Privacy Policy

1. Who We Are

Cedar Digital is a web design and development agency based in Washington State. We build and maintain websites for small businesses in the Greater Seattle area.

2. What Information We Collect

Information You Give Us

Contact form submissions. When you fill out the contact form on our website, we collect:

• Your name
• Your email address
• Your phone number (optional)
• Your business name (optional)
• Your message

This data is submitted directly to our workflow automation system (n8n) via a secure webhook. We do not store contact form submissions in a database on cedardigital.ai itself.

Intake questionnaires (clients only). After signing a contract and paying your deposit, we send you a link to an intake questionnaire hosted on Tally. Through that form, we collect detailed information about your business, including:

• Business name, description, services, and contact information
• Branding materials (logo, color preferences)
• Photos and other media files you upload
• Website inspiration links
• Other business details needed to build your site

This information is provided voluntarily and is used exclusively to design and build your website.

Email communications. When you email us or reply to an email from us, we retain those communications as part of your project record.

Information Collected Automatically

Website analytics. We use Cloudflare Web Analytics to understand how visitors use cedardigital.ai. This tool is cookieless -- it does not set tracking cookies, does not track individual users across sessions or sites, and does not collect personally identifiable information. The data we see is aggregated: page views, referrer sources, device types, and approximate geographic location at the country or region level. No individual user profile is built.

Server logs.Like all web servers, Cloudflare's infrastructure automatically records certain technical data when you visit our site: IP address, browser type, pages visited, and timestamp. We do not use this data for marketing or profiling. It is retained by Cloudflare per their infrastructure practices and used only for security and operational purposes.

Information Collected Through Third-Party Embeds

Calendly. Our contact page may include a Calendly booking widget. If you use it to schedule a call, Calendly collects your name, email, and the details of your appointment. Calendly may set cookies in your browser.

Stripe. When you make a payment, payment processing is handled entirely by Stripe. Cedar Digital does not store your credit card number, CVV, or full bank account details on our servers. Stripe collects and processes payment information directly.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Responding to your contact form inquiry
• Delivering website design and development services
• Communicating project updates and milestone notifications
• Processing payments and managing billing
• Sending service-related emails (draft reviews, launch confirmations, monthly reports)
• Improving our website based on aggregate analytics
• Complying with legal obligations

We do not use your information for targeted advertising, behavioral profiling, or any purpose unrelated to delivering our services or running our business.

A Note on AI Tools

Cedar Digital uses artificial intelligence tools as part of our development, design, content creation, and quality assurance processes (including the Claude API by Anthropic). When we build your website, your project details -- such as business descriptions, service lists, and other information from your intake questionnaire -- may be processed by these AI tools to generate content, code, or design elements. AI-generated output is always reviewed by a human before delivery.

We do not submit your sensitive personal information (payment details, government IDs, private communications) to AI tools. We do not use client project data to train external AI models. Any AI provider we use is bound by data processing agreements that restrict how they may use the data we send them.

4. How We Share Your Information

We do not sell your personal information.

We share information with third parties only in these circumstances:

Service providers. We use a limited number of vendors to run our business. Each receives only the data they need to perform their function:

Legal requirements. We may disclose information if required by law, court order, or government regulation, or if we believe in good faith that disclosure is necessary to protect our rights, prevent fraud, or protect the safety of any person.

Business transfer. If Cedar Digital is ever sold, merged, or acquired, client data would transfer to the new entity as part of that transaction. We would notify affected clients before such a transfer and before any new privacy policy takes effect.

5. Cold Email Outreach

If you are a small business owner in the Greater Seattle area who received an unsolicited email from Cedar Digital, here is how that happened:

We identify businesses that may benefit from our services through publicly available sources (such as Google Maps, business directories, and similar listings). Your business name and publicly listed contact information was found through one of these sources and added to our outreach system.

Cold outreach emails are sent through Instantly.ai from dedicated sending domains (not cedardigital.ai). Every outreach email includes:

• A clear identification of who is contacting you (Cedar Digital, Jeffrey Raymond)
• The nature of the communication (a commercial pitch)
• A physical mailing address
• A working unsubscribe link

If you click the unsubscribe link in any outreach email, your contact information is removed from our system immediately and permanently. We do not re-add unsubscribed contacts to new campaigns. We also maintain a suppression list across all sending domains to ensure you are not contacted again.

