Legal

Privacy Policy

We collect a small amount of personal data to deliver our services and follow up on requests. This policy explains exactly what we collect, why we collect it, how we use it, and what your rights are. We've written it in plain language because we think that's the point of a privacy policy.

Duha Media · Last updated: [DATE] · Effective: [DATE]

1. Who We Are

Duha Media (“Duha Media,” “we,” “us,” or “our”) operates the website duhamedia.com. We provide CRO consulting and web design services for Shopify brands. For the purposes of this policy, Duha Media is the data controller for personal information collected through this website.

If you have questions about this policy or how we handle your data, contact us at: privacy@duhamedia.com

2. What Personal Data We Collect

We collect personal data in the following ways:

When you request a PDF brief (any service page)

—Your email address
—Your website URL

When you submit your site for a free audit (/free-audit)

—Your website URL

When you book a call (/contact)

—Your name
—Your email address
—Any information you provide in the message field

When you apply for the founding client programme (/founding-client/apply)

—Your website URL
—Your approximate monthly revenue range
—Your approximate monthly sessions range
—Whether you run paid ads
—Your description of your conversion problem
—Any additional information you choose to provide

When you subscribe to our newsletter (footer and Insights pages)

—Your email address

We do not collect payment information directly. We do not collect sensitive personal information as defined under applicable law (such as health data, racial or ethnic origin, or financial account details).

We also collect non-personal technical data automatically when you visit our website — including browser type, device type, pages visited, and referring URL. This data is collected through Microsoft Clarity and Google Analytics 4 (GA4) and is used in aggregate to understand how visitors use the site. This data is not linked to your personal identity unless you have submitted a form on this site.

3. How We Use Your Personal Data

We use the personal data we collect for the following purposes:

Email address (PDF gate, newsletter, contact form)

—To deliver the PDF brief you requested
—To send the newsletter you subscribed to
—To follow up on your inquiry or booking request
—To send occasional relevant communications about our services

Website URL (PDF gate, free audit, founding client application)

—To review your site as part of your audit or application
—To personalize any follow-up we send you
—We will not share your URL with third parties for any purpose

Founding client application data

—To assess whether your store is a good fit for the engagement
—To communicate with you about your application
—We do not use application data for marketing purposes

Behavioral data (Microsoft Clarity, GA4)

—To understand how visitors use the site
—To improve the site's content and structure
—This data is processed in aggregate and not used to identify individual visitors

We will not send unsolicited marketing emails. Every email we send includes an unsubscribe link. We will honor unsubscribe requests promptly — within 10 business days.

4. Legal Basis for Processing (US and International Visitors)

For visitors based in the United States, we process your personal data on the basis of your consent (when you submit a form) and our legitimate interest in following up on genuine business inquiries.

For visitors based in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following lawful bases as defined under the General Data Protection Regulation (GDPR):

—Consent: when you submit a form, subscribe to the newsletter, or request a PDF
—Legitimate interests: when we follow up on a business inquiry you have initiated

You have the right to withdraw consent at any time by contacting us at privacy@duhamedia.com or using the unsubscribe link in any email we send.

6. How Long We Keep Your Data

Email addresses and associated inquiry data are retained for as long as the relationship is active — meaning while you are a subscriber, applicant, or active client — and for up to 24 months after the last meaningful interaction.

Founding client application data is retained for 12 months from the date of application, regardless of outcome.

Behavioral data collected through Clarity and GA4 is retained according to those platforms' own retention settings, which we configure to the minimum available period.

You may request deletion of your personal data at any time by contacting privacy@duhamedia.com. We will action deletion requests within 30 days.

7. Your Rights

Depending on where you are located, you may have some or all of the following rights regarding your personal data:

—

Right to access — You can request a copy of the personal data we hold about you.

—

Right to correction — You can ask us to correct inaccurate or incomplete personal data.

—

Right to deletion — You can ask us to delete your personal data. We will comply unless we are required to retain it by law.

—

Right to opt out of marketing — Every marketing email we send includes an unsubscribe link. You can also email privacy@duhamedia.com to opt out of all marketing communications.

California residents

Under the California Consumer Privacy Act (CCPA), you have the right to know what personal information we collect, the right to delete it, and the right to opt out of its sale. We do not sell personal information. To exercise your rights, contact us at privacy@duhamedia.com.

EEA and UK residents

Under GDPR and UK GDPR, you have the right to access, correct, delete, restrict processing of, and port your personal data. You also have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at privacy@duhamedia.com. We will respond within 30 days.

8. Cookies

This website uses cookies and similar tracking technologies for the following purposes:

—

Essential cookies — required for the site to function. These cannot be disabled.

—

Analytics cookies — used by Microsoft Clarity and Google Analytics 4 to understand how visitors use the site. These are not linked to your personal identity.

We do not use advertising cookies or retargeting cookies. We do not use cookies to build advertising profiles.

Most browsers allow you to control cookies through their settings. If you disable analytics cookies, the site will continue to function normally but we will lose the ability to understand and improve it.

9. Security

We take reasonable technical and organizational measures to protect your personal data from unauthorized access, loss, or disclosure. These include encrypted data transmission (HTTPS), access controls on systems that store personal data, and use of reputable third-party processors with their own security certifications.

No method of transmission over the internet is completely secure. We cannot guarantee absolute security, but we will notify you without undue delay if we become aware of a breach that affects your personal data.

10. Children's Privacy

This website is not directed at children under 13 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at privacy@duhamedia.com and we will delete it promptly.

11. Changes to This Policy

We may update this privacy policy from time to time. When we do, we will update the “last updated” date at the top of the page. If the changes are material — meaning they significantly affect how we process your data — we will notify subscribers by email before the changes take effect.

Your continued use of the site after changes are posted constitutes acceptance of the updated policy.

12. Contact

For any questions about this privacy policy or how we handle your personal data:

—Email: privacy@duhamedia.com
—Website: duhamedia.com

We aim to respond to all privacy-related inquiries within 5 business days.