NexaGuard Generator

Privacy & Cookie Policy

Last updated: 18 February 2026

This Privacy & Cookie Policy ("Policy") explains how Acme Digital Services Inc. ("Acme Digital Services Inc.", "we", "us", or "our") collects, uses, discloses, and protects personal information when you use https://exampledigital.com and any related sites, apps, or services (together, the "Services"). If you have questions, contact us at [email protected].

Important: This Policy was generated with the NexaGuard Policy Generator based on your inputs. It is provided as a starting point only and does not constitute legal advice. You are responsible for reviewing, localising, and updating it with your legal advisors.

Who we are

Unless stated otherwise in a separate agreement, we act as the "controller" of personal information processed in connection with the Services. Where we provide services to an organisation that is itself a controller (for example, if you use our product in your own business), we typically act as that organisation's "processor" / "service provider" and our processing is governed by a separate data processing agreement.

Acme Digital Services Inc.

  • Address: 123 Innovation Drive Suite 400 San Francisco, CA 94105 United States
  • Website: https://exampledigital.com
  • Contact email: [email protected]
  • Data Protection Officer (DPO): Maria Thompson

Scope

This Policy applies to the Services that link to or reference it. It does not apply to third‑party websites, apps, products, or services that we do not control, even if they are linked from the Services. Their own privacy policies govern those services.

What we mean by "personal information"

"Personal information" (also called "personal data") means any information that identifies, relates to, describes, or could reasonably be linked to an identified or identifiable person. Some laws include specific categories (such as "sensitive" personal information); where relevant, we address those categories below.

Categories of information we collect

The personal information we collect depends on how you use the Services and the choices you make. We may collect:

Information you provide to us

  • Account information, such as name, username, password, and profile details you choose to add.
  • Payment and billing information, such as billing address and limited payment card details processed by our payment providers (we do not store full card numbers).
  • Communications, including emails, messages, and attachments you send to our support channels.
  • User‑generated content, such as posts, comments, uploads, or other content you submit through the Services.
  • Preferences and other information you choose to provide, such as survey responses, feedback, or settings in your account.

Information collected automatically

When you use the Services, we automatically collect certain information about your device and usage, for example:

  • Device and usage data, such as IP address, browser and device type, operating system, language, the pages you view, the features you use, and the time and date of your visits.
  • Analytics data about how you interact with the Services, which helps us understand adoption and performance.
  • Advertising and measurement data, such as identifiers and events used to measure or deliver advertising where permitted.
  • Approximate location, derived from your IP address, to provide the Services securely and reliably.

Information from partners and other sources

We may receive information about you from:

  • Payment providers, who send us confirmation of payments, fraud signals, and limited billing details.
  • Analytics and measurement providers, who help us understand how the Services are used in aggregate.
  • Advertising and marketing partners, who help us measure or improve campaigns or understand conversions.
  • Service providers, such as hosting, security, customer support, and email providers.
  • Public or third‑party sources, if you choose to make information publicly available (for example, public profiles or posts).

Sources of personal information

We collect personal information from:

  • You, when you choose to provide it or interact with the Services.
  • Your use of the Services, via cookies, SDKs, pixels, and similar technologies.
  • Third parties, such as vendors, service providers, partners, and public sources, as described above.

Cookies, similar technologies, and consent

We use cookies, pixels, SDKs, local storage, and similar technologies ("cookies") to operate, secure, and improve the Services.

  • Strictly necessary cookies, which are required for core functionality (for example, to log you in, route traffic, keep the Services secure, or remember your cookie choices).
  • Functional cookies, which remember your preferences and settings.
  • Analytics cookies, which help us understand how the Services are used and improve performance.
  • Advertising cookies, which are used (where permitted) to deliver, cap, and measure advertising.

You can manage your cookie preferences through our cookie banner or settings page (where available). Your browser may also allow you to block or delete cookies. Some features of the Services may not work properly without certain cookies.

