspicious activity immediately
Review your statements and accounts regularly
Protect credentials for accounts you grant us access to

You should only access the Services within a secure environment.

IX. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: In some regions, such as the European Economic Area and California, you have rights that allow you greater access to and control over your personal information.

Depending on your location and applicable laws, you may have the following rights regarding your personal data:

Universal Rights (All Users)

Right of Access:

You have the right to receive a copy of the personal information we hold about you
You can verify that we are lawfully processing your data
Request available within 30 days of request
We will provide information in a structured, commonly used format

Right to Correction:

You may request that incomplete or incorrect information be corrected or supplemented
We will update inaccurate information promptly
You can update some information through your account settings

Right to Deletion (“Right to be Forgotten”):

You can request deletion of your personal information
Subject to legal retention requirements (see Section VII)
We will delete data when no longer needed for legitimate purposes
Some data may be retained in backup systems temporarily
Some data must be retained for legal compliance

Right to Limit Processing:

You can request that we temporarily or permanently stop processing your personal data
May affect our ability to provide certain services
We will honor requests except where processing is required by law

Right to Data Portability:

You can request a copy of your personal data in a structured, commonly used format
You can request transfer to another service provider (where technically feasible)
Applies to data you provided to us
Includes campaign data, analytics, and account information

Right to Object to Processing:

You can object to processing of your personal data for certain purposes
Particularly for direct marketing (see opt-out options)
We will cease processing unless we have compelling legitimate grounds

Right to Withdraw Consent:

You have the right to withdraw previously granted consent
Withdrawal does not affect processing that occurred before withdrawal
May affect our ability to continue providing certain services
Can be done by contacting privacy@digitalvisibilityconcepts.com

GDPR Rights (EEA Residents)

If you are a resident of the European Economic Area (EEA), you have additional rights under GDPR:

Right to Lodge Complaint:

You can complain to your local data protection supervisory authority
Contact details available at: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
You can also contact us first to try to resolve the issue

Right Regarding Automated Decision-Making:

Right to request human intervention in automated decisions
Right to express your point of view
Right to contest the decision
Applies to services involving automated decision-making or profiling (lead scoring, etc.)

Data Protection Officer:

You can contact our privacy team at privacy@digitalvisibilityconcepts.com
We will respond to all GDPR requests within one month
May extend by two additional months for complex requests (with notice)

California Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: You may request that we disclose:

The categories of personal information we have collected about you
The categories of sources from which personal information is collected
The business or commercial purpose for collecting or selling your personal information
The categories of third parties with whom we share personal information
The specific pieces of personal information we have collected about you
Categories of personal information disclosed for business purposes

Right to Delete:

Request deletion of personal information we have collected from you and retained
Subject to certain exceptions (legal obligations, fraud prevention, etc.)
We will notify third parties of deletion requests where applicable
Some information must be retained for legal compliance

Right to Correct:

Request correction of inaccurate personal information (added by CPRA)
We will use commercially reasonable efforts to correct information
Will verify your identity before making corrections

Right to Opt-Out of Sale:

We do NOT sell personal information as defined by CCPA/CPRA
This right is therefore not applicable, but we include it for transparency
We will never sell your personal information without explicit consent

Right to Limit Use of Sensitive Personal Information:

Request to limit use and disclosure of sensitive personal information
Sensitive information includes financial account information, precise geolocation, login credentials
We use sensitive information only as necessary to provide services

Right to Non-Discrimination:

We will not discriminate against you for exercising any CCPA/CPRA rights
You will not be denied services, charged different prices, or provided different quality of service
We will not suggest you may receive different pricing for exercising rights

Authorized Agents:

You may designate an authorized agent to make requests on your behalf
Agent must provide written authorization from you
We may require you to verify your identity directly
Must provide agent’s contact information

Shine the Light Law:

California residents can request information about disclosure of personal information to third parties for direct marketing
We do not share information for third-party direct marketing purposes
Request available once per year

Florida Residents

If you are a Florida resident, you may have additional rights under the Florida Information Protection Act (FIPA) and other state laws. Florida residents can exercise the rights described in this section.

