Skip to content
STOA Digital Solutions

Legal

Privacy Policy

Effective Date: April 1st, 2026

1. Introduction

Welcome to STOA Digital Solutions ("STOA," "we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website at stoa.agency, interact with our forms, or receive email communications from us.

2. Information We Collect

We collect information you provide directly to us, as well as information gathered automatically through your use of our website.

Information you provide

  • Contact form — full name, email address, phone number (optional), company name (optional), and your message.
  • Newsletter signup — email address.
  • Lead magnet downloads — email address and an explicit consent acknowledgment to receive occasional emails from STOA.

Information collected automatically

  • IP address — used temporarily for rate limiting and security protections. IP addresses are held in server memory only and are not written to disk or stored permanently.
  • Analytics data — when enabled, we use OpenPanel to collect aggregated usage data such as pages visited, outgoing link clicks, and general browser attributes. This data is used to understand how visitors interact with our site and improve the experience.
  • Server logs — our hosting provider (Vercel) may record standard server logs including IP address, request URL, and user agent string.

3. How We Use Your Information

We use the information we collect to:

  • Respond to your inquiries and provide requested services.
  • Deliver resources you have requested, such as downloadable guides and checklists.
  • Send occasional communications, including updates and educational resources, to subscribers who have provided consent.
  • Analyze website usage to improve our content and user experience.
  • Protect the security and integrity of our website, including preventing abuse through rate limiting.
  • Comply with applicable legal obligations.

4. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent — when you subscribe to our newsletter or download a resource with an explicit opt-in, we process your email address based on your consent. You may withdraw consent at any time.
  • Contractual necessity — when you submit a contact form to inquire about our services, we process your information to respond to your request.
  • Legitimate interest — we use analytics to understand how our website is used and rate limiting to protect it from abuse. These activities are proportionate and do not override your rights.

5. Data Sharing and Service Providers

We do not sell your personal information. We do not share your data with third parties for their own marketing purposes. Your data may be processed by the following service providers solely to support the operation of our website and communications:

  • Mautic — our customer relationship management (CRM) platform, self-hosted on a US-based server. Stores contact information submitted through our forms.
  • Vercel — our website hosting provider. Serves the website and may process standard server logs.
  • Cloudflare — our content delivery network (CDN). Delivers images and static assets. Does not receive personal data from our forms.
  • OpenPanel — our analytics platform, used when enabled to collect aggregated website usage data.
  • Cal.com— our scheduling tool. When you click a booking link on our site, you are directed to Cal.com's platform. Any information you provide during scheduling is governed by Cal.com's own privacy policy.

6. Cookies and Tracking Technologies

Our website does not currently set first-party cookies or use a cookie consent banner. If our analytics provider (OpenPanel) is active, it may use lightweight tracking mechanisms to collect aggregated usage data. Our hosting provider (Vercel) may set functional cookies necessary for delivering the website.

Most web browsers allow you to control cookies through their settings. You can configure your browser to refuse cookies or alert you when cookies are being sent. Disabling cookies should not affect the functionality of our website.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

  • Contact and CRM data — retained while the business relationship is active or until you request deletion.
  • Analytics data— retained according to OpenPanel's default retention settings.
  • Rate-limiting data — IP addresses used for rate limiting are held in server memory only and automatically cleared within 60 seconds.

You may request deletion of your personal data at any time by contacting us using the details in the Contact Us section below.

8. Data Storage and Security

Your information is stored using industry-standard security measures. All data transmitted between your browser and our website is encrypted via HTTPS. Our CRM platform (Mautic) is self-hosted on a secured, US-based server with authenticated API access. We take reasonable precautions to protect your data from unauthorized access, disclosure, alteration, or destruction. While no internet transmission is 100% secure, we strive to use commercially acceptable means to protect your personal information.

9. International Data Transfers

STOA Digital Solutions is based in the United States. All personal data we collect is processed and stored within the United States on US-based servers (Vercel and our self-hosted infrastructure). If you are accessing our website from outside the United States, please be aware that your information will be transferred to and processed in the United States.

10. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request correction of inaccurate or incomplete data.
  • Deletion — request deletion of your personal data when it is no longer necessary for the purposes for which it was collected.
  • Portability — request a copy of your data in a structured, commonly used format.
  • Restrict processing — request that we limit the processing of your data in certain circumstances.
  • Object to processing — object to processing based on legitimate interest.
  • Withdraw consent — withdraw your consent at any time where we rely on consent to process your data. This will not affect the lawfulness of processing carried out before withdrawal.
  • Opt out — unsubscribe from marketing communications at any time by contacting us or using the unsubscribe link in any email.

To exercise any of these rights, please contact us at hello@stoa.agency. We will respond to your request within 30 days.

11. Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at hello@stoa.agency.

12. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected individuals within 72 hours of becoming aware of the breach. Notification will be made via email to the address we have on file, and we will describe the nature of the breach, the data involved, and the steps we are taking to address it.

13. Do Not Track

Some web browsers transmit "Do Not Track" (DNT) signals. There is currently no universally accepted standard for how websites should respond to DNT signals. At this time, our website does not respond to DNT signals, but we are committed to minimizing the data we collect and respect your privacy preferences.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page. We encourage you to review this policy periodically to stay informed about how we protect your information. Continued use of our website after any changes constitutes your acceptance of the updated policy.

15. Contact Us

If you have questions or concerns about this Privacy Policy or how your data is handled, please reach out to us:

STOA Digital Solutionshello@stoa.agencyChapel Hill — Triangle Area, North Carolina, USA