Privacy Policy

Pithos Interactive is a digital strategy and brand identity agency based in Rogers City, Michigan. We provide services including web design, local search engine optimization, reputation management, and ongoing digital strategy retainers to premium local businesses.

This Privacy Policy applies to all services offered by Pithos Interactive, including our public website at pithosint.com, our client portal at clients.pithosint.com, and any direct communications between Pithos Interactive and prospective or active clients.

By using our website or engaging our services, you agree to the practices described in this policy.

We collect information in the following categories:

Information You Provide Directly

• Your name, business name, email address, and phone number when you contact us or complete a discovery form
• Business information such as your website URL, industry, current marketing presence, and goals
• Billing and payment details, processed securely through our payment processor (Stripe)
• Files, documents, logos, brand assets, or other materials you upload to our client portal
• Messages, notes, and communications exchanged via our client portal or email
• Signed service agreements and onboarding forms

Information Collected Automatically

• Browser type, device type, operating system, and IP address when you visit our website or portal
• Pages visited, time spent, referral source, and other usage data
• Login timestamps and activity within the client portal
• Cookies and similar tracking technologies (see Section 7)

Information from Third Parties

• Publicly available business data (Google Business Profile, review platforms) used to inform our audit and strategy process
• Referral information if you were referred to us through our referral program

Information collected is used exclusively to deliver, improve, and communicate about our services. Specific uses include:

• Creating and managing your client account and portal access
• Delivering contracted digital strategy, SEO, and design services
• Processing invoices and payments through our payment processor
• Sending service updates, performance reports, and announcements through the client portal
• Communicating via email or portal messaging about project status, deliverables, and strategy
• Generating performance metrics and growth reports tied to your engagement
• Improving the functionality and user experience of our website and portal
• Maintaining accurate records as required by applicable law

To operate our website and client portal, we use the following third-party service providers. Each is subject to their own privacy policy and data handling practices.

• Supabase. Database, authentication, and backend infrastructure hosting client data, portal records, and file storage on encrypted cloud infrastructure.
• Stripe. Payment processing. Pithos Interactive does not store your full credit card number. All payment data is transmitted directly to and stored by Stripe in accordance with PCI-DSS standards.
• Netlify. Hosting provider for our public website and client and admin portals. Site traffic and deployment logs may be retained by Netlify per their data policy.
• Resend. Transactional email delivery, used to send notifications, invoices, and portal alerts. Email metadata (recipient, timestamp, delivery status) is retained by Resend.

We select vendors who maintain reasonable security standards. However, we cannot guarantee the data practices of any third party and encourage you to review their respective privacy policies.

We do not share your personal information with outside parties except in the following limited circumstances:

• Service providers: As described in Section 4, we share data with vetted technology vendors solely to operate our services on your behalf
• Legal compliance: If required by law, court order, or governmental authority, we may disclose information as legally obligated
• Business transfer: If Pithos Interactive undergoes a merger, acquisition, or sale of assets, client data may transfer to the successor entity under equivalent privacy protections
• With your consent: We may share information in any other circumstance with your explicit written consent

We retain your personal information for as long as your client relationship is active, or as necessary to fulfill our legal, contractual, and accounting obligations.

• Active client data is retained for the full duration of the engagement.
• When you or we request account deletion, your portal access is locked immediately and your personal data is permanently anonymized after a 30-day grace period. During that window the request can be cancelled by contacting hello@pithosint.com.
• After anonymization, the following records are retained for four (4) years in accordance with California Revenue and Taxation Code §19530 and other applicable financial record-keeping rules: invoices, payment records, discount ledger entries, service line items, and signed contracts and agreements (Master Service Agreements, Statements of Work, addendums).
• Everything outside the financial retention list above (messages, uploaded documents, audit-log entries, calendar events, notifications, email send logs, onboarding intake) is permanently deleted at anonymization time.
• If you do not request deletion, inactive accounts and their associated records are reviewed and either re-engaged, archived, or anonymized at our discretion no later than four (4) years after the most recent invoice activity.

Our website and client portal use cookies and similar technologies to improve functionality and user experience. These include:

• Session cookies: Required for secure login and portal navigation. These expire when you close your browser.
• Preference cookies: Used to remember settings such as language and display preferences
• Analytics: We may use anonymized analytics to understand how visitors interact with our site. No personally identifiable information is tied to analytics data.