Making Privacy Rights Requests

How to Exercise Your Rights:

To exercise any of these rights, please contact us at:

Email: privacy@digitalvisibilityconcepts.com (put “Privacy Rights Request” in subject line)
Mail:
Brilliant Ideas Consulting Inc. d.b.a. Digital Visibility Concepts
Attn: Privacy Rights Request
9702 SW 83rd Way
Gainesville, FL 32608

Information We Need:

Your full name and contact information
Company name (if business client)
Email address associated with your account
Specific right you wish to exercise
Details of your request
Verification information (to confirm your identity)

Verification Process:

We must verify your identity before responding to requests
May require additional information or documentation
Verification requirements vary based on sensitivity of request
For California residents: may require 2-3 pieces of information to verify
We will only use verification information to confirm identity

Response Timeline:

We will respond to your request within 30 days (GDPR, CCPA)
May extend by additional 30-60 days for complex requests (with notice)
Will provide explanation if we cannot fulfill request
Will confirm receipt of request within 10 business days

No Fee for Requests:

We do not charge a fee for making privacy rights requests
May charge reasonable fee for manifestly unfounded or excessive requests
May refuse to act on manifestly unfounded or excessive requests
Will explain basis for any fees or refusals

Cookies and Tracking Opt-Out

Cookie Management:

Most web browsers are set to accept cookies by default
You can set your browser to remove cookies and reject cookies
If you remove or reject cookies, some features may not work properly
Visit http://www.aboutads.info/choices/ to opt-out of interest-based advertising
Use browser privacy settings and extensions to manage tracking

Do Not Sell My Personal Information:

We do not sell personal information
You do not need to opt-out of sales
We include this for California residents’ awareness

Marketing Opt-Out:

Email: Click unsubscribe links or email optout@digitalvisibilityconcepts.com
Phone: Call (800) 589-7346 to opt-out of marketing calls
Text: Reply STOP to opt-out of marketing texts
Does not affect essential service communications

X. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

Age Restrictions

Minimum Age Requirement:

Our Services are not directed to individuals under 18 years of age
We do not knowingly solicit data from or market to children under 18
By using the Services, you represent that you are at least 18 years old
If you are under 18, you must have parent or guardian consent to use Services

Parental Consent:

If you are a parent or guardian and consent to your minor dependent’s use of the Services
You agree to be responsible for your minor dependent’s use
You accept responsibility for all actions taken by the minor
You are responsible for monitoring minor’s use of Services

If We Learn of Minor Data Collection

Our Response: If we learn that personal information from users less than 18 years of age has been collected:

We will deactivate the account immediately
We will take reasonable measures to promptly delete such data from our records
We will cease processing the minor’s data
We will not use the information for any purpose
We will investigate how the information was collected

Notification: If you become aware of any data we have collected from children under age 18, please contact us immediately at:

Email: privacy@digitalvisibilityconcepts.com
Subject line: “Minor Data Collection Concern”
Include: Child’s name, age, and how data was collected

We will investigate and take appropriate action within 48 hours.

XI. CONTROLS FOR DO-NOT-TRACK FEATURES

Current Status: Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected.

No Uniform Standard: At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

Future Changes: If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.

Alternative Privacy Controls: While we don’t respond to DNT signals, you can:

Manage cookies through your browser settings (see Section VI)
Opt-out of interest-based advertising at http://www.aboutads.info/choices/ or http://www.networkadvertising.org/choices/
Adjust your marketing communication preferences
Use privacy-focused browser extensions (Privacy Badger, uBlock Origin, etc.)
Use browsers with enhanced privacy features (Brave, Firefox with tracking protection)
Disable third-party cookies in browser settings

XII. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information.

California Consumer Privacy Act (CCPA) Rights

California Civil Code Section 1798.100 et seq., also known as the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants California residents specific rights regarding their personal information.

Right to Know: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months, including:

The categories of personal information we collected about you
The categories of sources from which the personal information was collected
Our business or commercial purpose for collecting or selling personal information
The categories of third parties with whom we share personal information
The specific pieces of personal information we collected about you
If we disclosed personal information for business purposes: categories disclosed and recipients

Right to Delete: You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions:

Information necessary to complete a transaction or provide requested services
Information necessary to detect security incidents or protect against fraud
Information necessary to debug or repair errors
Information necessary to exercise free speech or comply with law
Information necessary for internal uses reasonably aligned with consumer expectations
Campaign data necessary for performance reporting and ROI analysis

Right to Correct: You have the right to request correction of inaccurate personal information that we maintain about you.

