Legal

Privacy policy

How Pantoja Digital collects, uses, protects, and retains personal information across our website, client portal, and services.

Contact usHelp center
Last updated: March 16, 2026

This page explains how we collect, use, protect, and retain personal information across the website, client portal, and service delivery surfaces.

1. Overview

Pantoja Digital, LLC ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use our website and services (NullShield, Tarvix, Webwright, Beacon).

2. Information We Collect

Information You Provide

  • Contact information: Name, email address, phone number, company name
  • Account information: Email address for Client Portal authentication
  • Payment information: Processed and stored by Stripe, we do not store credit card numbers
  • Service-related information: URLs and systems submitted for testing, AI configurations, website details, and SEO data

Information Collected Automatically

  • Usage data: Pages visited, time spent, referring URLs
  • Device information: Browser type, operating system, IP address
  • Cookies: Session cookies for authentication and analytics cookies for improvement

NullShield Security Scan Data

When performing security assessments, NullShield may collect vulnerability data about your systems, including HTTP requests and responses, system configurations, exposed data patterns, and security findings. This data is treated as strictly confidential and is only used to generate your security report.

3. How We Use Your Information

  • To provide and improve our services
  • To communicate about engagements, service updates, and security notifications
  • To process payments via Stripe
  • To send appointment confirmations and reminders
  • To generate security reports and vulnerability assessments
  • To improve our website and user experience
  • To comply with legal obligations

We do not sell, rent, or trade your personal information to third parties. We do not use your data for advertising purposes.

4. Data Storage & Security

  • Database: Neon PostgreSQL (US-based servers, encrypted at rest and in transit)
  • File storage: Vercel Blob (US-based, encrypted)
  • Payments: Stripe (PCI DSS Level 1 compliant)
  • Hosting: Vercel (US-based, SOC 2 compliant)
  • NullShield scan data: Encrypted at rest, access restricted to authorized personnel only, retained for the duration of your engagement plus 12 months or as required

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews of our own infrastructure.

5. Third-Party Services

We use the following third-party services that may process your data:

  • Stripe: Payment processing
  • Vercel: Website hosting and infrastructure
  • Neon: Database hosting
  • Cloudflare: DNS, SSL, and email routing

We do not share your data with any parties beyond those necessary to provide our services.

6. Your Rights

You have the right to access, correct, delete, port, or object to processing of your personal data, subject to legal obligations and retention requirements.

To exercise any of these rights, contact us at team@pantojadigital.com. We will respond within 30 days.

7. California Residents (CCPA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act, including the right to know, delete, and opt out of the sale of personal information. We do not sell your data.

8. Data Retention

  • Contact form submissions: Retained for 24 months or until deletion is requested
  • Client Portal data: Retained for the duration of the client relationship plus 12 months
  • NullShield scan data: Retained for 12 months after engagement end, configurable per client needs
  • Payment records: Retained as required by law

9. Cookies

We use essential cookies for authentication and session management. We may use analytics cookies to understand how visitors interact with our website. You can disable cookies in your browser settings, though this may affect site functionality.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify existing clients of material changes via email. The last updated date at the top of this page indicates when the policy was last revised.

11. Contact

For privacy inquiries, contact us at team@pantojadigital.com.

Need clarification?

If you need help with privacy, access, or retention questions, ask us directly.

The legal copy stays formal, but the support path does not have to. Reach out and we can point you to the right answer or next step.

Email the teamVisit help center