Consent and NexaGuard CMP

Where required by law, our cookie banner and preference centre are powered by a consent management platform (CMP) such as NexaGuard CMP. The CMP explains the purposes and vendors that use cookies and similar technologies and allows you to:

  • Accept or reject optional categories of cookies;
  • Review and change your preferences at any time; and
  • Withdraw consent for future processing.

Where we participate in frameworks such as the IAB Transparency & Consent Framework (TCF) or use Google Consent Mode v2, your choices are transmitted to participating vendors through standardised signals so that they respect your preferences. We also honour Global Privacy Control (GPC) signals where applicable.

How we use personal information

We use personal information for the following purposes:

  • To provide, operate, and maintain the Services.
  • To create and manage accounts, authenticate users, and maintain account settings.
  • To process transactions, send invoices, and detect or prevent fraud.
  • To analyse usage of the Services, troubleshoot issues, and improve performance and features.
  • To personalise and measure advertising (where permitted), including frequency capping, attribution, and reporting.
  • To provide support and respond to requests, questions, and feedback.
  • To communicate with you about the Services, including security alerts, updates, and administrative messages.
  • To enforce our terms, prevent abuse, protect the Services and our users, and comply with legal obligations.
  • To perform any other purpose described at the time of collection, with your consent where required.

Legal bases (GDPR / UK GDPR)

If you are in the EEA or UK, we only process your personal data when we have a valid legal basis under the GDPR / UK GDPR. Depending on the context, this may include:

Contract

We process personal data where it is necessary to enter into or perform a contract with you, for example to provide the Services you request, manage your account, or process transactions.

Consent

For certain activities—such as placing optional cookies (for example analytics or advertising) or sending some marketing communications—we rely on your consent. You can withdraw your consent at any time using the tools provided in the Services or by contacting us. Withdrawing consent does not affect the lawfulness of processing before withdrawal.

Legitimate interests

We process personal data where it is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your interests or fundamental rights and freedoms. This includes operating, securing, and improving the Services, preventing abuse, and communicating with you about the Services.

Legal obligation

We process personal data where necessary to comply with our legal obligations, for example relating to tax, accounting, financial reporting, and responding to lawful requests from authorities.

Vital interests

In rare cases, we may process personal data to protect your vital interests or those of another person, such as in an emergency situation.

How we share personal information

We share personal information in the following circumstances:

  • With service providers that process data on our behalf to operate, secure, and support the Services (for example, hosting, storage, security, email, customer support, and monitoring).
  • With payment processors to process payments, manage subscriptions, and prevent fraud.
  • With analytics providers that help us understand usage and performance.
  • With advertising and marketing partners to deliver or measure campaigns where permitted by law and your preferences.
  • With professional advisors (such as lawyers, auditors, and insurers) under appropriate confidentiality obligations.
  • With authorities, regulators, and other parties where we believe it is necessary to comply with law, protect rights, safety, or security, or investigate suspected fraud or abuse.
  • In connection with a business transaction (such as a merger, acquisition, or asset sale). If such a transaction occurs, we will continue to protect personal information and provide any required notices.

We treat certain disclosures as a "sale" or "sharing" of personal information for cross‑context behavioural advertising as those terms are defined under California law. See the California privacy (CPRA) section below for more information about your rights and choices.

We do not allow our service providers to use personal information they process on our behalf for their own independent purposes, except where they are separately responsible for the information (for example, if you already have an account with them).

Data governance commitments

We implement and maintain privacy governance measures appropriate to the Services and the risks involved, including:

  • Data minimisation and purpose limitation, so we collect and use personal information only as needed for defined purposes.
  • Role-based access controls and internal confidentiality controls for staff and contractors.
  • Vendor due diligence and contractual controls for service providers that process personal information on our behalf.
  • Incident response procedures designed to detect, investigate, and respond to security events, including regulatory and user notifications where required by law.

International transfers

We may transfer, store, and process personal information in countries other than your own (for example, where our group companies, service providers, or partners are located). These countries may have different data protection laws than your country.

