Skip to content
DONNA LogoDONNA

Privacy Policy

Last updated: 1/18/2026

1. Information We Collect

We collect information you provide directly to us, including:

  • Account information (name, email, company)
  • Payment information
  • Communication data processed through our services
  • Usage data and analytics

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send technical notices and support messages
  • Respond to your comments and questions
  • Monitor and analyze trends and usage

3. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: With third-party vendors who perform services on our behalf (hosting, payment processing, analytics)
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Legal Requirements: When required by law, court order, or government regulation
  • Protection of Rights: To protect our rights, property, or safety, or that of our users
  • With Your Consent: When you have given explicit consent for specific sharing

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • End-to-end encryption for data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Employee training on data protection
  • Incident response and breach notification procedures
  • SOC 2 Type II compliance

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Maintain business records as required by law

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal purposes.

6. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Right to Access: Request a copy of the personal information we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete information
  • Right to Erasure: Request deletion of your personal information ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we process your information
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of your information for certain purposes
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at derek@bem.studio. We will respond to your request within 30 days.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Remember your preferences and settings
  • Analyze how you use our services
  • Provide personalized content and advertisements
  • Improve our services and user experience

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our services. For more information, see our Cookie Policy.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by data protection authorities
  • Adequacy decisions by relevant authorities
  • Binding Corporate Rules where applicable

By using our services, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect, use, and share
  • Right to delete your personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

10. Children's Privacy

Our services are not directed to children under 13 (or 16 in the EU). We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately and we will delete that information.

11. Third-Party Links

Our services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

12. Data Processing Agreement

If you use DONNA to process personal data on behalf of others, you act as a data controller and we act as a data processor. Our Data Processing Agreement (DPA) outlines our obligations and your responsibilities. The DPA is available upon request and is incorporated into our Terms of Service for Enterprise customers.

13. Changes to Privacy Policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes via email or through our service. The "Last updated" date at the top of this policy indicates when it was last revised.

14. Contact Us

For privacy-related questions, to exercise your rights, or to report a privacy concern, contact us at:

Email: derek@bem.studio

Data Protection Officer: Available upon request for Enterprise customers