Legal

Privacy Policy

Last updated: March 16, 2026

1. Overview

Pantoja Digital, LLC ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use our website (pantojadigital.com) and services (NullShield, Tarvix, AI Assistant Setup).

2. Information We Collect

Information You Provide

  • Contact information: Name, email address, phone number, company name (via contact forms and booking)
  • Account information: Email address for Client Portal authentication
  • Payment information: Processed and stored by Stripe; we do not store credit card numbers
  • Service-related information: URLs and systems submitted for security testing, AI agent configurations, business context for AI assistant setup

Information Collected Automatically

  • Usage data: Pages visited, time spent, referring URLs
  • Device information: Browser type, operating system, IP address
  • Cookies: Session cookies for authentication, analytics cookies for site improvement

NullShield Security Scan Data

When performing security assessments, NullShield may collect vulnerability data about your systems, including: HTTP requests and responses, system configurations, exposed data patterns, and security findings. This data is treated as strictly confidential and is only used to generate your security report.

3. How We Use Your Information

  • To provide and improve our Services
  • To communicate with you about your engagement, including service updates and security notifications
  • To process payments via Stripe
  • To send appointment confirmations and reminders
  • To generate security reports and vulnerability assessments
  • To improve our website and user experience
  • To comply with legal obligations

We do not sell, rent, or trade your personal information to third parties. We do not use your data for advertising purposes.

4. Data Storage & Security

  • Database: Neon PostgreSQL (US-based servers, encrypted at rest and in transit)
  • File storage: Vercel Blob (US-based, encrypted)
  • Payments: Stripe (PCI DSS Level 1 compliant)
  • Hosting: Vercel (US-based, SOC 2 compliant)
  • NullShield scan data: Encrypted at rest, access restricted to authorized personnel only, retained for the duration of your engagement plus 12 months (or as required by your compliance needs)

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews of our own infrastructure.

5. Third-Party Services

We use the following third-party services that may process your data:

  • Stripe: Payment processing (see Stripe Privacy Policy)
  • Vercel: Website hosting and infrastructure
  • Neon: Database hosting
  • Cloudflare: DNS, SSL, and email routing

We do not share your data with any parties beyond those necessary to provide our Services.

6. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Request your data in a machine-readable format
  • Objection: Object to processing of your data for specific purposes

To exercise any of these rights, contact us at team@pantojadigital.com. We will respond within 30 days.

7. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information held by businesses
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your CCPA rights

8. Data Retention

  • Contact form submissions: Retained for 24 months or until deletion is requested
  • Client Portal data: Retained for the duration of the client relationship plus 12 months
  • NullShield scan data: Retained for 12 months after engagement end (configurable per client needs)
  • Payment records: Retained as required by law (typically 7 years)

9. Cookies

We use essential cookies for authentication and session management. We may use analytics cookies to understand how visitors interact with our website. You can disable cookies in your browser settings, though this may affect site functionality.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify existing clients of material changes via email. The "last updated" date at the top of this page indicates when the policy was last revised.

11. Contact

For privacy inquiries, contact us at team@pantojadigital.com.

© 2026 Pantoja Digital, LLC. All rights reserved.