Data Hygiene Protocol

This document defines the data processing relationship between Redfox Reach ("Data Fiduciary") and you ("Data Principal"), aligned with the DPDP Act (India), GDPR (EU), CCPA (USA), and Privacy Act 1988 (Australia).

1. Data Collection Architecture

We adhere to the principle of "Data Minimization." We only request specific data points necessary to construct the requested infrastructure audit.

• Identity Data: Name (First/Last) — utilized for personalized addressing.
• Contact Data: Business Email, Phone Number — utilized for delivering audit reports and scheduling consultations.
• Digital Asset Data: Website URL — utilized solely for the purpose of technical analysis (crawling, speed testing, SEO auditing).
• Telemetry: IP Address, Browser User Agent — collected passively for security and load balancing via our hosting provider (Netlify).

2. Purpose of Processing

We process data under the lawful basis of "Legitimate Interest" (B2B services) and "Consent" (Direct submission).

• To perform technical SEO and infrastructure audits of the provided URL.
• To communicate strategic recommendations via email or secure messaging (WhatsApp).
• To maintain the security and integrity of our digital property (fraud prevention).

3. Regional Infrastructure Standards

We recognize our obligations under specific jurisdictional frameworks:

India Compliance (DPDP Act 2023) TIER 1

In accordance with the Digital Personal Data Protection Act:

• Role: Redfox Reach acts as the "Data Fiduciary."
• Consent Artifact: By submitting the audit form, you provide explicit consent for us to process your data for the specific purpose of generating a growth strategy.
• Grievance Redressal: You may contact our Data Protection Officer (DPO) detailed in Section 6 for any discrepancies.

European Union (GDPR) TIER 1

For citizens of the EEA/EU:

• Right to Access & Portability: You may request a machine-readable export of all data we hold on you.
• Right to Erasure ("Right to be Forgotten"): You may request the permanent deletion of your profile from our CRM and audit logs.
• Data Transfer: Data may be processed on servers outside the EEA (specifically via Netlify/Google infrastructure) protected by Standard Contractual Clauses (SCCs).

USA (CCPA/CPRA) TIER 2

For residents of California and applicable US states:

• No Sale of Data: Redfox Reach explicitly does not sell your personal information to third parties or data brokers.
• Right to Know: You have the right to know specific categories of data collected (Identifiers, Internet Activity) over the past 12 months.
• Non-Discrimination: We will not deny services or charge different rates if you exercise your privacy rights.

Australia (Privacy Act 1988) TIER 2

Adhering to the Australian Privacy Principles (APPs):

• Openness: This policy serves as our transparent notification of data practices.
• Cross-Border Disclosure: We take reasonable steps to ensure our global vendors (Google, Netlify) do not breach the APPs.
• Anonymity: Where general inquiries are made without requesting a specific audit, you have the option to interact anonymously.

4. Third-Party Infrastructure

Our digital ecosystem relies on best-in-class vendors who maintain their own rigorous compliance standards:

• Netlify (Hosting/Forms): GDPR & CCPA Compliant.
• Google Analytics 4 (Analytics): Configured with IP Anonymization enabled. Data retention set to 14 months.

5. Retention Protocol

We retain "Audit Request" data for a period of 24 months to facilitate follow-up strategies and historical performance comparisons. After this period, data is either anonymized for statistical analysis or permanently purged from our active directories.

6. Signal Tower (Contact & Redressal)

To exercise any of your rights (Access, Correction, Erasure, or Grievance), please direct a formal signal to our designated Data Officer.