DaCosta Consulting (“we”, “us”, or “our”) respects your privacy. This policy describes what we collect, how we use it, and the choices you have. This page is provided for transparency and does not constitute legal advice.
1. Information we collect
Contact data: name, email, phone, company, and message content you submit via forms or email.
Service data: project requirements, site/app credentials you provide for implementation, and communications related to delivery and support.
Lead gen & AI assistants: chat transcripts, call summaries, booking details, and metadata produced by AI tools you enable (e.g., website chat widgets or voice agents).
Usage data: pages viewed, referring URLs, device/browser, and approximate location derived from your IP (aggregated / pseudonymized where possible).
Payment & invoicing: billing name, email, and transaction metadata processed by our payment provider (we do not store full card numbers).
2. How we use information
Respond to inquiries and provide quotes, proposals, and service delivery.
Configure websites, CRMs, automations, analytics, and AI agents at your request.
Improve performance, security, and user experience of our site and services.
Send administrative messages (project updates, invoices, support notices). You can opt out of non-essential emails at any time.
Meet legal, tax, fraud-prevention, and security obligations.
3. Legal bases (PIPEDA/GDPR)
We operate primarily in Canada and follow PIPEDA. If you are in the EU/UK, we also rely on the following GDPR bases:
Consent (e.g., newsletter/marketing, optional cookies, AI assistant capture on your site when you choose to enable it).
Contract (to deliver services you request).
Legitimate interests (to secure, improve, and market our services in ways that respect your rights).
We use essential cookies for site functionality and may use analytics tools to understand aggregate usage. Where required, we will present a cookie banner for consent to non-essential cookies.
Essential: load balancing, security, preferences.
Analytics: page views, events, and performance metrics (aggregated). You can opt out via your browser settings or provided consent tools.
AI/Lead tools: if you enable chat widgets or voice agents, they may set cookies necessary for session continuity and scheduling.
5. Sharing & processors
We do not sell personal information. We share data with vetted service providers (“processors”) solely to operate our services—for example: hosting, email, CRM, analytics, payment, scheduling, and AI platforms. Providers are contractually limited to using data only on our instructions and must protect it appropriately. We may disclose information to comply with law, enforce agreements, or protect rights, safety, and security.
6. Retention & security
We keep personal data only as long as necessary for the purposes above, then delete or anonymize it.
We apply reasonable technical and organizational measures (access controls, encryption in transit, least-privilege, and regular updates). No method of transmission or storage is 100% secure.
7. Your rights & choices
Access / correction: request a copy of your data or ask us to fix inaccuracies.
Deletion: request deletion where we’re not required to keep data by law.
Objection / restriction: object to or restrict certain processing (e.g., marketing).
Consent withdrawal: withdraw consent for non-essential processing at any time.
Portability (GDPR): request a machine-readable copy of data you provided.
Your data may be processed outside your province/country (e.g., the U.S.). When we transfer data internationally, we use appropriate safeguards, such as contractual clauses or equivalent mechanisms required by law.
9. Children’s privacy
Our services are not directed to children under 13 (or under the age required by local law). We do not knowingly collect personal information from children.
10. Changes to this policy
We may update this policy from time to time. The “Last updated” date reflects the most recent changes. Significant changes will be communicated where appropriate.