Privacy Policy

Profit Mill ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website (www.profitmill.io) and interact with our digital advertising services. Please read this policy carefully. By using our website, you agree to the practices described herein. This policy is designed to comply with applicable privacy laws including the General Data Protection Regulation (GDPR), the UK GDPR, Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), the California Consumer Privacy Act (CCPA/CPRA), and other applicable U.S. state privacy laws.

1. Information We Collect

1.1 Information You Provide Directly

When you contact us, request a proposal, or engage our services, we may collect:

• Name, job title, and company name
• Email address, phone number, and mailing address
• Information about your business, advertising goals, and budget
• Payment and billing information (processed securely via third-party processors)
• Any other information you choose to share with us

1.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical and usage data, including:

• IP address and approximate geographic location
• Browser type, version, and operating system
• Pages visited, time spent, and referring URLs
• Device identifiers and screen resolution
• Clickstream data and interaction events

1.3 Cookies and Tracking Technologies

We use cookies, pixels, and similar tracking technologies on our website, including:

• Essential Cookies: Required for basic website functionality.
• Analytics Cookies: Tools such as Google Analytics to understand how visitors use our site.
• Advertising & Remarketing Pixels: Tags from platforms such as Google Ads, Meta (Facebook/Instagram), LinkedIn, TikTok, and Microsoft Advertising that enable remarketing and conversion tracking.
• Preference Cookies: To remember your settings and preferences.

You can manage your cookie preferences at any time through our cookie consent banner or your browser settings. Note that disabling certain cookies may limit website functionality.

1.4 Data from Third-Party Advertising Platforms

As a paid advertising agency, we operate client ad accounts on platforms such as Google, Meta, LinkedIn, TikTok, Microsoft Advertising, Pinterest, and others. In doing so, we may receive aggregated or anonymized performance data, audience insights, and conversion signals from these platforms. We do not receive personally identifiable information directly from these platforms unless explicitly provided by our clients as part of an authorized data upload (e.g., custom audience lists).

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, manage, and optimize paid advertising campaigns on behalf of clients.
• Business Communications: To respond to inquiries, send proposals, and communicate about our services.
• Billing and Contracts: To process payments, issue invoices, and manage client agreements.
• Website Analytics: To understand visitor behavior and improve our website experience.
• Marketing: To send newsletters, case studies, or promotional content where you have opted in or where we have a legitimate interest.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.
• Security: To detect fraud, protect our systems, and maintain the integrity of our website.

3. Legal Bases for Processing (GDPR / UK GDPR)

For visitors from the European Economic Area (EEA), the United Kingdom, or other jurisdictions with equivalent requirements, we process your personal data under the following legal bases:

• Contractual Necessity: Processing required to fulfill a contract with you or take pre-contractual steps.
• Legitimate Interests: To operate and improve our business, prevent fraud, and communicate relevant updates, where such interests are not overridden by your rights.
• Consent: For non-essential cookies, marketing communications, and other processing activities where we have asked for and received your explicit consent.
• Legal Obligation: Where processing is necessary to comply with a legal obligation.

4. Advertising Data & Third-Party Platforms

4.1 Platform Data Policies

Our core business involves managing advertising on third-party platforms. Each platform has its own privacy policy and data practices. We encourage you to review the privacy policies of these platforms, which include:

• Google: policies.google.com/privacy
• Meta (Facebook/Instagram): facebook.com/privacy/policy
• LinkedIn: linkedin.com/legal/privacy-policy
• TikTok: tiktok.com/legal/page/us/privacy-policy
• Microsoft Advertising: privacy.microsoft.com

4.2 Remarketing and Custom Audiences

We may use tracking pixels, conversion APIs, and hashed customer data lists provided by clients to create custom audiences for targeted advertising. This data is processed in accordance with our client agreements and applicable platform terms. We do not sell or share client customer data with any third party beyond the advertising platforms explicitly authorized by the client.

