Skip to content

Home / Privacy

Privacy Policy

Last updated: July 8, 2026

This Privacy Policy explains how Divitio (“we”, “us”, “our”), operating divitiai.com, collects, uses, discloses, and safeguards your information. We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other applicable data-protection laws.

1. Data we collect

  • Information you provide — name, work email, phone, company, website URL, service interests, budget and message when you submit our audit/contact form or subscribe to our newsletter.
  • Usage data — pages visited, referrer, approximate location, device and browser type, collected via privacy-respecting analytics.
  • Cookies — strictly necessary cookies for site function, and (with consent) analytics cookies.

2. How we use your data

  • To respond to your enquiry and prepare your requested audit or proposal.
  • To provide, maintain and improve our services and website.
  • To send you communications you have requested (e.g. our newsletter); you can opt out at any time.
  • To comply with legal obligations and protect against fraud or abuse.

3. Legal bases (GDPR)

We process personal data on the bases of your consent (e.g. newsletter), the performance of a contract or steps prior to it (e.g. responding to an audit request), our legitimate interests in operating and improving our business, and legal obligation where applicable.

4. Sharing and processors

We do not sell your personal data. We share it only with trusted service providers who process it on our behalf under contract — for example our CRM (EspoCRM), messaging/notification tools, hosting and analytics providers. These processors are bound to protect your data and use it only as instructed.

5. International transfers

Where data is transferred outside the EEA/UK, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

6. Retention

We keep personal data only as long as necessary for the purposes described, to comply with legal obligations, resolve disputes and enforce agreements. Enquiry data is typically retained for up to 24 months unless you request earlier deletion.

7. Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, restrict or object to processing, data portability, and to withdraw consent. California residents may request disclosure of, and deletion of, personal information and to opt out of “sales” (we do not sell data). To exercise any right, contact us using the details below — we respond within the timeframes required by law.

8. Security

We apply appropriate technical and organizational measures — encryption in transit, access controls and least-privilege practices — to protect your data. No method of transmission is 100% secure, but we work to protect your information.

9. Children

Our services are for businesses and are not directed to children under 16. We do not knowingly collect their data.

10. Changes

We may update this policy; the “Last updated” date reflects the latest revision. Material changes will be communicated where appropriate.

11. Contact

For privacy questions or to exercise your rights, contact us via the contact form or email the address listed there. If you are in the EEA/UK and believe we have not addressed your concern, you may lodge a complaint with your local supervisory authority.

This document is a general template and does not constitute legal advice. Have it reviewed by qualified counsel for your jurisdiction.