Privacy Policy

1. Introduction

MXK Digital ("we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy describes how we collect, use, and disclose your information when you visit our website (www.mxkdigital.com), request our Technical Risk & Growth Audit, or engage with our Growth Infrastructure Partnership services.

As a Growth Infrastructure Firm specializing in compliant-by-design systems for the insurance industry, we hold ourselves to the highest standards of data integrity.

This policy reflects key requirements in applicable U.S. federal and state privacy and marketing laws, including the California Consumer Privacy Act (CCPA/CPRA) and the Telephone Consumer Protection Act (TCPA), where they apply to us.

2. Information We Collect

We collect information that identifies, relates to, describes, or could reasonably be linked to you ("Personal Information").

A. Information You Provide Directly

We collect data when you request a Technical Risk & Growth Audit, book a diagnostic appointment, or engage our Growth Infrastructure Partnership services. This includes:

• Identifiers: Name, email address, phone number, and business address.
• Professional & Business Data: Company name, job title, annual premium volume, team size, lines of business (P&C, Life & Health, etc.), state licensures, and ad spend capacity.
• Technical Infrastructure Data: Current CRM platform, ad account details, email infrastructure specifications, and tracking system configurations (collected only during diagnostic audits with your explicit permission).
• Communications: Content of your emails, SMS messages, or notes sent to us through our booking portal or Slack channels.

B. Information Collected Automatically

When you navigate our site, we use tracking technologies to collect:

• Device Data: IP address, browser type, operating system, and unique device identifiers.
• Usage Data: Pages viewed, time spent on pages, referring URL (how you found us), and interaction with site elements.
• Consent Logs: To comply with TCPA requirements, we capture the IP address, timestamp, and specific browser action taken when you submit any consent form on our site.

C. Information from Third Parties

We may receive information about you from third-party sources, such as public databases, professional networks (e.g., LinkedIn), or business verification services, to confirm your agency's qualification criteria for our Partnership program.

D. Sensitive Data & Inference

In the course of providing diagnostic services, we may process data that qualifies as "Sensitive Data" under applicable state laws (e.g., health insurance product interest, financial information). We collect this data strictly to assess your agency's compliance infrastructure and risk profile. By requesting a Technical Risk & Growth Audit, you explicitly consent to the processing of this sensitive data for that limited diagnostic purpose.

3. How We Use Your Information

We use your data for the following business purposes:

• Service Delivery: To conduct your Technical Risk & Growth Audit, process your Partnership qualification, schedule diagnostic appointments, and deliver Phase 1 and Phase 2 services.
• Communication: To send diagnostic results, infrastructure scorecards, Partnership proposals, appointment confirmations, and respond to your inquiries.
• Marketing & Retargeting: To show you relevant advertisements on platforms like Meta (Facebook/Instagram) and Google based on your interests and qualification status.
• Compliance & Security: To verify valid consent for SMS/calls (TCPA compliance), prevent fraud, and ensure our services are used by legitimate U.S.-based insurance agencies that meet our qualification criteria.
• Performance Analysis: We may use aggregated and de-identified audit data to identify industry compliance trends (for example, "Most Common CRM Misconfigurations in 2026"). We do not use your identifiable agency data to train public AI models or share it with competitors.

4. SMS Marketing & TCPA Compliance

Strict adherence to the Telephone Consumer Protection Act (TCPA) is central to our operations.

• Consent: By providing your phone number on our booking portal and checking the consent box, you explicitly consent to receive text messages from MXK Digital at the number provided. These messages may include appointment reminders, diagnostic results, Partnership qualification updates, and compliance tips related to the Safe Scale Protocol. Consent is not a condition of service.
• Opt-Out: You may opt out of receiving SMS messages at any time by replying STOP. You will receive one final confirmation message.
• Data Sharing: We do NOT share your SMS opt-in consent or phone number with third parties or affiliates for marketing purposes. Your phone number is used exclusively for MXK Digital's direct communication with you.

Message and data rates may apply. Message frequency varies based on your engagement with our services (typically 2–4 messages per month during active Partnership).

5. How We Share Your Information

We do not sell your Personal Information to data brokers. We disclose data only as follows:

• Service Providers: We share data with trusted vendors who help us operate our business (e.g., Zoom for diagnostic calls, our booking portal provider for appointment scheduling, HighLevel for CRM management, Twilio for SMS delivery). These vendors are contractually bound to protect your data and use it only for the services they provide to us.
• Ad Platforms (Sharing): We may share hashed identifiers (such as email addresses) with platforms like Meta and Google to deliver targeted advertising through Custom Audiences. Under California law, this may be considered "sharing" for cross-context behavioral advertising. You have the right to opt out of this (see Section 7).
• Legal Requirements: We may disclose information if required by law, court order, subpoena, or to protect the rights, property, and safety of MXK Digital, our clients, or others.

