Skip to main content

Privacy Policy

Last updated: March 28, 2026

Information We Collect

When you submit a contact or project inquiry form on our website, we collect the information you provide, which may include your name, email address, phone number, company name, and project details. When you subscribe to our newsletter, we collect your email address. We also collect certain data automatically — see the Analytics and Cookies sections below.

Legal Basis for Processing

Where GDPR applies, we process your personal data on the following legal bases:

  • Consent — We load analytics cookies (Microsoft Clarity) only after you accept cookies. You may withdraw consent at any time.
  • Legitimate interests — Responding to inquiries you initiate, maintaining site security, and improving our services.
  • Contractual necessity — Processing information required to deliver services to you as a client.

Analytics

We use Plausible Analytics, a privacy-first analytics tool that does not use cookies, does not collect personal data, and is fully compliant with GDPR, CCPA, and PECR. Plausible collects only aggregate, anonymous usage data such as page views and referral sources.

We also use Microsoft Clarity for session analytics. Clarity uses cookies and requires your consent before loading. It collects information about how you interact with our pages — such as mouse movements and clicks — to help us improve the experience. Clarity is only activated after you accept cookies. You can learn more at Microsoft's privacy statement.

Cookies

Our website uses the following categories of cookies:

Analytics Cookies — Microsoft Clarity

Purpose: understand how visitors interact with our site to improve the experience. These cookies are loaded only after you give consent via our cookie banner. You may opt out at any time.

Functional Cookies — Authentication

Purpose: maintain your authenticated session in the client dashboard. These cookies are set only for logged-in dashboard users and are strictly necessary to deliver that functionality. No consent is required.

Security Cookies — Cloudflare Turnstile

Purpose: bot protection on contact and inquiry forms. Turnstile verifies that form submissions come from real humans without requiring you to solve a CAPTCHA. These cookies are strictly necessary for form security. No consent is required.

How We Use Your Information

Information submitted through our contact forms is used solely to respond to your inquiry, discuss potential projects, and provide the services you request. We do not sell, rent, or share your personal information with third parties for marketing purposes.

Data Storage & Retention

Form submissions and newsletter subscriptions are stored securely with encryption at rest and in transit. Contact and project inquiry data — including leads captured through our website — is retained for up to 24 months. Newsletter subscriptions are retained until you unsubscribe. You may request deletion of your data at any time by contacting us.

Third-Party Services

We work with the following third-party services that may process your data as part of delivering this website and our services:

  • Vercel— hosting provider. Your IP address passes through Vercel's infrastructure when you visit this site.
  • Supabase — database and authentication provider. Stores form submissions and manages dashboard user sessions.
  • Plunk — email delivery service. Used to send transactional and notification emails. Email addresses provided through our forms may be processed by Plunk.
  • Anthropic Claude — AI provider powering our chat assistant. Chat messages are sent to Anthropic for processing. See the AI Chat section below.
  • Cloudflare — provides Turnstile bot protection on our forms. Cloudflare may process your IP address and browser signals to verify you are human.
  • Google Fonts — fonts used on this site are loaded from Google servers, which may log your IP address. We use font display optimization to minimize these requests.
  • Microsoft Clarity — session analytics. Loaded only after cookie consent. See the Analytics section above.
  • Stripe — payment processing for invoiced clients. Stripe processes payment information directly and we do not store card details on our systems.

Each of these services operates under its own privacy policy and data processing terms. We select providers who maintain strong data protection practices.

Your Rights (GDPR)

If you are located in the European Economic Area or United Kingdom, you have the following rights under GDPR:

  • Right of access (Art. 15) — request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16) — request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17) — request deletion of your personal data, subject to legal obligations.
  • Right to data portability (Art. 20) — receive your personal data in a structured, machine-readable format.
  • Right to restrict processing (Art. 18) — request that we limit how we use your data in certain circumstances.
  • Right to object (Art. 21) — object to processing based on legitimate interests.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint (Art. 77) — you have the right to file a complaint with your local data protection supervisory authority if you believe your rights have been violated.

To exercise any of these rights, contact us at privacy@chaosdigital.net. We will respond within 30 days.

California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to know — request disclosure of the personal information we have collected about you, the sources, the purposes, and the third parties with whom it has been shared.
  • Right to delete — request deletion of personal information we have collected, subject to certain exceptions.
  • Right to opt out — we do not sell or share your personal information for cross-context behavioral advertising. There is nothing to opt out of.
  • Right to non-discrimination — we will not discriminate against you for exercising your privacy rights.

We do not sell or share your personal information. To submit a California privacy request, contact us at privacy@chaosdigital.net.

International Data Transfers

Chaos Digital is based in North Carolina, United States. The third-party services we use — including our hosting provider, database provider, email delivery service, and analytics tools — are primarily US-based and process data on servers in the United States.

If you are accessing this site from outside the United States, your data may be transferred to and processed in the US. Where required by applicable law (such as GDPR), such transfers are covered by Standard Contractual Clauses or other lawful transfer mechanisms. You can request information about the safeguards in place by contacting us at privacy@chaosdigital.net.

AI Chat

Our website includes an AI-powered chat assistant. When you use the chat, your messages are sent to Anthropic Claude AI for processing. Chat messages are not permanently stored by Chaos Digital. Anthropic may process your messages in accordance with their privacy policy, which you can review at anthropic.com/privacy. Your IP address is temporarily used for rate limiting but is not stored. The chat is for informational purposes only and does not constitute professional advice.

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date.

Contact

If you have questions about this privacy policy or your personal data, contact us at privacy@chaosdigital.net.

Chaos Media Group LLC, North Carolina, United States.