Privacy Policy

bit california, llc, a california limited liability company, doing business as document fulfillment services (“dfs,” “we,” “us,” or “our”), provides this privacy policy on behalf of itself, its parent, subsidiaries, and affiliates this privacy policy explains how we handle personal information in two contexts our service operations performed for business customers our corporate website and marketing activities this privacy policy is intended to align with a soc 2 type ii control environment by clearly describing data handling, retention, and accountability boundaries this privacy policy does not replace contractual terms (including confidentiality, data protection, and security obligations) agreed to with a customer 1\ scope and roles service operations (customer data) in performing contracted services, dfs may receive files or data from a customer that can contain personal information about the customer’s end users or recipients (“customer data”) dfs processes customer data only to perform the services the customer has contracted for the customer remains the controller (or business) for customer data, and dfs acts as a service provider or processor dfs is not the custodian of customer data for purposes of individual access, correction, deletion, portability, or similar requests requests and disputes related to customer data must be directed to the customer if we receive such a request directly, we will refer the request back to the customer, unless required by law website and marketing when you visit our corporate website, we may collect certain information automatically (including through cookies) and use it for marketing, analytics, and to better understand and engage prospective business customers 2\ information we collect a service operations dfs does not seek to collect personal details about individuals for its own purposes in service operations however, customer data provided by the customer may include personal information (for example, names, addresses, account related fields, or other information the customer includes in production files) b business contact information we may collect business contact information, such as name, business email, business phone number company name, job title, department communications and correspondence with dfs (including support requests and onboarding communications) c website data, cookies, and identifiers when you use our website, we may collect ip address and approximate location derived from ip browser and device information pages viewed, links clicked, referral urls, and timestamps cookie identifiers and similar tracking technologies we use cookies and related technologies and may attempt to identify or associate a website visitor with a business contact or company for marketing purposes we may also use marketing automation and enrichment vendors to augment or enrich website and cookie derived data to improve marketing insights and outreach 3\ how we use information a service operations we use customer data only as needed to perform the contracted services, including intake, validation, preparation, production, and fulfillment workflows operational support and issue resolution related to a work order service quality checks and production integrity activities customer requested reproductions or reruns within the retention window (when applicable) dfs does not sell customer data and does not use customer data to market to the customer’s end users b business operations and relationship management we may use business contact information to respond to inquiries and provide customer support manage onboarding, account administration, and billing communications maintain business records and operational documentation c website and marketing we may use website data to operate and secure the website measure website performance and campaign effectiveness identify prospective business customers and conduct business to business marketing enrich marketing data using third party marketing automation and enrichment vendors 4\ how we share information a service providers and vendors we may share personal information with vendors who provide services to dfs, such as website hosting, analytics, and security providers marketing automation and enrichment vendors (for website visitor and marketing data) it, monitoring, and support tooling providers we require vendors to protect information and to use it only to provide services to dfs, consistent with applicable agreements b customer directed disclosures we may share information as directed by a customer, consistent with our contract, for example to support a customer workflow or request c legal and compliance we may disclose information if necessary to comply with law or legal process, including subpoenas, court orders, or other lawful requests, or to protect the rights, property, and safety of dfs, our customers, or others d corporate transactions if dfs is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be disclosed as part of that transaction subject to appropriate confidentiality protections 5\ data retention and deletion customer data retention dfs retains customer data only for as much use and as much time as needed to perform the contracted services as a standard practice, dfs purges customer data no later than 45 days after work order completion, unless a customer contract requires a shorter retention period (in which case the contract controls), or we are required to preserve information due to a legal obligation (including a subpoena or similar legal process), legal hold, or to comply with applicable law website and marketing data retention we retain website and marketing data for as long as reasonably necessary to support marketing, analytics, security, and business recordkeeping, subject to applicable law and our internal retention standards 6\ individual rights and requests customer data requests dfs is not the custodian or controller for customer data any request to access, correct, delete, or otherwise exercise rights over customer data must be directed to the customer that owns the relationship with the individual if dfs receives a request regarding customer data, dfs will refer the requester to the customer and may notify the customer of the request where appropriate website and business contact data requests depending on your location and applicable law, you may have rights regarding personal information we control in a business contact or website context you may contact us as described in section 12 7\ cookies and marketing choices you can control cookies through your browser settings and, where available, consent or preference tools on our website disabling certain cookies may affect website functionality you may also opt out of certain marketing communications by using the unsubscribe mechanism included in those communications 8\ data security dfs maintains an information security program designed to protect customer data and other information our safeguards are intended to be consistent with a soc 2 type ii control environment and may include administrative, technical, and physical controls such as access controls, least privilege, monitoring, and security incident response procedures no method of transmission or storage is completely secure we work to maintain appropriate safeguards, but we cannot guarantee absolute security 9\ data transfers dfs primarily operates in the united states if information is transferred across borders, dfs will take steps designed to maintain appropriate protections consistent with applicable law and contractual obligations 10\ children’s privacy our services and website are intended for business use and are not directed to children we do not knowingly collect personal information from children 11\ changes to this privacy policy we may update this privacy policy from time to time the “last updated” date reflects the most recent revision if we make material changes, we will post the updated policy on our website and may provide additional notice where required by law