Skip to content

Privacy Policy

Last updated: June 2025

This Privacy Policy applies to all visitors to our website, including prospective clients and partners, and governs data collection through our site, forms, and third-party integrations. By using our website or services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect the following types of information:

  • Information you provide: Name, email, company, project details, and any other information submitted via contact forms, Calendly booking, or email communications.
  • Automatically collected data: IP address, device type, browser information, referral source, pages viewed, time spent on site, and other usage statistics.
  • AI-related data: If you interact with any AI features (e.g., chatbots or AI-powered tools), we may store conversation history and interactions for quality improvement and performance optimization.
  • Technical information: Browser type, operating system, device identifiers, and other technical data necessary for site functionality and security.

2. How We Use Your Data

We use your data to:

  • Respond to inquiries and provide requested information
  • Schedule calls and manage client relationships
  • Improve our website and service offerings
  • Process payments via Stripe (if applicable)
  • Analyze site performance and user behavior
  • Enhance AI tools and features

We may also use aggregated, anonymized data to assess performance trends and improve our services. If you are located in the EU or UK, our lawful basis for processing your personal data may include:

  • Your consent
  • Performance of a contract
  • Legitimate business interests
  • Legal obligations

3. Sharing Your Information

We don't sell or rent your personal data. We only share information with trusted providers to help run our site and process transactions (e.g., Stripe, Calendly, Mixpanel). Some of these third-party tools may process your data outside your country of residence (e.g., in the United States). We ensure they comply with applicable data protection standards such as GDPR or Privacy Shield frameworks.

All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

4. Data Retention

We retain your personal data based on the following schedule:

  • Contact and account records: 7 years after last interaction
  • Chat logs and AI interactions: 2 years (unless deleted earlier)
  • System and analytics logs: 1 year
  • SMS opt-in and consent logs: 2 years (compliance purposes)
  • Encrypted backups: up to 30 days
  • Aggregated and anonymized data: retained indefinitely

5. Subprocessors

We rely on trusted subprocessors to operate our platform:

  • Amazon Web Services (infrastructure)
  • Stripe (payment processing)
  • Calendly (meeting scheduling)
  • Mixpanel (analytics)
  • Sentry (error monitoring)
  • OpenAI (AI models and chat features)

These subprocessors have access only to the minimum data required to perform their tasks, and we review their privacy practices regularly.

6. AI and Automated Systems

We use AI systems to enhance user experience, generate insights, and personalize responses. Any data used for training or tuning is anonymized and aggregated unless explicit consent is given.

We do not allow human review of AI-generated content unless required for support or troubleshooting and only with user permission.

7. Cookies and Tracking

We use cookies and similar tracking technologies to enhance site functionality and understand visitor behavior. You can:

  • Disable cookies in your browser settings
  • Use browser extensions to manage tracking preferences
  • Opt out of non-essential cookies

Note that some services may still collect anonymized usage data for essential functionality. Our cookie policy is designed to respect your privacy while maintaining site performance.

8. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption for data transmission and storage
  • Firewalls and access controls
  • Regular security assessments
  • Limited access to personal data

While we take reasonable precautions, no online transmission is 100% secure. We limit access to personal data to authorized personnel only and regularly review our security practices.

9. Your Rights

Depending on your location, you may have additional rights under data privacy laws (e.g., GDPR, CCPA), including:

  • Right to access your personal data
  • Right to correct inaccurate data
  • Right to request deletion of your data
  • Right to restrict or object to processing
  • Right to data portability
  • Right to withdraw consent

To exercise these rights or if you have any questions about your data, contact us at hello@downshiftit.com. We will respond to your request within 30 days.

10. Updates to This Policy

We may update this policy periodically to reflect changes in our practices or legal requirements. Significant changes will be posted on this page with an updated revision date.

11. Contact Us

If you have questions about this policy or your data, please contact us:

We are committed to protecting your privacy and will address any concerns promptly and transparently.