Privacy Policy

Welcome to N40 Agency's Privacy Policy

N40 Agency respects your privacy and is committed to protecting your personal data.

This Privacy Policy informs you about how we collect, use, store, and disclose information about you when you visit our website (regardless of where you access it from) and other websites we own and operate.

We may update this Policy from time to time to reflect changes in the products and services we provide and how we handle your personal data.

We will not share your information with third parties outside our organization, except where necessary to fulfill your request, if such a request exists.

By using our website, you consent to the processing of your personal data as described in this Policy, in accordance with the EU General Data Protection Regulation (GDPR) 2016/679 and other applicable regulations including CCPA/CalOPPA where relevant to your jurisdiction.

Submitting any information through a form on our website constitutes your agreement to this Policy and grants N40 Agency permission to collect, use, and disclose your information for the purposes described below.

Definitions

The following definitions apply throughout this Policy:

• "N40 Agency / Company" — refers to N40 Agency, LLC, a Delaware limited liability company (EIN: 36-5172738, Delaware File No. 10548740), incorporated on March 16, 2026. Registered agent: Legalinc Corporate Services Inc., 131 Continental Dr, Suite 305, Newark, DE 19713, USA (also referred to as "We", "Us", or "Our").
• "Website" — refers to all content and links at https://n40.agency/ and https://academy.n40.agency/ (N40 Academy), providing information about our services and products.
• "User" — a visitor to the website (also referred to as "You").
• "Service" — the collection of services provided by N40 Agency through the website.

Information We Collect

We collect information and personal data from users directly when they submit a form on our website (such as "Contact Us" or "Start a Project") or when they browse our website. We collect Personal Data only when you complete a form on our website and with your permission. All other data we collect is primarily usage data.

Personal Data You Provide

We collect personal information that you voluntarily provide when you express interest in obtaining information about us or our products and services, participate in activities related to our services, or otherwise contact us.

When you complete a contact form on our website, personal data is collected. You may also provide personal data through social media platforms such as Instagram, Facebook, or LinkedIn.

We may collect the following personal data from you:

• Your name;
• Email address;
• Links to your social media accounts;
• Links to or copies of your resume/portfolio.

This data is considered "identifying information" as it can personally identify you. We collect only the information relevant to providing you with the service, and use it solely for delivering or improving that service.

We do not process sensitive information.

All personal data requested by N40 Agency is necessary for quality communication with you. Failure to provide this information may make it difficult or impossible for the Company to provide services.

Automatically Collected Information

When you visit our website, our servers may automatically log standard data provided by your web browser. This information does not reveal your personal identity (such as your name or contact details), but may include device and usage data, information about how and when you use our services, and other technical data.

We collect usage data that may include:

• Browser type;
• Browser version;
• Type of device you are using;
• Pages of our website that you visited;
• Time and date of your visit;
• Time spent on those pages;
• Unique device identifiers;
• IP address (which may also be collected as personal data);
• Geolocation data (which may also be collected as personal data);
• Other diagnostic data.

Cookies

In some cases, we may use cookies to collect personal data, or data that becomes personal data when combined with other information.

What are cookies? Cookies are small data files placed on your computer or mobile device when you visit a website.

Cookies and other tracking technologies are used on this website for the following purposes:

• Obtaining standard web analytics data;
• Collecting data via HTML/Flash cookies, web beacons, and similar technologies;
• Gathering demographic information to help customize the website.

We may share this information with partners who help us restore, manage, or maintain our website.

You can delete all cookies already on your device by clearing your browser's history. You can also configure your browser to block cookies.

If you are located in or are a citizen of the EU, GDPR consent requirements for cookies apply where required by law.

Google Analytics

We may share your information with Google Analytics to track and analyze the use of our services. Google Analytics advertising features we may use include: remarketing with Google Analytics, Google Display Network Impression Reporting, and Google Analytics Demographics and Interest Reporting.

To opt out of Google Analytics tracking, visit https://tools.google.com/dlpage/gaoptout.

Data transfers to Google LLC (USA) are made under the EU Standard Contractual Clauses. For more information, see Google's Privacy Policy.

Purpose of Processing

We may use a combination of identifying and non-identifying information to understand who our visitors are, how they use our services, and how we can improve their experience on our website.

We typically collect and use your personal data for the following purposes:

• Providing and operating our services;
• Responding to your information requests;
• Analyzing website usage and improving performance;
• Sending you marketing communications if you have consented;
• Facilitating engagement with our Company;
• Protecting our rights and preventing misuse;
• Complying with legal obligations.

Legal Basis for Processing

We process your personal data and communicate with you on the following legal bases:

• With your personal consent for one or more purposes, such as requesting products or services from us, downloading materials or information from our website, or completing a contact form.
• Where necessary for our legitimate interests in providing services, provided such interests do not override your fundamental rights and freedoms.
• To fulfill a legal obligation, where required by applicable law.

