RF.ORGANIC INFRASTRUCTURE
Home Services Work About Blog Contact Get Audited
Global Compliance Framework

Data Hygiene Protocol.

We treat data privacy not as a legal hurdle, but as a component of infrastructure quality.

Effective Date: June 2026

This document defines the data processing relationship between RedFox Reach ("Data Fiduciary") and you ("Data Principal"), aligned with the DPDP Act (India), GDPR (EU), CCPA (USA), and Privacy Act 1988 (Australia).

1. Data Collection Architecture

We adhere to the principle of "Data Minimization." We only request specific data points necessary to construct the requested infrastructure audit or respond to a hiring inquiry.

  • Contact Data: Business email — utilized for delivering audit reports and scheduling consultations.
  • Digital Asset Data: Website URL — utilized solely for technical analysis (crawling, speed testing, SEO auditing).
  • Context Data: Ad spend bracket, pain points and optional notes — utilized to calibrate the diagnostic.
  • Hiring Inquiry Data: Name, company, role/project links and message — submitted via the hiring form, utilized solely to evaluate and respond to the engagement inquiry.
  • Telemetry: IP address, browser user agent — collected passively for security and load balancing via our hosting provider (Netlify).

2. Purpose of Processing

We process data under the lawful basis of "Legitimate Interest" (B2B services) and "Consent" (direct submission).

  • To perform technical SEO and infrastructure audits of the provided URL.
  • To communicate strategic recommendations via email.
  • To maintain the security and integrity of our digital property (fraud prevention).

3. Regional Infrastructure Standards

India — DPDP Act 2023 Tier 1

  • Role: RedFox Reach acts as the "Data Fiduciary."
  • Consent Artifact: By submitting the audit form, you provide explicit consent to process your data for the specific purpose of generating a growth strategy.
  • Grievance Redressal: Contact the Data Protection Officer in Section 6 for any discrepancies.

European Union — GDPR Tier 1

  • Right to Access & Portability: You may request a machine-readable export of all data we hold on you.
  • Right to Erasure: You may request permanent deletion of your profile from our CRM and audit logs.
  • Data Transfer: Data may be processed on servers outside the EEA (via Netlify/Google infrastructure) protected by Standard Contractual Clauses (SCCs).

USA — CCPA / CPRA Tier 2

  • No Sale of Data: RedFox Reach explicitly does not sell your personal information to third parties or data brokers.
  • Right to Know: You may request the categories of data collected (identifiers, internet activity) over the past 12 months.
  • Non-Discrimination: We will not deny services or change rates if you exercise your privacy rights.

Australia — Privacy Act 1988 Tier 2

  • Openness: This policy serves as transparent notification of our data practices.
  • Cross-Border Disclosure: We take reasonable steps to ensure global vendors (Google, Netlify) do not breach the APPs.
  • Anonymity: General inquiries may be made anonymously where no audit is requested.

4. Third-Party Infrastructure

  • Netlify (Hosting/Forms): GDPR & CCPA compliant. Form submissions are stored in Netlify's form inbox.
  • Google Fonts (Typography): Served via Google's CDN; no cookies set.
  • Unsplash (Imagery): Photography served via Unsplash's CDN.

5. Retention Protocol

We retain audit-request data for 24 months to facilitate follow-up strategies and historical comparison. After this period, data is anonymized for statistical analysis or permanently purged.

6. Contact & Redressal

To exercise any of your rights (access, correction, erasure, or grievance), contact our designated Data Officer. For engagement terms, see the Terms of Service.

Data Protection Officer / Grievance Officer

Anirudh Nair

Head of Organic Infrastructure

Initiate privacy request

© 2026 RedFox Reach. All rights reserved.

Home Request Audit Terms of Service