Privacy Policy

We prioritize data minimization and technical transparency. This policy outlines our privacy-first web architecture and your data rights.

Last Updated: February 17, 2026

1. Data Collection

We collect personal data only when strictly necessary for service delivery or technical performance monitoring.

  • Identity: Name, business entity, and website URL provided via audit forms.
  • Contact: Email address and phone number for direct stewardship communication.
  • Transaction: Billing details processed exclusively through PCI-compliant providers (Stripe).
  • Technical: IP address and browser signatures, processed anonymously unless explicit consent is granted.

2. Usage Protocols

Data is utilized exclusively to:

  • Maintain and optimize your high-velocity digital infrastructure.
  • Execute requested technical performance audits.
  • Verify identity for secure access to technical assets.
  • Monitor site health and prevent malicious automated activity.

3. Third-Party Sharing

We do not sell personal data. Information is shared only with infrastructure partners required for service execution:

  • Stripe: Payment vaulting and processing.
  • Netlify/Vercel: Encrypted form handling and static hosting.
  • Google Analytics: Performance tracking (Active only upon explicit user consent).

4. Cookies & Consent Mode v2

This site implements Google Consent Mode v2. Our technical configuration enforces the following privacy-first logic:

  • Default Denied: All tracking, advertising, and analytics cookies are strictly disabled upon initial load.
  • Zero Pre-Consent Ping: No data is transmitted to Google or third-party servers before user interaction with the consent banner.
  • Revocation: Users may clear browser cookies at any time to reset their consent state.

5. Technical Security

We implement hardened security measures, including 256-bit SSL encryption, environment variable isolation, and automated dependency patching to protect data from unauthorized access or exfiltration.

6. Your Rights

Under GDPR, CCPA, and similar frameworks, you have the right to access, rectify, or request the permanent deletion of your data. Requests are processed within 30 days.

7. Contact Authority

For data inquiries or to exercise your rights, contact our technical partners:

Email: support@canyonpasspartners.com