Skip to content

Legal

Privacy policy

Last updated: May 2026.

This page explains what d1git ("we", "us") collects when you visit d1g.it, the customer portal at portal.d1g.it, or work with us on a project. We don't sell your data, we don't run advertising trackers, and we use as few third-party services as we can while still running a real business.

What we collect

From the marketing site (d1g.it): when you submit a contact form, project inquiry, or domain search, we collect what you give us — name, email, phone (if provided), the message body, the page you came from, and your IP address (used for spam protection and rate limiting).

From customer accounts (portal.d1g.it): name, email, phone, business name, timezone, and a record of projects, services, invoices, payments, support tickets, and proposals associated with your account.

From signed proposals: your typed name, drawn signature image, IP address, browser user-agent, and timestamp — required to make the electronic signature legally binding under the federal ESIGN Act & UETA.

From hosting integrations (only if you opt in): SSH credentials for your cPanel host or a Cloudflare API token, used to surface and manage your domains and DNS from inside our admin tools. These are encrypted at rest with a key only the application server can access.

How we use it

To reply to inquiries, deliver the work you've engaged us for, send invoices and project updates, run the customer portal, and (rarely) send relevant business updates. You can opt out of optional emails by replying to any one of them.

Payments & financial data

All payment processing is handled by Stripe. When you add a card, US bank account (ACH), or Cash App account on the portal, those details go directly to Stripe — they do not pass through our servers and we never see, store, or have access to full card numbers, CVCs, or bank account numbers.

What we do see and retain: a Stripe customer ID, the last 4 digits and brand of cards on file, bank name and last 4 digits of ACH accounts, your Cash App cashtag (when paying via Cash App), and the date / amount / status of each transaction. That information is required to show you your payment history and to charge subscriptions you've authorized.

Stripe is a PCI-DSS Level 1 service provider; their handling of card data is governed by Stripe's privacy policy.

Third-party services we use

We rely on a small set of vendors to operate the business. Each one only receives what it needs for its specific job:

  • Stripe — card / ACH / Cash App processing and subscription billing. Receives: payment details, billing email, customer ID. (policy)
  • Twilio — SMS delivery for portal login codes. Receives: phone number and the 6-digit code. (policy)
  • Google — optional Google sign-in for the portal, plus Google Analytics 4 (loaded via Google Tag Manager) for traffic analytics on the marketing site. Sign-in shares your name, email, and Google profile photo. (policy)
  • GoDaddy — domain availability lookups when you search for a domain. Receives: the domain name being checked. (policy)
  • Cloudflare — DNS for d1g.it itself, plus optional DNS management for customer zones if you connect an API token. (policy)
  • Anthropic (Claude) — when AI features are used to assist with project work or content drafting on your behalf. Inputs are sent to Anthropic's API; per Anthropic's terms, API content is not used to train their models. (policy)
  • ElevenLabs — when text-to-speech generation is used for project work. (policy)
  • Email delivery — transactional email (invoices, proposal links, ticket replies) is sent through standard SMTP; the recipient's email and message body pass through the mail provider in transit.

We never sell your data, we never share it for advertising, and we don't run ad or remarketing pixels.

Analytics

We use Google Analytics 4 (loaded through Google Tag Manager) to see basic traffic — pageviews, country, device class, which pages convert. IP addresses are anonymized by GA4 by default. Any standard browser privacy extension will block it if you'd rather not be counted.

Cookies

We use the smallest set of cookies we can:

  • Theme preference — remembers whether you picked light or dark mode.
  • Session — keeps you signed in to the customer portal or admin dashboard.
  • Google Analytics — sets _ga / _ga_* cookies on the marketing site for the traffic stats above.
  • Stripe — sets cookies on the payment-method page for fraud detection during card / ACH / Cash App entry.

No advertising cookies. No cross-site tracking.

Data retention

Account, project, invoice, and tax-relevant financial records are retained for at least seven years to meet US tax and bookkeeping requirements. SMS and login audit records are kept for one year. Spam-blocked contact submissions are purged after 30 days. Inactive prospect inquiries are reviewed annually and deleted if there's no ongoing relationship.

Security

Sessions are encrypted in transit (HTTPS everywhere). Passwords are hashed with bcrypt. Sensitive customer-supplied credentials — SSH private keys, SSH passphrases, Cloudflare API tokens — are encrypted at rest using Laravel's cryptographic primitives keyed to a server-only secret. Backups are encrypted. Production access is restricted to the d1git principal.

Your rights

You can ask us to:

  • Show you a copy of the data we have about you.
  • Correct anything that's inaccurate.
  • Delete your account and the associated personal data, except records we're required to retain for tax / legal reasons.
  • Stop sending you optional emails.

If you live in California, the EU/UK, or any other jurisdiction with specific privacy rights (CCPA, GDPR, etc.), those rights apply to your data with us — email us and we'll honor them.

Children's privacy

The site and services are not directed to children under 13. We do not knowingly collect data from children. If you believe a child has submitted information, contact us and we'll delete it.

International transfers

d1git is based in Phoenix, Arizona. The vendors listed above operate primarily in the United States; some may store or process data in other jurisdictions. By using the site or portal, you consent to your information being processed in the US.

Changes to this policy

If we change this policy, the "Last updated" date at the top changes too. Material changes will be highlighted at the top of the page for at least 30 days, and existing customers will get an email summary.

Contact

Privacy questions, data access requests, or anything that smells like a security issue: email [email protected] or call (602) 527-2827.