Privacy, Security & Data Processing Policy

Effective Date: Aug. 15th 2024


At Brand Built LLC, doing business as Digital Magic CRM (“we,” “our,” or “us”), your privacy, data protection, and platform security aren’t just compliance checkboxes—they’re foundational to how we build, operate, and scale our services. This policy combines our Privacy Policy, Security Policy, and Data Processing Addendum (DPA) into one comprehensive, transparent, and actionable document for your review.


1. Privacy Policy

1.1 What We Collect

  • Personal Information: name, email, phone, billing address, business name, payment details (via Stripe)
  • Technical Data: IP address, device/browser type, usage patterns, session data
  • Content You Provide: uploaded files, CRM inputs, chat messages, etc.

1.2 Why We Collect It

  • Provide, personalize, and maintain our services
  • Handle billing, access, and support
  • Send updates and improve features
  • Deliver relevant marketing (with consent)

1.3 Third-Party Providers

  • Stripe (billing)
  • Google Analytics (site performance)
  • Meta Pixel (ad tracking)
  • Go High Level (CRM tools)

1.4 Data Retention

We keep your data as long as needed for legal, operational, or support purposes. You can request deletion.

1.5 Your Rights

You may request access, correction, deletion, portability, or processing restriction of your data. Email: [email protected]


2. Security Policy

2.1 Infrastructure

  • Hosted on Google Cloud or AWS with firewall and load-balancing
  • Redundant backups and physical data center security

2.2 Encryption

  • TLS 1.2+ for transit
  • AES-256 for stored data

2.3 Authentication

  • 2FA required internally
  • Role-based user access

2.4 Secure Development

  • Code is peer-reviewed and patched regularly
  • Separation of dev/staging/production

2.5 Breach Protocol

We notify users promptly of any confirmed data breach affecting your information.


3. Data Processing Addendum (DPA)


3.1 Roles

You = Data Controller. We = Data Processor.

3.2 Sub-Processors

Same third-party tools listed above, all under contract with data security obligations.

3.3 Data Subject Rights

We’ll help you fulfill subject requests where legally required.

3.4 International Transfers

We use SCCs and valid mechanisms for data outside EU/UK.

3.5 Retention & Deletion

You may request return or deletion of personal data.

3.6 Legal Jurisdiction

This policy is governed by the laws of New York, unless otherwise required.


Contact Us

Brand Built LLC / Digital Magic CRM
535 Fifth Ave, 4th Floor
New York, NY 10017
[email protected]