Where required, we use appropriate safeguards to protect transfers of personal data, such as Standard Contractual Clauses, other approved transfer mechanisms, or reliance on adequacy decisions. You can contact us for more information about these safeguards.

Data retention

We keep personal information only for as long as necessary to fulfil the purposes described in this Policy, including to comply with legal, accounting, or reporting obligations, resolve disputes, and enforce our agreements. Additional retention note: We retain personal information in accordance with documented retention schedules that reflect the nature of the data, the purposes of processing, and applicable legal requirements. Where no specific retention period applies, personal information is retained only for as long as reasonably necessary for business or legal purposes and is then securely deleted or anonymised.

Examples (which may vary depending on your use of the Services) include:

  • Account information: kept while you maintain an account and for a reasonable period thereafter.
  • Transaction data: retained as required by tax, payments, and financial reporting laws.
  • Support records: kept for a period to help us handle follow‑up requests and improve support.
  • Security logs: retained for a limited time to detect and investigate security incidents.

Your rights and choices

Depending on your location and subject to applicable law, you may have some or all of the following rights in relation to your personal information:

  • Access – request confirmation of whether we process your personal information and receive a copy.

  • Rectification – request that we correct inaccurate or incomplete personal information.

  • Deletion – request that we delete certain personal information.

  • Restriction – request that we restrict how we process your personal information.

  • Objection – object to our processing where we rely on legitimate interests, including for direct marketing.

  • Portability – request a copy of certain personal information in a structured, commonly used, and machine‑readable format.

  • Withdraw consent – where we rely on consent, withdraw it at any time without affecting the lawfulness of processing before withdrawal.

  • Lodge a complaint – complain to a data protection authority.

  • EEA: You can exercise your rights under the GDPR and lodge a complaint with your local supervisory authority.

  • UK: You can exercise your rights under UK GDPR and complain to the Information Commissioner’s Office (ICO).

  • California: You may have the right to know/access, correct, delete, opt out of sale/share, and limit the use and disclosure of sensitive personal information.

To exercise your rights, submit a request through one of the channels below:

  • Email: [email protected]
  • DSAR webform: https://exampledigital.com/privacy-request
  • Toll-free: +1 (800) 555-0123
  • Postal mail: Privacy Team Acme Digital Services Inc. 123 Innovation Drive Suite 400 San Francisco, CA 94105 United States

We may need to verify your identity or authority to act on someone else’s behalf. We will respond within the timeframe required by applicable law. Where available, you may also be able to review and update some information directly in your account settings.

For requests under GDPR / UK GDPR, we generally respond within one month, subject to lawful extensions. For California requests, we generally respond within 45 days, subject to lawful extensions.

California privacy (CPRA)

This section supplements the rest of the Policy for California residents and uses terms defined in the California Privacy Rights Act ("CPRA").

Categories of personal information

We may collect the following categories of personal information (depending on how you interact with the Services):

  • Identifiers, such as name, email address, IP address, and device identifiers.
  • Customer records and commercial information, such as account information, purchase or subscription history, and support interactions (payments are processed by our payment provider).
  • Internet or network activity information, such as browsing history, usage data, and interaction with the Services.
  • Geolocation data, such as coarse IP‑based location.
  • Inferences, such as preferences or segments used to improve the Services or personalise advertising where permitted.
  • Sensitive personal information, as defined by CPRA, which we process only as permitted by law and limit to the purposes described in this Policy.

Purposes of collection and use

We collect and use personal information for the business and commercial purposes described in the How we use personal information section, including providing and improving the Services, processing transactions, securing and debugging, and complying with law.

Disclosures for business purposes

We disclose personal information for "business purposes" to the categories of recipients described in the How we share personal information section (for example, service providers for hosting, security, analytics, support, and payments) and to professional advisors.