Right to Opt-Out of Sale or Sharing:

We do NOT sell personal information as defined by CCPA/CPRA
We do NOT share personal information for cross-context behavioral advertising
Therefore, no opt-out is necessary, but this right is available if our practices change

Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to:

Purposes necessary to perform services reasonably expected by consumers
Purposes specified in CCPA regulations

We collect and use sensitive personal information (financial account numbers, login credentials) only as necessary to provide our digital marketing and lead generation services.

Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. This means we will not:

Deny you goods or services
Charge you different prices or rates
Provide you a different level or quality of goods or services
Suggest that you may receive a different price or level of quality

How to Exercise Your CCPA/CPRA Rights:

Making a Request: To exercise your CCPA/CPRA rights, please contact us at:

Email: privacy@digitalvisibilityconcepts.com
Phone: (800) 589-7346
Mail:
Brilliant Ideas Consulting Inc. d.b.a. Digital Visibility Concepts
Attn: California Privacy Rights
9702 SW 83rd Way
Gainesville, FL 32608

Verification: Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.

We must verify your identity before responding to your request. Verification requirements include:

Matching information you provide with information we have on file
May require government-issued ID for sensitive requests
For authorized agents: written authorization from consumer plus proof of agent registration
Must verify agent’s authority to act on your behalf

Response Timeline:

We will confirm receipt of your request within 10 business days
We will respond to your request within 45 days
May extend response by additional 45 days if necessary (with notice to you)
If we cannot fulfill your request, we will explain why

Frequency:

You may make verifiable consumer requests up to twice in a 12-month period
We are not required to respond to requests more than twice annually

California “Shine the Light” Law

California Civil Code Section 1798.83: California residents who have an established business relationship with us may request information about whether we have disclosed personal information to third parties for their direct marketing purposes.

Our Practice: We do NOT share personal information with third parties for their direct marketing purposes without your explicit consent. Therefore, you do not need to make a “Shine the Light” request.

If You Want to Confirm: If you are a California resident and would like to make such a request, please submit your request in writing to:

Email: privacy@digitalvisibilityconcepts.com
Subject: “Shine the Light Request”

California Minors

If you are under 18 years of age, reside in California, and have a registered account with the Services, you have the right to request removal of unwanted data that you publicly post on the Services.

To Request Removal:

Contact us at privacy@digitalvisibilityconcepts.com
Include the email address associated with your account
Include a statement that you reside in California
We will ensure the data is not publicly displayed
Note: Data may not be completely removed from all systems (backups, etc.)
We may retain data for legal compliance purposes

XIII. INTERNATIONAL DATA TRANSFERS

In Short: Your personal information may be transferred to and processed in countries other than your country of residence, including the United States.

Data Transfer Locations

Server Locations: Our servers are primarily located in the United States. When you use our Services, your personal information may be:

Stored on servers in the United States
Processed by our team in the United States and India (development support team)
Accessed by third-party service providers operating globally
Transmitted to ad platforms and analytics services (Google, Facebook, etc.)

Cross-Border Transfers: If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including personal information, to the United States and process it there.

Data Protection for International Transfers

Different Laws: Countries outside your residence may have data protection laws that are different from the laws of your country. However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Policy.

Safeguards for EEA Transfers: For transfers of data from the European Economic Area (EEA) to countries outside the EEA, we use:

Standard Contractual Clauses (SCCs):

Approved by the European Commission
Provide appropriate safeguards for personal data transfers
Ensure equivalent level of protection as required by GDPR
Create enforceable rights for data subjects
Binding on all parties involved in data transfer

Adequacy Decisions:

Where possible, we transfer data to countries with adequacy decisions from the European Commission
These countries are deemed to provide adequate level of data protection
Currently includes limited countries (not including US)

Additional Safeguards:

Technical and organizational measures to protect data
Encryption during transmission and storage
Access controls and authentication requirements
Regular security assessments of transfer recipients
Contractual obligations on data recipients

Your Rights for International Transfers

EEA Residents: If you are in the EEA, you have the right to:

Obtain information about safeguards in place for your data transfers
Request copies of Standard Contractual Clauses
Lodge complaints with your local supervisory authority
Contact us at privacy@digitalvisibilityconcepts.com for more information about our transfer mechanisms

UK Residents: Following Brexit, transfers from the UK are governed by UK GDPR and UK adequacy regulations. We comply with UK data transfer requirements.

