Privacy Policy

Effective date: 2026-05-05

Last updated: 2026-05-05

Operator: Two Digital Creatives LLC (DBA "TDC Digital Agency")

Website: tdcdigitalagency.com

Contact: gabriel.meneses@tdcdigitalagency.com

This Privacy Policy explains how Two Digital Creatives LLC, doing business as TDC Digital Agency ("TDC," "we," "our," or "us"), collects, uses, shares, and safeguards information when you visit tdcdigitalagency.com, contact us, engage us as a client, or authorize us to access third-party platforms on your behalf. It applies to visitors, prospects, clients, and authorized representatives of clients.

1. Information We Collect

1.1 Information you provide

• Contact and intake forms: name, business name, email, phone number, website, role, budget range, project description, and any other details you choose to submit.
• Client onboarding: billing details, business documents, brand assets, and the names and contact details of authorized team members.
• Communications: the contents of emails, calls, meetings, and chat messages exchanged with us.

1.2 Information collected automatically

• Analytics cookies and similar technologies: page views, referrer, device and browser type, approximate location derived from IP, session duration, and on-site behavior. We use these for site analytics and performance.
• Advertising pixels: Meta Pixel, LinkedIn Insight Tag, Google Ads tag, and similar conversion-tracking tags that record visits and events for measurement and remarketing.
• Server logs: IP address, request timestamps, and basic technical metadata for security and abuse prevention.

1.3 Information from connected platforms (OAuth)

When a client authorizes us to manage marketing or analytics platforms, we request only the OAuth scopes needed for the engagement. Typical scopes include read or read-write access to ad accounts, pages, profiles, posts, analytics, audiences, and conversion events on platforms such as LinkedIn, Meta (Facebook and Instagram), Google (Ads, Analytics, Search Console, Business Profile, YouTube), TikTok, X, Stripe, and similar services.

For Meta specifically, the TDC Digital Agency Meta Developer App (App ID 785567401084563) requests the following scopes when a client connects: ads_management, ads_read, pages_show_list, pages_manage_ads, pages_manage_metadata, pages_manage_posts, pages_manage_engagement, pages_messaging, pages_read_engagement, pages_read_user_content, instagram_basic, instagram_content_publish, instagram_manage_comments, instagram_manage_insights, instagram_manage_messages, instagram_shopping_tag_products, instagram_branded_content_brand, instagram_branded_content_ads_brand, whatsapp_business_management, whatsapp_business_messaging, whatsapp_business_manage_events, business_management, catalog_management, leads_retrieval, read_insights, publish_video, threads_business_basic, paid_marketing_messages, pages_utility_messaging, manage_app_solution. We do not request scopes that are not required for the work, and authorizations can be revoked at any time from the source platform.

2. How We Use Information

• Service delivery: respond to inquiries, scope projects, deliver agency services, manage advertising campaigns, produce reports, and operate connected accounts under client authorization.
• Marketing analytics: measure site and campaign performance, attribute conversions, and improve creative and targeting.
• Client reporting: aggregate platform data into dashboards and reports delivered to the client.
• Billing and accounting: issue invoices, process payments, and maintain financial records.
• Security, fraud prevention, and compliance with applicable law.
• Direct communications: send service-related messages and, where permitted, occasional updates you can opt out of at any time.

3. Legal Bases (GDPR)

For users in the European Economic Area or United Kingdom, we process personal data on the following bases: performance of a contract (delivering services to you or your organization), legitimate interests (operating, securing, and improving our services and measuring marketing), consent (cookies and pixels where required, and certain marketing communications), and legal obligation (tax and recordkeeping). You may withdraw consent at any time without affecting prior processing.

4. How We Share Information

We do not sell personal information. We share information only with the categories of recipients below, under written terms that limit use to the purposes described in this policy:

• Productivity and storage: Google Workspace (email, documents, drive), Apple iCloud (device sync for staff devices).
• Advertising and marketing platforms: Meta (Facebook, Instagram, WhatsApp Business, Threads), LinkedIn, Google (Ads, Analytics, Tag Manager, YouTube), TikTok, X.
• Payments and billing: Stripe.
• Customer messaging and CRM: Slack, WhatsApp Business, Klaviyo (where used by a specific client engagement).
• AI and content tooling: OpenAI, Anthropic, Google AI, xAI, Firecrawl, Apify, HeyGen, Higgsfield (used to draft, analyze, summarize, or extract content; we do not submit client secrets, payment card data, or government identifiers to these tools).
• Site hosting and CMS: our website hosting provider and content platform.
• Professional advisors: accountants, attorneys, and auditors bound by confidentiality.
• Legal and safety: when required by law, valid legal process, or to protect rights, safety, and property.
• Successor entities: in connection with a merger, acquisition, financing, or sale of assets, subject to this policy.

This list reflects current sub-processors and tooling and may change as our stack evolves. Material changes will be reflected in updates to this page.

5. Cookies and Tracking

We use first-party and third-party cookies for analytics and advertising. A cookie banner is presented to visitors in jurisdictions that require consent, and you can accept, reject, or customize non-essential cookies there. You can also manage cookies through your browser settings and opt out of personalized advertising through your device or platform privacy controls (for example, ad settings on Google, Meta, LinkedIn, and via the Digital Advertising Alliance and Network Advertising Initiative opt-out tools).

6. Data Retention

We retain personal information for as long as needed to provide services, meet legal and tax obligations, resolve disputes, and enforce agreements. Inquiry and intake records are typically retained for up to 24 months after last contact. Client records are retained for the duration of the engagement and for a reasonable period afterward to satisfy legal and accounting requirements.

7. Your Rights

Depending on where you live, you may have the right to access, correct, delete, port, restrict, or object to certain processing of your personal information, and to opt out of targeted advertising or the "sale" or "sharing" of personal information as those terms are defined under California law. You may also lodge a complaint with a supervisory authority. To exercise any right, email gabriel.meneses@tdcdigitalagency.com or visit our Data Deletion page. We will verify your request and respond within the timeframes required by applicable law. We do not discriminate against you for exercising a privacy right.

8. International Transfers

We are based in the United States and our service providers may process information in the United States and other countries. Where required, we rely on appropriate transfer mechanisms such as the EU Standard Contractual Clauses or equivalent safeguards.

9. Security

We use administrative, technical, and physical safeguards proportionate to the sensitivity of the information we handle, including access controls, encryption in transit, multi-factor authentication on critical accounts, and secrets management. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

10. Children

Our services are intended for businesses and adults. We do not knowingly collect personal information from children under 13 (or under 16 in jurisdictions where that threshold applies). If you believe a child has provided us information, contact us and we will delete it.

11. Third-Party Sites and Platform Policies

Our site and the platforms we operate on behalf of clients may link to or integrate with third-party services. Those services are governed by their own privacy policies. Use of platform-specific data (for example, data accessed via LinkedIn, Meta, or Google APIs) is subject to those platforms' developer and platform terms in addition to this policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be communicated by updating this page and, where appropriate, by additional notice.

13. Contact

Questions, requests, or complaints about this policy or our handling of personal information can be sent to:

Two Digital Creatives LLC (DBA TDC Digital Agency)

gabriel.meneses@tdcdigitalagency.com

© 2026 Two Digital Creatives LLC. All rights reserved.