Selling and sharing for cross‑context behavioural advertising

We "sell" or "share" personal information for cross‑context behavioural advertising as those terms are defined by CPRA. You may opt out by using the "Do Not Sell or Share My Personal Information" link (where available) and by enabling Global Privacy Control (GPC), which we honour.

California privacy rights

California residents may have the rights to:

  • Request to know/access the categories and specific pieces of personal information we have collected about them;
  • Request correction of inaccurate personal information;
  • Request deletion of personal information, subject to certain exceptions;
  • Opt out of sale or sharing of personal information for cross‑context behavioural advertising (where applicable); and
  • Limit the use and disclosure of sensitive personal information, where those rights apply; and
  • Use an authorised agent to submit requests on your behalf, where permitted by law.

You can exercise these rights by contacting us at [email protected] and following the instructions we provide, or (where available) through self‑service privacy tools. We will not discriminate against you for exercising your rights.

US multi-state privacy addendum

This section supplements the rest of the Policy for US state privacy frameworks supported by NexaGuard CMP and reflected in your implementation.

Regimes covered

  • California (CPRA)
  • US National
  • Virginia (VCDPA)
  • Colorado (CPA)
  • Utah (UCPA)
  • Connecticut (CTDPA)
  • Montana (MCDPA)
  • Delaware (DPDPA)
  • Oregon (OCPA)
  • Texas (TDPSA)
  • Iowa (ICPA)
  • Indiana (ICDPA)
  • Minnesota (MCDPA)
  • New Jersey (NJDPA)
  • Tennessee (TIPA)
  • Maryland (MDPA/MODPA)
  • Kentucky (KCDPA)

Rights summary for applicable US states

Depending on applicable law and your state of residence, you may have rights to:

  • Confirm whether we process your personal information and request access to that information;
  • Correct inaccuracies in your personal information;
  • Delete personal information, subject to exceptions;
  • Obtain a portable copy of personal information where required; and
  • Opt out of targeted advertising, sale of personal information, or certain profiling activities.

Where applicable law requires it, you may appeal decisions relating to your privacy request by contacting us through the channels listed in this Policy.

Children’s privacy

Our Services may be used in contexts that involve children. Where required by law, we only process personal information about children with appropriate consent or another lawful basis and with additional safeguards. If you believe we have collected personal information from a child without the necessary consent, please contact [email protected] and we will take appropriate steps.

Automated decision‑making

We do not use automated decision‑making, including profiling, that produces legal or similarly significant effects about you without human involvement. If this changes in the future, we will update this Policy and provide any additional notices or choices required by law.

Do Not Track and Global Privacy Control

Some browsers send Do Not Track (DNT) signals. Because there is not yet a common standard for DNT, we do not respond to DNT signals. We do honour Global Privacy Control (GPC) signals where applicable, which we treat as a request to opt out of certain cookie categories and, in California, as a request to opt out of selling or sharing personal information.

Security

We use technical and organisational measures designed to protect personal information, such as encryption in transit, access controls, backups, and monitoring. However, no method of transmission over the internet or electronic storage is completely secure, so we cannot guarantee absolute security.

Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of the Policy and, where required, provide additional notice (for example, by displaying a prominent notice in the Services).

Subprocessors and key vendors (annex)

The following subprocessors and key vendors may process personal information on our behalf to deliver the Services:

  • Example Cloud Hosting LLC — Cloud Infrastructure (United States)

This annex may be updated from time to time as our service providers change.

Contact

If you have questions or requests regarding this Policy or our privacy practices, contact us using the details below:

  • Email: [email protected]
  • Address: 123 Innovation Drive Suite 400 San Francisco, CA 94105 United States
  • Data Protection Officer (DPO): Maria Thompson
  • DSAR webform: https://exampledigital.com/privacy-request
  • Toll-free: +1 (800) 555-0123
  • Postal mail: Privacy Team Acme Digital Services Inc. 123 Innovation Drive Suite 400 San Francisco, CA 94105 United States
Generated with NexaGuard Generator • Acme Digital Services Inc. • 2/18/2026, 8:33:17 PM