Data Processing Locations by Service

SEO Services:

Primary processing: United States
Data analysis and reporting: United States
Backlink analysis: May involve third-party global services
Content creation: United States

PPC Management:

Primary processing: United States
Ad platforms: Google (US), Facebook (US), Microsoft (US)
Performance tracking: United States
Campaign optimization: United States

Social Media Management:

Primary processing: United States
Platform APIs: Facebook (US), Instagram (US), LinkedIn (US), Twitter (US)
Content creation: United States
Graphics design: United States or India (contractors)

Web Development:

Primary design: United States
Development support: May involve India team (under strict confidentiality)
Hosting: United States (AWS, DigitalOcean)
Testing and QA: United States

Lead Generation Services:

Primary processing: United States
Data scraping: United States
Skip-tracing: United States-based services
Lead delivery: United States

XIV. THIRD-PARTY SERVICES AND INTEGRATIONS

In Short: We integrate with various third-party services to provide and enhance our Services. These third parties have their own privacy policies.

Third-Party Service Providers

Google Services:

Google Analytics: https://policies.google.com/privacy
Google Ads: https://policies.google.com/privacy
Google Search Console: https://policies.google.com/privacy
Gmail/Google Workspace: https://policies.google.com/privacy
Google Tag Manager: https://policies.google.com/privacy
We access these services with your authorization
Google’s privacy policy applies to their services
We do not control Google’s data practices

Facebook/Meta Services:

Facebook Ads: https://www.facebook.com/privacy/explanation
Instagram: https://www.facebook.com/privacy/explanation
Facebook Pixel: https://www.facebook.com/privacy/explanation
We access these services with your authorization
Meta’s privacy policy applies to their services
We do not control Meta’s data practices

Other Platforms:

Microsoft Advertising: https://privacy.microsoft.com/
LinkedIn: https://www.linkedin.com/legal/privacy-policy
Twitter/X: https://twitter.com/en/privacy
Mailchimp: https://www.intuit.com/privacy/statement/
Each platform has its own privacy policy
We recommend reviewing their privacy practices

Website Analytics and Optimization:

Hotjar: https://www.hotjar.com/legal/policies/privacy/
Google Analytics: https://policies.google.com/privacy
Crazy Egg: https://www.crazyegg.com/privacy
These providers may collect data about your Website usage

Payment Processors:

We use PCI-DSS compliant payment processors for credit card transactions
Stripe: https://stripe.com/privacy
Square: https://squareup.com/us/en/legal/general/privacy
Payment processor privacy policies apply to payment data
We do not store complete credit card numbers or CVV codes
Payment data is tokenized for security

Hosting and Infrastructure:

Amazon Web Services (AWS): https://aws.amazon.com/privacy/
DigitalOcean: https://www.digitalocean.com/legal/privacy-policy
Cloudflare: https://www.cloudflare.com/privacypolicy/
Other cloud providers with appropriate security certifications

Email and Communication Platforms:

Email services (Google Workspace, Microsoft 365)
SMS/text messaging services (Twilio, etc.)
Video conferencing platforms (Zoom, Microsoft Teams, Google Meet)
Provider privacy policies apply to communications through their platforms

Lead Generation Data Sources:

Legacy.com: https://www.legacy.com/privacy-policy/
Skip-tracing services (TLOxp, LexisNexis)
Public records databases
Court filing systems
Each source has its own privacy policy and terms of service

Your Control Over Third-Party Integrations

Authorization Required:

We will not access third-party services without your explicit authorization
You can revoke access at any time through your account settings or by contacting us
Revoking access may limit our ability to provide certain services
Some services require ongoing access to function properly

Review Third-Party Policies: We encourage you to review the privacy policies of any third-party services you use in connection with our Services. We are not responsible for the privacy practices of these third parties.

Data Shared with Third Parties: When you authorize integrations, the following types of data may be shared:

Google Analytics: Website traffic data, user behavior, conversion events
Google Ads: Campaign performance, conversion data, audience insights
Facebook/Instagram: Ad performance, audience data, pixel events
Social Media Platforms: Posts, engagement data, follower information
Payment Processors: Payment amount, date, method
Hosting Providers: Website files, databases, email accounts

XV. DO WE MAKE UPDATES TO THIS POLICY?

In Short: Yes, we will update this policy as necessary to stay compliant with relevant laws and reflect changes to our practices.

