Privacy Policy
How we collect, use, and protect your information. Plain English.
Last updated · May 21, 2026
Introduction
Meeko Digital ("we", "our", or "us") provides fully managed website services to local businesses and professionals. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you create an account, request mockups, subscribe to a plan, or visit our website. By using our service, you agree to the collection and use of information in accordance with this policy.
Legal Entity
1. Information we collect
1.1 Account information
When you create an account, we collect your name, email address, and (optionally) business name, phone number, and role. This is used to authenticate you, manage your account, and contact you about your project.
1.2 Project information
Information you submit through the requirements form — business name, industry, services, location, style preferences, and any logo, photos, or copy you upload — used to design and build your website.
1.3 Site & domain information
Information about your live site: domain name, traffic and performance metrics (page views, calls, form submissions), and analytics data collected from your website visitors.
1.4 Usage data
Portal-usage patterns: edit requests submitted, messages exchanged with us, settings changes, and login activity.
1.5 Technical data
Browser type and version, IP address and approximate location (country / city level), device information, session logs and timestamps, and cookies / similar tracking technologies (see Section 7).
1.6 Payment information
Payment-card details are processed by Stripe, our PCI-DSS Level 1 certified payment processor, and are not stored on our servers. We retain only transaction records and billing information necessary for account management.
2. How we use your information
2.1 Legal basis for processing
We process your data based on (a) performance of our contract with you, (b) your consent (where required), (c) compliance with legal obligations, and (d) our legitimate interests in providing and improving the service.
2.2 Purposes of use
To deliver mockups, build and operate your website, manage hosting, provide local SEO, send service notifications, respond to support messages, process payments, prevent fraud, comply with legal obligations, and improve our service. Some tasks — including mockup generation, content creation, and SEO analysis — may be assisted by AI tools. Your business information is processed only to deliver the service and is never used to train third-party AI models.
2.3 What we do not do
We do not sell your personal information. We do not use your business information or uploaded assets (logos, photos, copy) for any purpose outside delivering your service. We do not share your customer data with advertisers.
3. Data storage & security
3.1 Infrastructure
Your account, project files, and live website are hosted on managed cloud infrastructure with enterprise-grade physical and network security. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
3.2 Security measures
Continuous monitoring, automated backups, malware scanning, web application firewall (WAF), DDoS protection, role-based internal access controls, and regular security reviews.
3.3 Site backups
Your live website is backed up daily. Backups are retained for 30 days and can be restored on request through your portal.
4. Data sharing & third parties
4.1 We do NOT sell your data
We never sell, rent, or trade your personal information or business data to third parties.
4.2 Service providers (subprocessors)
We share data only with vetted providers needed to operate the service: cloud hosting, payment processing (Stripe), email delivery, analytics, helpdesk software, SEO tooling, and (for Growth and Professional plan customers) third-party integrations such as booking, CRM, or chat platforms selected during onboarding. Each provider is bound by data-processing agreements requiring appropriate safeguards.
4.3 Legal requirements
We may disclose information when required by law, court order, or to enforce our terms or protect our rights, your safety, or the rights and safety of others.
4.4 Business transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you and any successor entity will be bound by an equivalent privacy commitment.
4.5 With your consent
We will share data outside the above categories only with your explicit consent.
5. Your rights & choices
5.1 Access & portability
You can request a copy of your personal data and an export of your website content, photos, and analytics at any time through your account portal.
5.2 Correction & updates
Update your name, email, business information, and preferences directly from your account settings.
5.3 Deletion
You can delete your account through your portal. Upon cancellation, we will export your domain, content, photos, and analytics within 7 business days and delete your remaining account and project data within 30 days, except where retention is required by law. During any initial contract term, your data is retained and the service remains active until the term ends or you request early termination.
5.4 Restriction & objection
You have the right to restrict or object to certain processing. Submit such requests through your portal or by emailing privacy@meekodigital.com.
5.5 Withdraw consent
Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
5.6 Canadian residents (PIPEDA & provincial privacy laws)
Residents of Canada have rights under the federal Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec’s Law 25, Alberta’s PIPA, and British Columbia’s PIPA, including the right to access, correct, and withdraw consent for the processing of personal information. If you believe we have not adequately addressed a privacy concern, you may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca (or the applicable provincial commissioner). Quebec residents may also contact our designated privacy officer at privacy@meekodigital.com.