4.3 Conversion Tracking

We use conversion tracking technologies (including cookies, pixels, and server-side APIs) to measure the effectiveness of advertising campaigns. This may involve sharing hashed identifiers (such as email addresses) with advertising platforms for attribution purposes. Where required by law, this is disclosed to end users through the relevant client website's privacy policy.

5. Sharing of Information

We do not sell your personal information. We may share information in the following limited circumstances:

• Service Providers: With trusted vendors who help us operate our business (e.g., CRM tools, payment processors, cloud hosting, email platforms), under contractual data processing agreements.
• Advertising Platforms: As described in Section 4, in connection with campaign management.
• Legal Requirements: If required by law, court order, or governmental authority.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice provided.
• With Your Consent: For any other purpose with your explicit consent.

6. International Data Transfers

We are based in Windsor, Ontario, Canada and our infrastructure may involve service providers located in the United States, the European Union, or other countries. If you are located in the EEA, UK, or Canada, please be aware that your personal data may be transferred to countries that may not provide the same level of data protection as your home country.

Where required, we ensure appropriate safeguards are in place for such transfers, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• UK International Data Transfer Agreements (IDTAs)
• Adequacy decisions where applicable
• Binding Corporate Rules where relevant

7. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this policy, or as required by applicable law. Retention periods vary based on the type of data:

• Client and business records: Retained for the duration of the relationship and up to 7 years afterward to meet tax and legal obligations.
• Website analytics data: Typically retained for 26 months (or as configured in our analytics tools).
• Marketing contact data: Retained until you opt out or request deletion.
• Cookie data: As specified in our cookie consent tool.

8. Your Privacy Rights

We will respond to verified requests within the timeframes required by applicable law.

8.1 Rights for EEA & UK Residents (GDPR / UK GDPR)

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing based on legitimate interests
• Right to withdraw consent at any time (without affecting prior lawful processing)
• Right to lodge a complaint with your national Data Protection Authority (DPA)

8.2 Rights for Canadian Residents (PIPEDA)

• Right to access personal information we hold about you
• Right to challenge the accuracy and completeness of your information
• Right to withdraw consent, subject to legal and contractual limitations
• Right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC)

8.3 Rights for California Residents (CCPA/CPRA)

California residents have the following rights under the CCPA/CPRA:

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information we have collected (subject to exceptions)
• Right to correct inaccurate personal information
• Right to opt out of the sale or sharing of personal information
• Right to limit the use of sensitive personal information
• Right to non-discrimination for exercising your rights

We do not sell personal information as defined under the CCPA. To exercise your California rights, please contact us at peter@profitmill.io or use the "Do Not Sell or Share My Personal Information" link in our website footer.

8.4 Rights for Other U.S. State Residents

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other states with comprehensive privacy laws may have similar rights to access, correct, delete, and opt out of certain processing of their personal data. Please contact us using the details in Section 12 to exercise any applicable rights.

9. Children's Privacy

Our website and services are not directed to individuals under the age of 13 (or 16 in the EEA and UK). We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately so we can take appropriate action.

10. Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encrypted data transmission (SSL/TLS)
• Access controls and role-based permissions
• Regular security assessments and monitoring
• Contractual data protection obligations with our service providers

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Links to Third-Party Websites

Our website may contain links to third-party websites, tools, or platforms. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any website you visit through our links. We are not responsible for the privacy practices or content of third-party websites.

12. How to Exercise Your Rights or Contact Us

To exercise your privacy rights, submit a data request, withdraw consent, or ask questions about this policy, please contact us:

Profit Mill

Attn: Peter Guba

Website: www.profitmill.io

Email: peter@profitmill.io

We will respond to verifiable requests within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing a request.

EEA/UK residents may also contact or lodge a complaint with their local supervisory authority. A list of EU data protection authorities is available at: edpb.europa.eu.

The UK's Information Commissioner's Office (ICO) can be reached at: ico.org.uk.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. We will indicate the date of the most recent update at the top of this page. For material changes, we will provide more prominent notice (such as an email notification or a banner on our website). Your continued use of our website after the effective date of any changes constitutes your acknowledgment of the revised policy.