Skip to main content

Privacy Policy

Effective Date: January 1, 2025
Last Updated: January 1, 2025

Crush Digital Atelier LLC ("we," "us," "our"), operating as Trailhead at trailheadmade.com, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website or use our services.

This policy complies with the Personal Information Protection and Electronic Documents Act (PIPEDA), Alberta's Personal Information Protection Act (PIPA), the California Consumer Privacy Act (CCPA), and incorporates GDPR principles for international visitors.

1. Information We Collect

1.1 Information You Provide

  • Contact Information: Name, email address, phone number, business name
  • Project Information: Project descriptions, business details, website content, images, branding materials
  • Payment Information: Processed securely by Stripe (we do not store full credit card numbers)
  • Communications: Messages sent through contact forms, email correspondence, support inquiries

1.2 Information Collected Automatically

  • Usage Data: Pages visited, time spent, click patterns, referral sources
  • Device Information: Browser type, operating system, device type, IP address
  • Cookies & Similar Technologies: Analytics cookies, session cookies, preference cookies (see our Cookie Policy)
  • Performance Metrics: Website load times, error logs, server analytics

2. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: Building and launching your website, providing hosting and maintenance, responding to inquiries
  • Payment Processing: Processing transactions, managing subscriptions, issuing invoices
  • Communication: Sending project updates, support responses, service announcements, renewal reminders
  • Marketing: Sending promotional emails (with your consent), showcasing portfolio work (with permission)
  • Analytics & Improvement: Understanding how visitors use our site, improving user experience, optimizing performance
  • Legal Compliance: Meeting tax obligations, responding to legal requests, enforcing our Terms of Service
  • Security: Detecting fraud, preventing abuse, protecting against security threats

3. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract Performance: Processing necessary to deliver services you've requested
  • Consent: Marketing communications, portfolio showcasing, optional cookies
  • Legitimate Interests: Analytics, security, fraud prevention, business operations
  • Legal Obligation: Tax compliance, legal discovery, regulatory requirements

4. How We Share Your Information

We share your information only as described below:

4.1 Service Providers

  • Hosting: Vercel (U.S.) - website hosting and deployment
  • Payment Processing: Stripe (U.S.) - secure payment processing
  • Email Services: Resend (U.S.) - transactional and marketing emails
  • Analytics: Google Analytics (U.S.) - website traffic and behavior analysis
  • Cloud Storage: Various providers for project file storage and backups

4.2 Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights, safety, or property.

4.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4.4 With Your Consent

We may showcase your website in our portfolio with your explicit permission. You can request removal at any time.

5. Data Retention

We retain your personal information for the following periods:

  • Active Clients: Duration of service relationship plus 7 years for tax/legal purposes
  • Inquiries (No Purchase): 2 years, then deleted unless you opt into marketing
  • Marketing Lists: Until you unsubscribe or request deletion
  • Project Files: 1 year after project completion, then archived or deleted
  • Analytics Data: 26 months (Google Analytics default retention)
  • Legal/Compliance Records: As required by law (typically 7 years)

6. Data Security

We implement industry-standard security measures:

  • Encryption: SSL/TLS encryption for data in transit, encryption at rest for sensitive data
  • Access Controls: Limited employee access, role-based permissions, multi-factor authentication
  • Secure Payment Processing: PCI-DSS compliant payment processing via Stripe
  • Regular Backups: Automated backups with encrypted storage
  • Monitoring: Security monitoring, intrusion detection, regular security audits

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

7. Data Breach Notification

In the event of a data breach that poses a real risk of significant harm, we will:

  • Notify affected individuals within 72 hours of discovering the breach (PIPEDA/GDPR requirement)
  • Report the breach to the Office of the Privacy Commissioner of Canada if required
  • Provide details about the breach, data affected, and steps we're taking to mitigate harm
  • Offer guidance on protective measures you can take

8. Your Privacy Rights

You have the following rights regarding your personal information:

Under PIPEDA/PIPA (Canada)

  • Access: Request a copy of your personal information we hold
  • Correction: Request correction of inaccurate or incomplete information
  • Withdrawal of Consent: Withdraw consent for marketing or non-essential processing
  • Complaint: File a complaint with the Office of the Privacy Commissioner of Canada

Under CCPA (California Residents)

  • Know: Request disclosure of data collected, sources, purposes, and third parties
  • Delete: Request deletion of your personal information (subject to exceptions)
  • Opt-Out: Opt out of sale of personal information (we do not sell your data)
  • Non-Discrimination: We will not discriminate against you for exercising your rights

Under GDPR (EU Visitors)

  • Access & Portability: Receive your data in a structured, machine-readable format
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion (right to be forgotten)
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time

To exercise any of these rights, contact us at:
Email: privacy@trailheadmade.com
We will respond within 30 days (45 days for CCPA requests).

9. Cross-Border Data Transfers

We are a U.S.-based company (Wyoming LLC). Your data may be transferred to and stored in the United States and other countries where our service providers operate.

These countries may have different data protection laws. By using our services, you consent to this transfer. We use contractual safeguards (Standard Contractual Clauses) where required to ensure adequate protection.

10. Cookies & Tracking Technologies

We use cookies and similar technologies to improve your experience. For detailed information, see our Cookie Policy.

You can control cookies through your browser settings and our cookie consent banner.

11. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Marketing Communications

We comply with Canada's Anti-Spam Legislation (CASL) and CAN-SPAM Act:

  • We only send marketing emails with your express or implied consent
  • Every email includes a clear unsubscribe link
  • We honor unsubscribe requests within 10 business days
  • Our emails clearly identify the sender (Trailhead / Crush Digital Atelier LLC)

To unsubscribe: Click the unsubscribe link in any email or contact privacy@trailheadmade.com

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting a notice on our website
  • Updating the "Last Updated" date at the top of this page
  • Sending an email to active clients (for significant changes)

Continued use of our services after changes constitutes acceptance of the updated policy.

14. Contact Us

For questions about this Privacy Policy or to exercise your privacy rights:

Crush Digital Atelier LLC

Operating as: Trailhead

Privacy Contact: privacy@trailheadmade.com

Website: trailheadmade.com

Canadian Address: Red Deer, Alberta, Canada
U.S. Registered Entity: Wyoming, USA

Regulatory Bodies:

  • Canada: Office of the Privacy Commissioner of Canada
    Website: priv.gc.ca
    Phone: 1-800-282-1376
  • California: California Attorney General's Office
    Website: oag.ca.gov/privacy
โ† Back to Home