How We Handle
Your Data

Overview

This Privacy Policy applies to Digishot ("we", "us", "our"), a digital agency operating from 24 Gogol St, Yerevan 0069, Armenia. It covers all personal data processed through our website (digishot.io), contact forms, client onboarding, and service delivery.

We process personal data lawfully, fairly, and transparently. We only collect what is necessary for a specific, explicit purpose and retain it no longer than needed.

Data We Collect

We collect personal data in the following contexts:

Contact form submissions

When you contact us via the website form, we collect your name, email address, phone number (optional), company name (optional), and the content of your message.

Client onboarding

When you become a client, we collect billing information, business details, and any credentials or access information necessary to deliver your project (e.g. website hosting credentials, social media account access).

Website analytics

Our website may use analytics tools that collect anonymised data about page visits, browser type, device type, and referral source. This data cannot be used to identify you personally.

Communications

If you email us or communicate via messaging platforms, we retain those communications as part of the client relationship record.

How We Use Your Data

We use personal data for the following purposes:

• Responding to enquiries and providing quotes
• Delivering contracted services (website design, SEO, marketing campaigns, AI chatbots)
• Sending project updates, reports, and relevant communications
• Invoicing and payment processing
• Complying with legal obligations
• Improving our services based on anonymised usage patterns

We do not use your personal data for automated decision-making or profiling. We do not send marketing emails without your explicit consent.

Storage & Security

Personal data is stored securely on password-protected systems with access restricted to authorised team members only. We use industry-standard encryption for data in transit (HTTPS/TLS) and apply access controls to all client project files.

Credentials and sensitive access information provided by clients (e.g. CMS logins, ad account access) are stored in encrypted password management systems and deleted upon project completion or client request.

While we take reasonable precautions, no method of electronic storage is 100% secure. In the event of a data breach that affects your personal information, we will notify you within 72 hours of becoming aware of it.

Cookies

Our website may use cookies — small text files stored on your browser — for the following purposes:

• Essential cookies: Required for the website to function (e.g. form session state). These cannot be disabled.
• Analytics cookies: Anonymous data about how visitors use the site. You can opt out of these.
• Preference cookies: Store your settings and preferences across visits.

You can control cookie settings through your browser preferences. Disabling non-essential cookies will not affect your ability to use the website or contact us.

Third Parties

We do not sell, rent, or trade your personal data to third parties. We may share limited data with the following categories of service providers, strictly to deliver your project:

• Hosting providers — for website deployment and maintenance
• Email platforms — for client communications
• Analytics tools — for anonymised website performance data
• Payment processors — for invoice payment
• Advertising platforms (Google Ads, Meta Ads) — only for campaigns we manage on your behalf, using your business data, not ours

All third-party providers are required to process data only on our instructions and in accordance with applicable data protection law.

Your Rights

You have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Ask us to correct inaccurate or incomplete data
• Deletion: Request that we delete your personal data (subject to legal retention requirements)
• Restriction: Ask us to limit how we use your data while a dispute is resolved
• Portability: Request your data in a commonly used, machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdrawal of consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, email us at digishotio@hotmail.com. We will respond within 30 days.

Data Retention

We retain personal data for as long as necessary to fulfil the purpose for which it was collected, and in line with legal obligations:

• Enquiry data (non-clients): Deleted within 12 months if no project is initiated
• Client project data: Retained for 5 years after project completion for legal and accounting purposes
• Financial records: Retained for 7 years as required by Armenian tax law
• Access credentials: Deleted immediately upon project completion or client request

Children's Privacy

Our services are intended for businesses and individuals aged 18 and over. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

Policy Changes

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For significant changes, we will notify active clients by email. Continued use of our services after changes take effect constitutes acceptance of the revised policy.

Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or how we handle your personal data, please contact us:

We aim to respond to all data-related requests within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your country.