If you wish to withdraw your consent to the processing of your personal data, please contact us at contact@n40.agency.

Data Storage

We will retain your personal information only for as long as necessary for the purposes set out in this Policy, unless a longer retention period is required or permitted by law (such as for tax, accounting, or other legal requirements).

When we no longer have a legitimate business need to process your personal information, we will either delete or anonymize it. If this is not possible, we will securely store your personal information and isolate it from further processing until deletion is possible.

Indicative retention periods by data category:

International Data Transfers

N40 Agency, LLC is incorporated in the State of Delaware, USA (EIN: 36-5172738, Delaware File No. 10548740, incorporated March 16, 2026). If you are located in the European Union or the United Kingdom, your personal data is transferred to and processed in the United States.

Such transfers are made under the EU Standard Contractual Clauses (SCC) adopted by the European Commission (Decision 2021/914 of 4 June 2021), ensuring an adequate level of protection for your personal data as required by GDPR Chapter V.

Our sub-processors (Supabase, Google LLC, Resend, Netlify, Calendly, Hotjar, Meta, LinkedIn) also process data under SCC or equivalent transfer mechanisms. For details, see our Data Processing Agreement.

Data Disclosure

Any information we collect or that you provide to us may be shared with and processed by the Company's units and/or engaged service providers. We do not sell or transfer your personal data to third parties for commercial purposes.

Vendors, consultants, and other third-party service providers. We may share your data with third parties such as service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to perform their work.

Categories of third parties with whom we may share personal data include:

• Communication and collaboration tools;
• Data analytics services;
• Data storage service providers;
• Retargeting platforms;
• Sales and marketing tools;
• Social media networks;
• Website hosting service providers;
• Payment processors (Stripe, Inc. — international payments; NovaPay — payments in Ukraine).

Payment data. Payments are processed by Stripe, Inc. (USA). N40 Agency does not store or have access to full card numbers or CVV codes — this data is transmitted directly to Stripe, which is certified at PCI DSS Level 1. Stripe may process your name, email, and billing address in accordance with its Privacy Policy.

For payments in Ukraine, we use NovaPay, a licensed payment provider certified by the National Bank of Ukraine (NBU). NovaPay processes payments in accordance with Ukrainian legislation and PCI DSS standards.

Business transfers. We may share or transfer your information in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company, or during negotiations of such transactions.

Data Security

We aim to protect your personal information through a system of organizational and technical security measures. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure.

Breach Notification

In the event of a personal data breach, we will notify you and the relevant supervisory authorities within 72 hours of becoming aware of the breach, in accordance with GDPR requirements (Article 33).

Children's Privacy

We do not knowingly collect data about children under the age of 18 or direct marketing toward them.

If you become aware of any data we may have collected from children under 18, please contact us at contact@n40.agency.

External Links

Our website may contain links to other sites that we do not operate. We are not responsible for the content, privacy policies, or practices of any third-party sites. We recommend reviewing the privacy policy of every site you visit.

User Rights

Depending on your jurisdiction, you may have additional rights regarding access to and control over your personal information. You may submit a request by contacting us using the details below.

• Access to your personal data and confirmation of processing;
• Withdrawal of consent to processing (where applicable);
• Correction or update of inaccurate data;
• Request for deletion of information (where required by law). We aim to fulfill such requests within 30 days;
• Request for information about data the Company holds about you;
• Restriction of or objection to processing (where applicable);
• Data portability in a structured, machine-readable format.

EU/EEA residents also have the right to lodge a complaint with a data protection supervisory authority in the country of their habitual residence or place of the alleged infringement. A list of authorities is available at the European Data Protection Board website: edpb.europa.eu.

To exercise your rights: email us at contact@n40.agency. We will respond within 30 days.

California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights:

• The right to know what personal information is collected and how it is used;
• The right to delete personal information (with certain exceptions);
• The right to opt out of the sale or sharing of personal information with third parties;
• The right to non-discrimination for exercising your privacy rights.

N40 Agency, LLC does not sell personal information as defined under the CCPA. We do not transfer your data to third parties for monetary or other valuable consideration.

To exercise your CCPA rights or for more information, contact us at contact@n40.agency.

Third-Party Services & Data Processors

To provide our services and operate the website, we use the following third-party providers that may process your personal data:

Data transfers to the USA are made under the EU Standard Contractual Clauses (SCC). For details, see our Data Processing Agreement.

Cookie Consent Banner

On your first visit to our website, we display a cookie consent banner. Analytics and marketing cookies are activated only after you provide your consent. You may withdraw your consent at any time on our Cookie Policy page.

Unsubscribe from Marketing Emails

You may opt out of marketing emails by clicking the unsubscribe link in any marketing email we send, or by contacting us at contact@n40.agency.

Contact Us

If you have questions or comments about this Policy, you may email us at contact@n40.agency.