We do not share your technical infrastructure data, audit findings, or diagnostic results with any third parties except as required by law.

6. Cookies and Tracking Technologies

We use cookies, pixels, and similar tracking technologies to recognize you and analyze site traffic.

• Essential Cookies: Required for the site to function (e.g., session management, security).
• Marketing Cookies: Used to track the effectiveness of our advertising and retarget visitors after they leave our site. These may include pixels from Meta and Google that help us understand campaign performance and build audiences of qualified prospects.
• Your Control: You can configure your browser to refuse all cookies, but some site features may not function properly. You may also use browser extensions to block specific tracking technologies.
• Global Privacy Control (GPC): We recognize and honor Global Privacy Control signals. If your browser transmits a GPC signal, we will automatically treat it as a valid request to opt out of the sale or sharing of your personal data for that specific browser/device. Our GPC compliance script runs before any marketing pixels load.

7. Your Privacy Rights (CCPA/CPRA & U.S. State Laws)

Depending on your location (especially if you are a California resident), you have specific rights regarding your data:

• Right to Know: Request details about the categories and specific pieces of personal information we have collected about you in the past 12 months.
• Right to Delete: Request that we delete your personal information (subject to certain legal exceptions, such as completing services you requested or complying with legal obligations).
• Right to Correct: Request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of 'Sale/Sharing': You may ask us not to use your personal information for cross-context behavioral advertising (such as using your email to build custom audiences on ad platforms). To exercise this right, email us at support@mxkdigital.com with the subject line "Do Not Sell or Share My Personal Information" and we will process your request within 15 business days.
• Right to Non-Discrimination: We will not deny services, charge different prices, or provide different quality of service for exercising your privacy rights.
• Global Privacy Control (GPC): As noted above, we automatically honor GPC signals from your browser as a valid opt-out request.

We do not use or disclose 'sensitive personal information' (as defined under California law) for purposes that would trigger a right to limit its use beyond the diagnostic purposes for which you provided explicit consent.

To Exercise Your Rights

Email us at support@mxkdigital.com with the subject line "Privacy Request" and specify which right you want to exercise (access, delete, correct, or opt-out). Include your full name, email address, and phone number used to engage our services. We will verify your identity before processing the request and respond within the timeframes required by applicable law (typically 45 days, with possible 45-day extension if needed).

8. Notice to Residents of Indiana, Kentucky, and Rhode Island

Effective January 1, 2026, residents of these states have additional rights:

• Right to Appeal (IN, KY): If we decline your privacy request, we will inform you of our reasoning. You may appeal this decision by emailing support@mxkdigital.com with the subject line "Privacy Appeal." We will provide a written explanation within 60 days.
• Rhode Island Disclosure: We may process personal data for targeted advertising purposes. The categories of third parties to whom we may share your personal data include:
  • Marketing Platforms (Meta, Google) for ad delivery
  • Business Verification Services (for qualification confirmation)
  • Professional Service Providers (for diagnostic and implementation services)

9. Data Retention and Security

• Security: We use industry-standard security measures including SSL/TLS encryption, multi-factor authentication on administrative systems, and secure servers hosted in compliant data centers. However, no electronic transmission or storage is 100% secure.
• Retention: We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy or to comply with legal obligations:
  • Audit Data: Diagnostic findings and infrastructure scorecards are retained for 4 years (statute of limitations for potential TCPA claims).
  • Consent Logs: TCPA consent records are retained for 4 years from the date of last contact.
  • Partnership Client Data: Active client data is retained for the duration of the engagement plus 7 years (standard business record retention).
  • Marketing Data: Contact information for prospects who do not engage our services is retained for 2 years, then deleted.
• International Data Transfers: We primarily serve U.S.-based insurance agencies. Our founder is based in Serbia, and some data processing may occur outside the United States. By using our services, you understand that your data may be transferred to and processed in countries with different data protection standards than your own.

10. Children's Privacy

Our services are exclusively B2B and intended for insurance agency owners and executives. We do not knowingly collect data from anyone under the age of 18. If we discover we have inadvertently collected information from a minor, we will delete it immediately.

11. Third-Party Links

Our website may contain links to third-party sites (e.g., insurance carrier portals, government compliance resources, platform documentation). We are not responsible for the privacy practices of those external sites. We encourage you to review their privacy policies before providing any information.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, services, or applicable laws. When we make material changes, we will update the "Last Updated" date at the top and, if required by law, provide notice through email or a prominent notice on our website.

13. Contact Us

If you have questions about this policy or wish to exercise your privacy rights, please contact us:

For privacy-specific inquiries, please use the subject line "Privacy Request" to ensure prompt routing to our compliance team.