5.7 California, EU, and UK residents
Residents of California (CCPA/CPRA), the European Union (GDPR), and the United Kingdom (UK GDPR) have additional rights under their local laws. We honor verifiable requests in all jurisdictions.
5.8 How to submit a privacy request
Submit any privacy request through your portal, or email privacy@meekodigital.com. We respond to verified requests within 30 days (or sooner where required by applicable law).
6. Data retention
6.1 Active accounts
We retain your account and project data as long as your account is active or as needed to provide the service.
6.2 After cancellation
After cancellation, we retain your data for 30 days to allow recovery, then delete it permanently. Aggregated, anonymized analytics may be retained for service improvement.
6.3 Legal retention
We may retain certain records (invoices, tax records, anti-fraud data) for longer periods where required by law.
7. Cookies & tracking
7.1 Categories
We use Necessary cookies (authentication, security), Analytics cookies (aggregate usage measurement), and Marketing cookies (ad effectiveness). Necessary cookies are always on; you control Analytics and Marketing.
7.2 Your controls
Manage your preferences from the cookie banner or any time via the Cookie Policy page. You can also block cookies in your browser settings.
7.3 Global Privacy Control (GPC)
We honor the GPC browser signal as a request to opt out of sale or sharing of personal information.
8. International data transfers
8.1 Controller location
Meeko Digital is based in Ontario, Canada. Personal information collected from you is under our control regardless of where it is stored or processed.
8.2 Where your data is stored
Account, project, and live-site data is hosted on managed cloud infrastructure located primarily in the United States (Amazon Web Services, us-east-1 region). This means your personal information is transferred to, stored in, and processed in the United States and may be accessible to U.S. law enforcement under U.S. law (including the CLOUD Act). By using the Service, you acknowledge this cross-border transfer.
8.3 Transfer safeguards
In accordance with PIPEDA’s accountability principle and Quebec Law 25, we remain accountable for personal information transferred to service providers and require contractual protections (data-processing agreements with confidentiality, security, and breach-notification obligations) comparable to those required of us. For transfers from the EU/UK we rely on Standard Contractual Clauses or equivalent safeguards.
9. Security incidents
9.1 Our commitment
We follow industry best practices to prevent unauthorized access, disclosure, alteration, or destruction of your data.
9.2 Breach notification
In the unlikely event of a breach of security safeguards involving your personal information, we will, as required by PIPEDA, notify the Office of the Privacy Commissioner of Canada and affected individuals as soon as feasible where the breach creates a real risk of significant harm. We will also maintain a record of all such breaches for at least 24 months. For breaches affecting EU/UK residents we follow GDPR’s 72-hour notification timeline. Other jurisdictions are notified per applicable law.
10. Children’s privacy
10.1 Age restrictions
Our service is not intended for children under 18. We do not knowingly collect personal information from children.
10.2 Reporting
If you believe a child has provided us personal information, email privacy@meekodigital.com and we will delete it promptly.
11. Data we process on your behalf
11.1 Your website visitors
When we host and operate your website, we collect analytics data from your site’s visitors (page views, referral sources, device type, approximate location) to populate your performance dashboard. We act as a data processor on your behalf (you are the data controller). Visitor data is used solely for your analytics and is never sold or shared with third parties.
11.2 Review automation & CASL compliance
If your plan includes automated review-request emails, you provide us with your customers’ email addresses. We send review requests on your behalf and act as a data processor for this data. These email addresses are used only to send the review request, are not shared with any third party, and are deleted within 90 days of collection. Because we send these messages on your behalf, you (the data controller) are responsible for ensuring you have express or implied consent under Canada’s Anti-Spam Legislation (CASL) before submitting customer email addresses. Every message we send on your behalf includes sender identification and a one-click unsubscribe mechanism as required by CASL.
11.3 Blog content created for you
If your plan includes blog content, we use your business information to write articles published on your website. All content we create is owned by you and may be exported at any time.
11.4 Your responsibility
You are responsible for ensuring you have the right to share your customers’ data with us (e.g., email addresses for review requests) and for maintaining an appropriate privacy notice on your own website. We deploy a default visitor privacy notice on every site we build, which you may customize through your portal.
Questions about this policy?
Email privacy@meekodigital.com or contact us through your account portal.
We will respond within 30 days, often much sooner.
We may update this Privacy Policy from time to time. Material changes will be communicated through your portal or by email.