- Who we are and contact details
- What information we collect
- How we collect it
- Why we use your information
- Our legal basis (GDPR / UK GDPR)
- Who we share information with
- International data transfers
- How long we keep your data
- How we protect your data
- Your rights
- Children's privacy
- Changes to this policy
- How to complain
1. Who we are
This Privacy Policy applies to DmainWeb ("we," "us," "our") — a website development and SEO agency operating primarily through the website https://dmainweb.online and its subdomains (collectively, the "Service"). We serve clients across the United States, United Kingdom, Canada, and Nigeria.
Data Controller: DmainWeb is the data controller responsible for your personal information.
Contact us about privacy:
- Email: privacy@dmainweb.online
- WhatsApp: +234 816 6457230
- Postal: DmainWeb, Lagos, Nigeria (registered office)
2. What information we collect
We collect information you give us directly, information we collect automatically, and (in limited cases) information from third parties.
Information you give us
- Contact details: name, email address, phone number, business name, country, role.
- Project details: URLs of your existing site, business description, goals, budget range, target keywords, audit responses.
- Communications: messages you send via our forms, WhatsApp, email, or live chat.
- Newsletter signup: email address and (optional) name.
- Tool inputs: URLs you submit to our SEO Audit, Cost Calculator, ROI Calculator, and similar tools.
Information we collect automatically
- Device + technical data: IP address, browser type, operating system, device type, referring URL, language preferences.
- Usage data: pages visited, time on page, scroll depth, clicks, session duration.
- Cookies and similar technologies: see our Cookie Policy for full details.
Information from third parties
- Analytics providers (Google Analytics, Microsoft Clarity)
- Advertising networks (Meta, Google Ads) where applicable
- Public sources for prospect research (LinkedIn, Crunchbase) — limited to business contact information
We never collect government identifiers (Social Security Numbers, BVN, NIN, NHS numbers, passport numbers), full payment card data (handled by our PCI-compliant payment processor), or special category data (health, religion, sexual orientation, biometrics) unless explicitly required and consented to.
3. How we collect information
- Directly from you when you fill in a form, message us, run an audit, request a quote, sign up for our newsletter, or book a call.
- Automatically via cookies, web beacons, server logs, and similar technologies as you use the Service.
- From third-party services we use (analytics, advertising platforms, lead enrichment tools).
4. Why we use your information
| Purpose | Type of data used |
|---|---|
| Respond to inquiries and deliver requested services | Contact details, project details, communications |
| Run SEO audits, calculators, and other tools you request | URL submissions, tool inputs |
| Send transactional messages (project updates, invoices, audit reports) | Contact details |
| Send marketing communications (with your consent) | Contact details |
| Improve our Service and develop new features | Usage data, device data, anonymised aggregate data |
| Detect, prevent, and respond to fraud and security incidents | Device data, IP address, usage data |
| Comply with legal obligations | As required by applicable law |
| Personalise advertising (where consented) | Cookies, usage data, hashed identifiers |
5. Our legal basis (UK GDPR / EU GDPR)
If you are in the United Kingdom or European Economic Area, we rely on the following legal bases:
- Contract: processing necessary to deliver services you've requested or to take pre-contractual steps (e.g., providing a quote).
- Legitimate interests: running our business, improving our Service, marketing to existing clients, fraud prevention — balanced against your rights.
- Consent: for marketing communications, non-essential cookies, and analytics where required.
- Legal obligation: tax records, accounting, compliance with court orders.
You may withdraw consent at any time by contacting us or using opt-out mechanisms in our communications.
6. Who we share information with
We do not sell your personal information. We share it only with:
- Service providers who help us run the Service: hosting (Hostinger, Cloudflare), email (Google Workspace), CRM (HubSpot), analytics (Google Analytics, Microsoft Clarity), payment processors (Stripe, Paystack), customer messaging (WhatsApp Business, Tidio), email marketing (MailerLite), and similar.
- Professional advisors (accountants, lawyers, auditors) where necessary.
- Legal authorities where required by law, court order, or to protect our legal rights.
- Business successors in the event of a merger, acquisition, or asset sale (subject to confidentiality).
All service providers are contractually bound to handle your data only as instructed and subject to appropriate confidentiality and security obligations.
7. International data transfers
Because we operate across multiple countries, your information may be transferred to and stored on servers outside your country of residence. When we transfer personal data:
- From UK/EEA to outside the UK/EEA: we rely on Standard Contractual Clauses, UK International Data Transfer Agreements, or Adequacy Decisions where applicable.
- From Canada to outside Canada: we ensure comparable PIPEDA-equivalent protection through contract or law.
- From Nigeria to outside Nigeria: we comply with the NDPR/NDPA 2023 cross-border transfer requirements.
- From the US to outside the US: we apply contractual safeguards consistent with applicable state laws (CCPA/CPRA, VCDPA, etc.).
8. How long we keep your data
- Inquiry data (no project): 24 months from last contact.
- Active client data: for the duration of our engagement plus 7 years (tax/audit requirements).
- Newsletter subscriber data: until you unsubscribe, then deleted within 30 days.
- SEO audit / tool data: 90 days unless you've requested a follow-up.
- Cookie data: per the lifetimes set out in our Cookie Policy.
- Backup data: retained per our backup retention schedule (max 90 days).
9. How we protect your data
- HTTPS/TLS encryption for all data in transit.
- Encryption at rest for sensitive databases.
- Role-based access controls — only staff who need access have it.
- Multi-factor authentication on all admin accounts.
- Regular security audits, plugin/dependency updates, and penetration testing.
- Documented incident response plan with breach notification within 72 hours where required by GDPR/UK GDPR.
No system is 100% secure. If we become aware of a data breach affecting your personal information, we will notify you and the relevant supervisory authority within the timeframes required by applicable law.
10. Your rights
Depending on where you live, you have the following rights regarding your personal information:
| Right | What it means |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Rectification | Correct inaccurate or incomplete data |
| Erasure ("right to be forgotten") | Request deletion of your data, subject to legal retention requirements |
| Restriction | Limit how we process your data in certain circumstances |
| Portability | Receive your data in a machine-readable format |
| Objection | Object to processing based on legitimate interests, including direct marketing |
| Withdraw consent | Withdraw consent at any time without affecting prior lawful processing |
| Opt-out of "sale" or "sharing" (CCPA/CPRA) | California residents may direct us not to sell or share their personal information |
| No discrimination | We will not discriminate against you for exercising your rights |
To exercise any of these rights, email privacy@dmainweb.online. We will respond within 30 days (or sooner where required by law). We may need to verify your identity before processing certain requests.
11. Children's privacy
Our Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. For material changes, we will notify you by email (if we have your email) and/or post a prominent notice on our website at least 30 days before the change takes effect.
13. How to complain
If you have a concern about how we handle your personal information, please contact us first at privacy@dmainweb.online — we take complaints seriously and aim to resolve them within 14 days.
You also have the right to lodge a complaint with the relevant supervisory authority:
- UK: Information Commissioner's Office (ICO) — ico.org.uk
- USA (California): California Privacy Protection Agency — cppa.ca.gov
- Canada: Office of the Privacy Commissioner of Canada — priv.gc.ca
- Nigeria: Nigeria Data Protection Commission (NDPC) — ndpc.gov.ng
Email privacy@dmainweb.online or message us on WhatsApp. We respond within 1 business day.