Policy Updates

Regular Reviews: We may update this Privacy Policy from time to time for reasons including:

Changes to our Services or business practices
Changes in applicable privacy laws or regulations
Enhancements to security measures
Addition of new features or services
Feedback from privacy regulators
Industry best practice updates
Changes to third-party service providers

Effective Date: The updated version will be indicated by an updated “Last Updated” date at the top of this Privacy Policy. The updated version will be effective as soon as it is accessible.

Notification of Material Changes

Material Changes: If we make material changes to this Privacy Policy that significantly affect your rights, we may notify you by:

Prominently posting a notice of such changes on our Website
Sending you an email notification to the email address on file
Displaying an in-app notification when you log in to client portal
Requiring acknowledgment of updated policy before continued use
Providing reasonable notice period before changes take effect

Examples of Material Changes:

New ways we collect personal information
Changes to how we share personal information with third parties
Changes to your privacy rights
Changes to data retention periods
New uses of sensitive personal information
Changes to international data transfers
Changes to security practices

Non-Material Changes: For non-material changes (such as clarifications, formatting updates, or administrative updates), we will simply update the policy and adjust the “Last Updated” date.

Your Continued Use

Acceptance of Changes: We encourage you to review this Privacy Policy frequently to stay informed of how we are protecting your information. Your continued use of the Services after we post changes constitutes your acceptance of the updated Privacy Policy.

If You Disagree: If you do not agree to the updated Privacy Policy, you must stop using our Services and contact us to:

Close your account (subject to outstanding obligations)
Request deletion of your personal information (subject to legal retention)
Terminate active service agreements per contract terms

Version History

Current Version: 1.0 (November 10, 2025)
Previous Version: N/A (Initial version)

This is the initial version of our Privacy Policy.

Future updates will include a summary of major changes and version history for transparency.

XVI. EXTERNAL LINKS

In Short: Our Website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites.

Third-Party Websites

Links on Our Website: Our Website may display links to third-party websites, including:

Client websites (portfolio examples)
Industry resources and tools
Platform login pages (Google Ads, Facebook Ads, etc.)
Partner services and integrations
Educational content and blogs
Social media platforms
Professional associations
Technology vendors

Not Our Responsibility: Unless these other websites are affiliated with Digital Visibility Concepts, we are not responsible for:

The privacy policies these other websites use
The content displayed on external sites
The security practices of external sites
Data collection by external sites
Transactions conducted on external sites
Third-party advertising or tracking

Your Responsibility: We advise you to:

Read the privacy policies on external websites before providing personal information
Understand the terms of service for external websites
Be cautious about what information you provide to third parties
Review security indicators (HTTPS, security certificates, trust seals)
Verify legitimacy of websites before entering credentials

No Endorsement: The presence of a link to an external website does not constitute an endorsement by Digital Visibility Concepts. We provide links for convenience and informational purposes only.

Social Media

Social Media Platforms: We maintain presence on various social media platforms:

Facebook: https://facebook.com/digitalvisibilityconcepts
LinkedIn: https://linkedin.com/company/digitalvisibilityconcepts
Twitter/X: https://twitter.com/dvc_marketing
YouTube: (if applicable)
Instagram: (if applicable)

Platform Privacy Policies: When you interact with us on social media:

The platform’s privacy policy governs data collection
We may see public information you share
Platform may share limited information with us
Your privacy settings on the platform control what we see
We cannot control platform data practices

User-Generated Content: If you post comments or reviews about our Services on social media or review sites:

Your post is governed by the platform’s terms
We may reference or share positive reviews (with attribution)
Your post may be publicly visible depending on platform settings
We may respond to reviews publicly or privately

XVII. HOW CAN YOU CONTACT US ABOUT THIS POLICY?

If you have questions or comments about this Privacy Policy, or if you wish to exercise your privacy rights, please contact us using the information below:

Contact Information

Privacy Team (For Privacy Rights and Data Requests):

Email: privacy@digitalvisibilityconcepts.com
Subject Line: Include “Privacy Rights Request” or specific nature of inquiry

General Inquiries:

Email: info@digitalvisibilityconcepts.com
Phone: (800) 589-7346
Website: https://digitalvisibilityconcepts.com/contact

Mailing Address:

Brilliant Ideas Consulting Inc. d.b.a. Digital Visibility Concepts
Attn: Privacy Officer
9702 SW 83rd Way
Gainesville, FL 32608
United States

Business Hours:

Monday-Friday: 9:00 AM – 6:00 PM EST
Saturday-Sunday: Closed (emergency support available for Enterprise hosting clients)

Response Timeline

General Inquiries:

We will respond to general privacy questions within 5 business days

Privacy Rights Requests:

We will confirm receipt within 10 business days
We will provide substantive response within 30 days
May extend by additional 30 days for complex requests (with notice)
Will explain if we cannot fulfill request

Data Breach Concerns:

Report suspected data breaches immediately to privacy@digitalvisibilityconcepts.com
Include “URGENT: Security Concern” in subject line
We will respond within 24 hours
Will investigate and take appropriate action

Complaints and Escalation

If You’re Not Satisfied: If you are not satisfied with our response to your privacy concern:

United States Residents:

File complaint with Federal Trade Commission (FTC): https://www.ftc.gov/
Contact your state Attorney General’s consumer protection division
Contact Florida Department of Agriculture and Consumer Services: 1-800-HELP-FLA (435-7352)

California Residents:

California Attorney General’s Office: https://oag.ca.gov/
California Privacy Protection Agency: https://cppa.ca.gov/

European Economic Area Residents:

Contact your local data protection supervisory authority
Directory: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

Industry Resources:

Better Business Bureau: https://www.bbb.org/
Direct Marketing Association: https://thedma.org/

APPENDIX: GLOSSARY OF TERMS

Personal Information/Personal Data: Any information relating to an identified or identifiable individual.

Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.

Data Controller: The entity that determines the purposes and means of processing personal data. Digital Visibility Concepts is the data controller for information we collect.

Data Processor: An entity that processes personal data on behalf of the data controller (e.g., our third-party service providers).

Sensitive Personal Information: Information that reveals sensitive characteristics such as financial account information, precise geolocation, login credentials, or Social Security Numbers.

PCI-DSS: Payment Card Industry Data Security Standard, a set of security requirements for handling credit card information.

GDPR: General Data Protection Regulation, European Union regulation governing data privacy.

CCPA: California Consumer Privacy Act, California law governing consumer privacy rights.

CPRA: California Privacy Rights Act, amendments to CCPA providing additional protections.

Cookies: Small data files stored on your device by websites you visit.

Encryption: The process of encoding information so only authorized parties can read it.

Third Party: Any entity other than you and Digital Visibility Concepts.

Data Breach: Unauthorized access to or disclosure of personal information.

Anonymization: Process of removing personally identifiable information so data cannot be linked to an individual.

Pseudonymization: Processing personal data so it can no longer be attributed to a specific individual without additional information.

Data Subject: Individual whose personal data is being processed.

Supervisory Authority: Independent public authority responsible for monitoring application of GDPR (EEA only).

Lead Intelligence: Data about potential legal cases (probate, personal injury, divorce) sourced from public records.

Skip-Tracing: Process of locating contact information for individuals through various data sources.

Attribution: Process of identifying which marketing channels led to conversions or sales.

Remarketing: Advertising strategy that targets users who have previously visited your website.

DOCUMENT INFORMATION

Last Updated: November 10, 2025
Version: 1.0
Replaces: N/A (Initial version)

Document History:

Version 1.0: Initial Privacy Policy for all DVC service lines

Review Cycle: This Privacy Policy is reviewed annually and updated as needed to reflect changes in our practices or applicable laws.

Effective Date: This Privacy Policy is effective as of the date listed above and applies to all information collected before and after this date.

Scope: This Privacy Policy applies to:

Digital Visibility Concepts website (digitalvisibilityconcepts.com)
All DVC services (SEO, PPC, Social Media, Web Development, Hosting, Lead Generation, Direct Mail)
Client portals and dashboards
Email and other electronic communications
Phone and text message communications
In-person consultations and meetings

Language: This Privacy Policy is written in English. If translated into other languages, the English version controls in case of conflict.

This Privacy Policy is proprietary and confidential. No part may be reproduced or distributed without written permission.

END OF PRIVACY POLICY