You may disable cookies in your browser settings. Doing so may impact the functionality of our client portal, including the ability to log in.

Depending on your location and applicable law, you may have the following rights regarding your personal information:

• Access. Request a copy of the personal data we hold about you.
• Correction. Request correction of inaccurate or incomplete information. Active clients can also update most personal details directly from the Settings page of the client portal.
• Deletion. Request deletion of your personal data. Active clients can initiate this from the Settings page; an admin can also initiate it on your behalf. Deletion is subject to the 30-day grace period and the financial retention rules described in Section 6.
• Portability. Request your data in a structured, machine-readable format.
• Objection. Object to certain types of data processing.
• Withdrawal of consent. Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us using the information provided in Section 13. We respond to verified requests within 45 days of receipt. Complex requests may take an additional 45 days; we will notify you in writing if so. California residents have additional rights described in Section 11.

Pithos Interactive's services are intended exclusively for business owners and professionals. The service is not directed to anyone under the age of 16, and we do not knowingly collect, sell, or share personal information from any individual under 16. If we become aware that a minor's data has been submitted, we will delete it promptly. If you believe a minor's data has been submitted, contact us at hello@pithosint.com.

We take reasonable and appropriate measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• All traffic to and from our public website and client portal is encrypted in transit using HTTPS (TLS).
• Passwords are hashed by our authentication provider and never stored in plain text. Two-factor authentication is available on administrator accounts and can be enabled on request for any client account.
• Access to client data is restricted by row-level security policies enforced at the database layer, so each client only sees their own records and admin-only data is never exposed to client sessions.
• Payment card data is handled exclusively by Stripe and never stored on Pithos Interactive systems.
• Audit-log entries are kept for sensitive operations (account creation, document signing, payment processing, configuration changes) so that any access or modification can be traced.

No system is perfectly secure. In the event of a personal data breach that creates a meaningful risk to your rights, we will notify you and any applicable regulator within the timeframes required by law.

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) gives you specific rights regarding your personal information. This section describes those rights and how to exercise them.

Categories of Information We Collect

In the 12 months preceding the effective date of this policy, we have collected the categories of personal information described in Section 2: identifiers (name, business name, email, phone, IP address), commercial information (services purchased, billing history), internet activity (portal usage, page visits), professional information (business details you share for our services), and audio/visual material if you upload brand assets. We collect this information from you directly, from your interactions with our portal, and from the third-party processors named in Section 4.

Sale or Sharing of Personal Information

We do not sell your personal information for money, and we do not share it for cross-context behavioral advertising. There is no opt-out required because there is no sale or share to opt out of.

Sensitive Personal Information

We do not use sensitive personal information (as defined by CPRA) for any purpose beyond what is necessary to provide the services you have requested. We do not infer characteristics about you, and we do not use sensitive information for profiling or advertising.

Your CCPA Rights

• Right to know. Request the specific pieces and categories of personal information we have collected about you, the sources, the business purposes for collection, and the categories of third parties with whom we share it.
• Right to delete. Request deletion of your personal information. Deletion is honored subject to the retention exceptions in Section 6 (financial records retained four years per California Revenue and Taxation Code §19530).
• Right to correct. Request correction of inaccurate personal information.
• Right to limit use of sensitive personal information. We do not use sensitive information beyond service delivery; this right is therefore already satisfied by default.
• Right to non-discrimination. We will not deny services, charge different prices, or provide a different quality of service because you exercised any of your rights under this section.
• Right to designate an authorized agent. You may submit a request through a verified authorized agent. We may ask the agent to provide written permission from you and to verify their own identity.

How to Submit a Request

Email hello@pithosint.com with the subject line "California Privacy Request" and tell us which right you would like to exercise. We will verify your identity using information already on file (such as your portal account email and a recent invoice number) and respond within 45 days. Complex requests may take an additional 45 days, in which case we will notify you in writing before the original 45-day window ends.

Shine the Light

California Civil Code §1798.83 (the "Shine the Light" law) lets California residents request a notice of any disclosures of personal information to third parties for those third parties' direct marketing purposes. We do not make such disclosures, so there is nothing to report under this section.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When material changes are made, we will update the "Last Updated" date at the top of this page and notify active clients via the client portal or email.

Your continued use of our services following any update constitutes acceptance of the revised policy. We encourage you to review this page periodically.

For any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us: