Dark Logo of Done&Co.

Privacy & Policy Statement

Effective Date: September 8, 2025

1. Introduction

Done & Co. respects your privacy. This Privacy Policy explains how we collect, use, and protect personal information when you visit our website or engage with our services.


2. Information We Collect

  • Personal Information: Name, email, phone, billing details (via Stripe/ACH processors).
  • Usage Data: IP addresses, browser type, pages visited (via analytics tools).
  • Client Project Data: Information voluntarily provided by clients during engagements.

3. How We Use Information

  • To deliver, manage, and improve our services.
  • To process payments and invoices.
  • To send important communications about services or security.
  • To comply with legal and regulatory obligations.

4. Data Storage & Security

  • Data is encrypted in transit (TLS 1.2/1.3) and at rest (AES-256).
  • Passwords are hashed and salted; MFA is enforced internally.
  • Daily backups retained for 30 days.
  • Systems are monitored and logs kept for at least 12 months.

5. Third-Party Services

We use trusted vendors such as Vercel, Supabase, Sanity, GitHub, SendGrid, Cloudflare, Google Workspace, Gusto, Deel, and Stripe. These providers may process personal data under their own security and privacy policies.

6. Data Sharing

We do not sell or rent personal data. Data may be shared with third parties only when:

  • Required to deliver our services.
  • Required by law or legal process.
  • To protect the rights, property, or safety of Done & Co. or our clients.

7. International Data Transfers

Personal data may be transferred and processed outside your country of residence, subject to GDPR-compliant safeguards.

8. Data Subject Rights (GDPR/CCPA)

You may request:

  • Access to your personal data.
  • Correction of inaccuracies.
  • Deletion of your data (“right to be forgotten”).
  • Restriction or portability of your data.

Requests should be sent to privacy@doneandco.com. We respond within 30 days.

9. Payment Processing

Done & Co. does not directly process or store credit card information. Payments are handled via Stripe (PCI DSS Level 1) or ACH billing systems.

10. Data Retention

  • Client project data retained as long as necessary to provide services.
  • Backups retained for 30 days.
  • Data may be retained longer if legally required.


11. Cookies & Tracking

We may use cookies and analytics tools to improve site performance and understand usage. You can disable cookies in your browser settings.

12. Children’s Privacy

Our services are not directed to children under 16. We do not knowingly collect data from minors.

13. Updates

We may update this Privacy Policy from time to time. Updates will be posted on our website with the “Effective Date” above.

14. Contact

Questions about this Privacy Policy can be directed to:
 privacy@doneandco.com

Website Privacy Notice

At Done & Co., we take your privacy seriously. This notice explains, in simple terms, how we handle your information when you visit our website or use our services.

What We Collect

  • Contact details you provide (like name, email, phone).
  • Payment details (processed securely through Stripe or ACH — we don’t store card data).
  • Technical information (IP address, browser type, pages visited).


How We Use It

  • To deliver and improve our services.
  • To process invoices and payments.
  • To send important updates (like security or account notices).


How We Protect It

  • Data encrypted in transit (TLS 1.2/1.3) and at rest (AES-256).
  • Multi-factor authentication (MFA) used internally.
  • Daily backups stored securely for 30 days.


Who We Share It With

We don’t sell or rent your data. We may share limited information with trusted providers (like Vercel, Supabase, Google Workspace, SendGrid, Stripe) to deliver our services.

Your Rights

If you’re in the EU, UK, or California, you may request to:

  • Access your data
  • Correct inaccuracies
  • Request deletion (“right to be forgotten”)

Email us at privacy@doneandco.com for requests. We respond within 30 days.

Cookies & Tracking

We use cookies and analytics to understand site usage. You can disable cookies in your browser settings.