Privacy
Privacy Policy
Last updated: July 16, 2026
Mann.digital (“Mann Digital”, “we”, “us”) is a web design and AI automation studio based in Surrey, British Columbia, Canada. This policy explains what personal information we collect through manndigital.ca and our client portal, why we collect it, how we protect it, and the choices and rights you have under Canadian privacy law.
1. Scope and applicable law
We handle personal information in accordance with the Personal Information Protection and Electronic Documents Act(PIPEDA) and British Columbia’s Personal Information Protection Act(BC PIPA). Where clients or visitors are located in other provinces, we also take account of substantially similar provincial legislation, including Alberta’s PIPA and Quebec’s Act respecting the protection of personal information in the private sector (as amended by Law 25).
This policy covers our public website, our free tools (such as the website audit and Brand Studio), our AI chat assistant, and the Mann Digital client portal. It does not cover websites we design and operate for clients, which are governed by those businesses’ own privacy policies.
2. What we collect and why
We collect personal information only for identified purposes:
- Contact and lead forms — name, email address, and optionally phone number, business name, website URL, service interest, and your message. We use this to respond to your enquiry and prepare proposals. Name, email, and phone number are encrypted at rest in our database.
- Consultation bookings — the contact and scheduling details you provide when booking a call, used to confirm and hold the appointment.
- Client portal accounts — login email, authentication data, project files, messages, and briefs you share with us during an engagement, used to deliver the services you have contracted.
- Billing — invoicing and payment information processed through Stripe. We do not store full payment card numbers on our systems.
- Website analytics (consent-based only) — with your express permission, we record pages visited, time on page, referral source and UTM parameters, browser user agent, timezone, and approximate city-level location. We do not store your IP address. If you decline, no analytics tracking occurs.
- AI chat and free tools — with your permission, conversations with our website AI assistant, and the business details you submit to tools such as the website audit or Brand Studio, used to generate the output you requested and to follow up if you ask us to.
Your IP address is used transiently to rate-limit form submissions and protect the site against abuse; it is not written to our analytics records.
3. Consent
We rely on your consent, express or implied depending on the sensitivity of the information and the reasonable expectations of the situation. Analytics tracking and AI chat logging happen only after you choose “Allow” in the privacy choices banner. You can withdraw consent at any time — see Your rights and choices below — subject to legal or contractual restrictions and reasonable notice. Withdrawing consent may limit our ability to provide certain services.
We comply with Canada’s Anti-Spam Legislation (CASL). We send commercial electronic messages only with consent or under a permitted exemption (such as an existing business relationship or a direct enquiry), every message identifies us, and every message includes a working unsubscribe mechanism actioned within 10 business days.
4. Use, disclosure, and service providers
We do not sell, rent, or trade personal information. We disclose it only to service providers who process it on our behalf under contractual protections, or where required or permitted by law. Our current processors include:
- Vercel — website hosting and content delivery.
- Supabase — database, authentication, and file storage for leads, analytics, and the client portal.
- Stripe — payment processing and billing management.
- OpenAI — processing of AI chat messages and AI-assisted content generation. We send only the content needed to produce the response you requested.
- Email delivery providers — transactional notification emails (for example, confirming a form submission to our inbox).
Some of these providers store or process data on servers located outside Canada, including in the United States. While your information is outside Canada, it is subject to the laws of that jurisdiction, and courts, law enforcement, and national security authorities there may be able to access it. We choose providers with strong contractual and security safeguards, and you may contact our privacy officer with questions about our policies and practices regarding foreign service providers.
5. Retention
- Analytics records — retained for 180 days, then deleted.
- AI chat conversations — retained for 90 days, then deleted.
- Leads and enquiries — retained as long as needed to respond and evaluate the potential engagement, then deleted or anonymized.
- Client and billing records — retained for the duration of the engagement and thereafter as required by tax, accounting, and legal obligations (generally seven years for financial records).
6. Safeguards
We protect personal information with safeguards appropriate to its sensitivity, including encryption in transit (TLS) for all traffic, encryption at rest for lead contact details, role-based access controls and row-level security in our database, scoped and expiring tokens for tracking sessions, and rate limiting on public endpoints. Access to personal information is limited to people who need it to serve you.
If a breach of security safeguards creates a real risk of significant harm, we will notify affected individuals and report to the Office of the Privacy Commissioner of Canada as required by PIPEDA.
7. Your rights and choices
- Access and correction — you may request access to the personal information we hold about you, ask how it has been used and to whom it has been disclosed, and request corrections. We respond within 30 days.
- Withdraw consent— use the “Privacy choices” link in the website footer to turn off analytics and AI chat tracking at any time, or contact us to withdraw other consents.
- Deletion — you may ask us to delete personal information we no longer need for the purposes described here or to meet legal obligations.
- Unsubscribe — every marketing email we send includes an unsubscribe link.
8. Children
Our website and services are directed at businesses and are not intended for children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it.
9. Privacy officer and complaints
Our privacy officer is accountable for compliance with this policy. Questions, access requests, and complaints can be directed to:
Privacy Officer, Mann.digital
Surrey, British Columbia, Canada
mann@manndigital.ca
If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner for British Columbia.
10. Changes to this policy
We may update this policy as our services or the law change. The “Last updated” date at the top reflects the current version, and material changes will be flagged on this page. Continued use of the website after a change takes effect constitutes acceptance of the revised policy to the extent permitted by law.
