Privacy Policy

 

Effective Date: February 13, 2025
Last Updated: September 2, 2025

INTRODUCTION

OCTESSENCE ("Company," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.octessence.studio (the "Website"), engage with our strategic brand and business design services, or otherwise interact with us.

This Privacy Policy applies to all information collected through our Website, our services, sales, marketing, events, and any other interactions you may have with OCTESSENCE.

By accessing or using our Website and services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Website or services.

1. INFORMATION WE COLLECT

We collect information that you provide directly to us, information we collect automatically when you use our Website, and information from third-party sources.

1.1 Personal Information You Provide

We collect personal information that you voluntarily provide when:

  • Filling out contact forms or requesting information

  • Engaging our strategic design services

  • Subscribing to our newsletter or marketing communications

  • Creating an account or client portal access

  • Making payments for services or products

  • Participating in surveys, contests, or promotional activities

  • Communicating with us via email, phone, or other channels

This information may include:

  • Identity Data: First name, last name, title, company name

  • Contact Data: Email address, telephone numbers, billing address, delivery address

  • Financial Data: Payment card details (processed securely through Stripe)

  • Transaction Data: Details about payments, services purchased, project history

  • Technical Data: IP address, browser type, device information, time zone settings

  • Profile Data: Username, preferences, feedback, survey responses

  • Marketing Data: Preferences in receiving marketing communications

  • Professional Data: Company information, industry, role, business needs

  • Project Data: Design briefs, brand assets, business information shared during consultations

1.2 Information We Collect Automatically

When you access our Website, we automatically collect certain information through cookies and similar technologies:

  • Usage Data: Pages visited, time spent on pages, links clicked, referring sites

  • Device Information: Hardware model, operating system, unique device identifiers

  • Location Data: Approximate geographic location based on IP address

  • Analytics Data: Behavior patterns, preferences, engagement metrics

1.3 Information from Third Parties

We may receive information about you from:

  • Service Providers: Squarespace (website hosting), HoneyBook (CRM), Stripe (payment processing)

  • Social Media Platforms: When you interact with us through social media

  • Business Partners: Referrals or joint service arrangements

  • Public Sources: Publicly available business information

1.4 Special Categories of Data

We do not intentionally collect sensitive personal information such as racial or ethnic origin, political opinions, religious beliefs, health information, or criminal history. If such information is inadvertently collected, it will be promptly deleted.

2. HOW WE USE YOUR INFORMATION

2.1 Legal Bases for Processing

We process your personal information based on the following legal grounds:

  • Contract Performance: To fulfill our service agreements with you

  • Legitimate Interests: To operate and improve our business

  • Legal Compliance: To comply with applicable laws and regulations

  • Consent: Where you have given explicit consent for specific uses

2.2 Purposes of Use

We use your information to:

Service Delivery

  • Provide our strategic brand and business design services

  • Process and complete transactions

  • Manage client relationships and projects

  • Deliver digital products and resources

  • Provide customer support and respond to inquiries

Communication

  • Send service-related notifications and updates

  • Provide project status updates and deliverables

  • Send invoices and payment confirmations

  • Respond to your questions and requests

Marketing and Promotion (with your consent)

  • Send newsletters and marketing communications

  • Inform you about new services, resources, or events

  • Share relevant industry insights and thought leadership

  • Customize marketing based on your interests

Business Operations

  • Improve our Website functionality and user experience

  • Analyze usage patterns and optimize our services

  • Develop new services and offerings

  • Protect against fraudulent or illegal activity

  • Enforce our Terms of Service and legal agreements

  • Maintain security and prevent unauthorized access

Legal and Compliance

  • Comply with legal obligations and regulations

  • Respond to legal requests and prevent harm

  • Protect our rights, property, and safety

  • Maintain records for tax and accounting purposes

3. HOW WE SHARE YOUR INFORMATION

We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:

3.1 Service Providers

We share information with trusted third-party service providers who assist in operating our business:

  • Squarespace: Website hosting and content management

  • HoneyBook: Client relationship management and project management

  • Stripe: Secure payment processing

  • Google Workspace: Email and document management

  • Analytics Providers: Google Analytics for website analytics

  • Marketing Platforms: Email marketing and automation tools

  • Cloud Storage: Secure file storage and sharing

  • Professional Services: Accountants, lawyers, consultants bound by confidentiality

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.2 Business Transfers

If OCTESSENCE undergoes a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or control of your personal information.