We do not purchase contact lists. We do not scrape personal email addresses. Our outreach targets business contact information that businesses have made publicly available for the purpose of being contacted by potential customers and partners.

This practice is governed by the CAN-SPAM Act and applicable Washington State law.

6. Cookies and Tracking

cedardigital.ai uses minimal cookies and tracking.

Because our own site and analytics are cookieless, we do not display a cookie consent banner for analytics purposes. If you use the Calendly booking widget or complete a payment through Stripe, those services operate under their own cookie policies.

7. Data Retention

We keep your data only as long as we need it.

After the applicable retention period, data is deleted from our systems and from any backups. If you request deletion before the end of a retention period, we will honor that request unless we are required to retain the data by law (for example, payment records for tax purposes).

8. Your Privacy Rights

Depending on where you live, you may have specific rights regarding your personal information. We respect these rights regardless of your location, because it is the right thing to do.

Washington State (Washington Privacy Act -- in effect since June 2025)

If you are a Washington State resident, you have the right to:

• Access -- know what personal information we hold about you
• Correction -- ask us to correct inaccurate personal information
• Deletion -- ask us to delete your personal information (subject to legal retention requirements)
• Data portability -- receive a copy of your personal information in a readable format
• Opt out -- opt out of the sale or sharing of your personal information (we do not sell or share data, but this right exists)
• No discrimination -- we will not treat you differently for exercising these rights

To exercise any of these rights, email us at [email protected] with "Privacy Request" in the subject line. We will respond within 45 days.

California (CCPA/CPRA)

If you are a California resident, you have similar rights to access, deletion, correction, and portability of your personal information, as well as the right to know what categories of data we collect and share, and the right to opt out of the sale of your personal information.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

To submit a California privacy request, contact us at [email protected].

European Union and UK (GDPR/UK GDPR)

If you are located in the EU or UK, you have rights under the GDPR including access, rectification, erasure, restriction of processing, data portability, and the right to object to certain processing. You also have the right to lodge a complaint with your local data protection authority.

Note: Cedar Digital is a small US-based business. We are unlikely to have significant EU visitor traffic, but we are committed to respecting these rights for any visitor, regardless of location.

How to Submit a Request

Email [email protected] with:

• "Privacy Request" in the subject line
• Your name and the email address associated with your data
• A description of your request

We will verify your identity before processing the request and respond within 45 days. If we need more time (up to 90 days total), we will let you know.

9. Children's Privacy

cedardigital.ai is a business-to-business service directed at adult small business owners. We do not knowingly collect personal information from anyone under the age of 13. If we learn that we have inadvertently collected data from a child under 13, we will delete it promptly. If you believe a child has submitted information to us, please contact us at [email protected].

10. Data Security

We take reasonable steps to protect the information we hold:

• All data transmitted to and from cedardigital.ai is encrypted via HTTPS/TLS
• Payment processing is handled entirely by Stripe, which is PCI DSS compliant
• Intake questionnaire data is stored by Tally under their security practices
• Our workflow automation server (n8n) is hosted on a private VPS with access controls
• Access to client data is limited to Jeffrey Raymond

We are a small business. We do not hold certifications such as SOC 2, ISO 27001, or HIPAA compliance, and we do not claim to. If your business has specific compliance requirements (e.g., healthcare, financial services), please discuss them with us before engaging our services.

No method of transmission over the internet is 100% secure. While we work to protect your data, we cannot guarantee absolute security.

11. Third-Party Links

Our website may contain links to client websites we have built, external tools, or other third-party sites. Once you leave cedardigital.ai, this privacy policy no longer applies. We are not responsible for the privacy practices of other websites.

12. Changes to This Policy

We may update this privacy policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. If we make a material change -- one that meaningfully affects how we handle your data -- we will notify active clients by email before the change takes effect.

We encourage you to review this policy periodically.

13. Contact Us

Questions, requests, or concerns about this privacy policy or how we handle your data:

We will respond to privacy-related inquiries within 5 business days.