Privacy Policy
Detailed disclosure of our data processing, security, and compliance frameworks.
1. Introduction
DonRight Agency ('we,' 'our,' or 'us') is committed to protecting your privacy. This policy outlines how we collect, process, and safeguard your data when using our platform.
2. Information We Collect
We collect professional identifiers including names, email addresses, business names, and website URLs. We also collect technical data such as IP addresses and browser configurations.
3. Purpose of Processing
Data is processed to provide SEO audits, manage your account, facilitate CRM communications, and improve our AI growth tools.
4. Data Infrastructure (Supabase)
Your data is stored securely using Supabase (a PostgreSQL-based cloud infrastructure). This includes encryption at rest and in transit.
5. Use of Third-Party APIs (Google)
We utilize Google PageSpeed Insights and Google Places APIs to analyze technical website metrics. Technical data from your site is shared with these services for processing.
6. CRM & Marketing Usage
By providing your email, you consent to its inclusion in our CRM. We use this to send audit reports, marketing insights, and platform updates. You may opt-out at any time.
7. GDPR Compliance (EEA Users)
For users in the European Economic Area, we process data under the legal basis of 'Legitimate Interest' for audits and 'Consent' for marketing.
8. CCPA Compliance (California)
Under the California Consumer Privacy Act, we disclose that we do not sell personal data to third-party brokers. California residents have the right to request data categories collected.
9. Right to Access
You have the right to request a machine-readable copy of all personal data held by DonRight Agency regarding your business identity.
10. Right to Erasure (Right to be Forgotten)
You may request the permanent deletion of your CRM record and audit history. We will process these requests within 30 days.
11. Data Retention Policy
We retain lead data as long as necessary to provide services or until a deletion request is made. Inactive audit reports may be archived after 24 months.
12. Cookies and Tracking
We use cookies to maintain your dashboard session and track tool performance. These are essential for the security and functionality of the growth engine.
13. Information Security
We implement industry-standard security protocols to prevent unauthorized access, alteration, or disclosure of your business data.
14. International Data Transfers
Your information may be processed in countries outside your residence. We ensure all data processors comply with standard contractual clauses.
15. Sharing with Third Parties
We do not share your data with third parties except for essential infrastructure providers (Supabase, Resend, Google) necessary to deliver our services.
16. Automated Decision Making
Our AI 'Dona' uses automated logic to suggest growth strategies. These are recommendations and do not have legal effects on your business standing.
17. Children's Privacy
Our services are intended for business owners and individuals over 18. We do not knowingly collect data from children.
18. Opt-Out Procedures
Every marketing email includes an 'Unsubscribe' link. Opting out of marketing does not remove your access to technical audit reports.
19. Policy Modifications
We reserve the right to update this policy. Material changes will be notified via the email address associated with your account.
20. Contact Information
For privacy inquiries or to exercise your data rights, contact our Data Protection Officer at privacy@donright.pro.
Last updated: March 20, 2026 • DonRight Agency B2B Framework