3.3 Legal Requirements

We may disclose your information when required by law or in response to:

  • Court orders, subpoenas, or legal process

  • Government or regulatory requests

  • Law enforcement investigations

  • Protection of our legal rights or property

  • Prevention of fraud or illegal activities

  • Emergency situations involving potential harm

3.4 Consent-Based Sharing

We may share your information with your explicit consent, such as:

  • Publishing testimonials or case studies (with your permission)

  • Referrals to trusted partners at your request

  • Collaborative projects involving third parties

3.5 Aggregated Information

We may share aggregated, anonymized data that cannot identify you personally for research, marketing, or other business purposes.

4. DATA SECURITY

4.1 Security Measures

We implement appropriate technical and organizational security measures to protect your personal information:

  • Encryption: SSL/TLS encryption for data transmission

  • Access Controls: Limited access to personal data on a need-to-know basis

  • Secure Storage: Protected servers with regular security updates

  • Authentication: Strong password requirements and secure authentication

  • Regular Audits: Security assessments and vulnerability testing

  • Employee Training: Data protection and security awareness training

  • Incident Response: Established procedures for security incidents

4.2 Payment Security

All payment transactions are processed through Stripe, which is PCI-DSS compliant. We do not store credit card details on our servers.

4.3 Data Breach Response

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify affected individuals within 72 hours where feasible

  • Provide information about the breach and potential impacts

  • Recommend steps to protect your information

  • Cooperate with regulatory authorities as required

4.4 Your Responsibilities

You are responsible for:

  • Maintaining the confidentiality of your account credentials

  • Using strong, unique passwords

  • Notifying us of any unauthorized access

  • Keeping your contact information current

5. COOKIES AND TRACKING TECHNOLOGIES

5.1 Types of Cookies We Use

Essential Cookies

  • Required for Website functionality

  • Enable core features like security and accessibility

  • Cannot be disabled without impacting Website use

Analytics Cookies

  • Help us understand how visitors use our Website

  • Collect aggregated, anonymous information

  • Used to improve Website performance and content

Marketing Cookies

  • Track visitors across websites

  • Display relevant advertisements

  • Measure campaign effectiveness

  • May be set by third-party advertising partners

Preference Cookies

  • Remember your settings and preferences

  • Customize your experience

  • Store language and region preferences

5.2 Third-Party Cookies

Our Website may include cookies from:

  • Google Analytics (website analytics)

  • Social media platforms (content sharing)

  • Marketing partners (advertising and retargeting)

5.3 Managing Cookies

You can control cookies through:

  • Browser Settings: Most browsers allow you to refuse or delete cookies

  • Cookie Preference Center: Adjust settings on our Website (where available)

  • Third-Party Opt-Outs:

    • Google Ads Settings: https://adssettings.google.com

    • Facebook Ad Preferences: https://www.facebook.com/ads/preferences

    • Digital Advertising Alliance: https://optout.aboutads.info

Disabling cookies may limit certain Website features and functionality.

5.4 Do Not Track Signals

Our Website does not currently respond to Do Not Track browser signals. However, you can use the cookie management options described above.

6. YOUR PRIVACY RIGHTS

6.1 Rights Under GDPR (European Users)

If you are located in the European Economic Area, you have the following rights:

  • Right to Access: Request copies of your personal data

  • Right to Rectification: Request correction of inaccurate data

  • Right to Erasure: Request deletion of your data ("right to be forgotten")

  • Right to Restrict Processing: Request limitation of data processing

  • Right to Data Portability: Receive your data in a structured format

  • Right to Object: Object to processing based on legitimate interests

  • Right to Withdraw Consent: Withdraw consent at any time

  • Right to Complain: Lodge a complaint with supervisory authorities

6.2 Rights Under CCPA (California Residents)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to Know: Request information about data collection and sharing

  • Right to Delete: Request deletion of personal information

  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell data)

  • Right to Non-Discrimination: Equal service regardless of exercising privacy rights

  • Right to Correct: Request correction of inaccurate information

6.3 Exercising Your Rights

To exercise any of these rights:

  • Email us at hello@octessence.studio

  • Include sufficient information to verify your identity

  • Specify which rights you wish to exercise

  • We will respond within 30 days (or as required by law)

We may request additional information to verify your identity before processing requests.

