Privacy policy.

TL;DR

We only collect the info we need to run PRJKT : ASHCUT, keep it safe, and never sell it. You can see, fix, or delete your data any time—just ask.

1. Introduction & Who We Are

PRJKT : ASHCUT ("we," "us," "our") is a Saskatchewan‑based creative‑media studio operating https://prjktashcut.com (the "Site"). We craft cinematic content and sell digital downloads and production services to Canadian clients. Protecting your privacy is core to our craft.

2. Scope

This Privacy Policy applies to anyone who visits the Site, buys from us, or interacts with our content, and to all Personal Information we process.

3. Definitions

  • Personal Information (PI): Any data that identifies or could identify you.

  • Processing: Any action performed on PI (collect, use, store, share, delete).

  • Cookie: Small text file stored on your device to remember settings or track use.

  • UGC: User‑generated content such as comments or uploads.

4. Types of Data We Collect

Category Examples Contact name, email, phone Billing address Behavioral page views, clicks, scroll depth Device IP address, browser type, OS UGC comments, file uploads Cookies & Similar analytics IDs, ad pixels

5. How We Collect It

  • Web forms (checkout, email sign‑up)

  • Cookies & pixels (Google Analytics, Meta Pixel)

  • Third‑party embeds (Instagram, YouTube)

  • Direct uploads (portfolio submissions)

6. Why We Collect / Legal Bases

Purpose Legal Basis Process orders & deliver services Contract Email marketing & promos Consent (unsubscribe any time) Site analytics & performance Legitimate interest Meet legal/tax obligations Legal obligation

7. How We Use the Data

  • Fulfil orders and deliver downloads

  • Respond to enquiries

  • Improve site performance and content

  • Send newsletters (opt‑out anytime)

  • Detect and prevent fraud

8. Third‑Party Sharing & Disclosure

Vendor Data Shared Purpose Google (Analytics, Gmail) IP, usage Site analytics, email hosting Meta (Instagram, Facebook) Pixel events Ad tracking & retargeting Squarespace All site data Website hosting & CMS HubSpot Contact info CRM & email automation

We never sell your data. Vendors act under contract as our service providers.

9. International Transfers & Safeguards

Your data may be stored on servers outside Canada (e.g., U.S.). We rely on Standard Contractual Clauses (SCCs) or equivalent safeguards and require vendors to meet PIPEDA standards.

10. Data Retention Schedule

Data Type Retention Disposal Order records 7 years (tax) Secure deletion after audit period Marketing email lists Until you unsubscribe Immediate removal Analytics logs 26 months Auto‑delete via Google settings Support tickets 2 years Secure wipe

11. Security Measures

  • Technical: SSL/TLS, encryption at rest, 2‑factor admin logins.

  • Administrative: Least‑privilege access, quarterly data‑flow reviews (see Appendix).

  • Physical: Secure office locks, device encryption.

12. User Rights & Choices

You can:

  • Access or download your PI

  • Correct inaccurate data

  • Delete data we no longer need

  • Withdraw marketing consent

  • Control cookies via browser settings
    Contact us (Section 16) to exercise rights.

13. Automated Decision‑Making & Profiling

We do not make decisions that produce legal or significant effects solely by automated means.

14. Children’s Privacy

Our services are for users 18+. We do not knowingly collect PI from children under 13. Parents—contact us if you believe we have.

15. Breach Notification Procedure

If a breach with real risk of harm occurs, we will:

  1. Notify the Office of the Privacy Commissioner of Canada and affected users as soon as feasible (usually within 72 hours).

  2. Document the incident and mitigation steps.

16. Changes to This Policy

We may update this Policy. We’ll post the new version and, if changes are major, email or pop‑up notify you at least 30 days before they take effect.

17. Contact Information & DPO

Privacy Officer: Ashdynn Bradley
Email: ashdynnbradley@prjktashcut.com
Regina, S4T 1C5, Canada

18. Appendix: Operational Playbook

  1. Onboard New Vendors

    • Due‑diligence checklist

    • Sign data‑processing agreement

  2. Quarterly Data‑Flow Review

    • Map new data sources

    • Verify vendor compliance

  3. Training Schedule

    • Annual privacy & security refresher

    • Phishing simulations twice a year

  4. Incident‑Response Run‑Book

    • Identify → Contain → Eradicate → Notify → Review

  5. Annual Policy Audit

    • Compare practices vs. policy

    • Update sections 4, 8, 10 as needed

Last updated: 10 July 2025