7. DATA RETENTION

7.1 Retention Periods

We retain personal information for as long as necessary to:

  • Provide our services and maintain client relationships

  • Comply with legal, accounting, and reporting requirements

  • Resolve disputes and enforce agreements

  • Maintain business records and analytics

Typical retention periods:

  • Client Data: Duration of business relationship plus 7 years

  • Financial Records: 7 years for tax and accounting purposes

  • Marketing Data: Until consent is withdrawn or 3 years of inactivity

  • Website Analytics: 26 months

  • Cookie Data: As specified in cookie settings

7.2 Deletion Procedures

When retention periods expire or upon valid deletion requests:

  • Data is securely deleted from active systems

  • Backups are purged according to retention schedules

  • Third-party processors are instructed to delete data

  • Anonymized data may be retained for analytics

8. INTERNATIONAL DATA TRANSFERS

8.1 Cross-Border Transfers

Your information may be transferred to and processed in countries other than your own, including the United States, where data protection laws may differ from your jurisdiction.

8.2 Transfer Safeguards

We ensure appropriate safeguards for international transfers through:

  • Standard Contractual Clauses approved by regulatory authorities

  • Adequacy decisions recognizing equivalent protection levels

  • Binding corporate rules for intra-group transfers

  • Your explicit consent where required

8.3 Third-Party Processors

Our service providers may process data internationally. We ensure they provide appropriate security measures and comply with applicable data protection laws.

9. CHILDREN'S PRIVACY

Our Website and services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we discover that we have inadvertently collected information from a child under 18, we will promptly delete it.

Parents or guardians who believe we may have collected information from their child should contact us immediately at hello@octessence.studio.

10. MARKETING COMMUNICATIONS

10.1 Opt-In Consent

We will only send marketing communications if you have:

  • Explicitly opted in to receive them

  • Engaged our services and not opted out

  • Requested information about our services

10.2 Types of Marketing

Marketing communications may include:

  • Newsletters and industry insights

  • Service updates and new offerings

  • Event invitations and webinars

  • Educational content and resources

  • Client success stories and case studies

10.3 Opting Out

You can opt out of marketing communications at any time by:

  • Clicking "Unsubscribe" in any marketing email

  • Emailing us at hello@octessence.studio

  • Updating your preferences in your account settings

Opting out of marketing does not affect service-related communications necessary for our business relationship.

11. THIRD-PARTY WEBSITES

Our Website may contain links to third-party websites, services, or content. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

Third-party services integrated with our Website include:

  • Social media platforms

  • Payment processors

  • Analytics providers

  • Content delivery networks

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically to reflect:

  • Changes in our practices or services

  • Legal or regulatory requirements

  • Technological developments

  • User feedback and business needs

Changes become effective immediately upon posting. The "Last Updated" date will be revised accordingly. We encourage you to review this Privacy Policy regularly.

For material changes, we may provide additional notice through:

  • Email notification to registered users

  • Prominent Website announcement

  • Request for renewed consent where required

13. CONTACT INFORMATION

For privacy-related questions, concerns, or requests, please contact our Data Protection Officer, HANA Catlett, at hello@octessence.studio.

Response Times:

  • General inquiries: Within 5 business days

  • Rights requests: Within 30 days (or as required by law)

  • Data breach notifications: Within 72 hours where required

14. SUPERVISORY AUTHORITY

If you are unsatisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection authority:

For EU Residents: Your local Data Protection Authority
For UK Residents: Information Commissioner's Office (ICO)
For California Residents: California Attorney General's Office

15. ACCESSIBILITY

We are committed to making our Privacy Policy accessible to all users. If you need this policy in an alternative format or have accessibility concerns, please contact us at accessibility@octessence.design.

BY USING OUR WEBSITE OR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THIS PRIVACY POLICY.