Privacy Policy | Korva Digital Marketing
Korva Digital Marketing

Privacy Policy

Effective Date: March 14, 2025  |  Last Updated: March 14, 2025

1. Overview

Korva Digital Marketing ("we," "us," or "our") is a digital marketing agency based in East Wenatchee, WA, providing AI voice agents, AI chatbots, marketing automation, and related digital marketing services to local and regional businesses.

This Privacy Policy explains how we collect, use, store, and protect information about:

  • Our clients — businesses that engage our services.
  • End users — individuals who interact with AI tools or systems we deploy on behalf of our clients.
  • Website visitors — anyone who visits www.korvadigitalmarketing.com.

By using our website or services you agree to the terms of this policy. If you do not agree, please discontinue use of our services.

2. Data We Collect

From clients and prospects we may collect:

  • Name, business name, email address, and phone number
  • Business information (industry, size, goals)
  • Payment information processed securely through Stripe
  • Communication history (emails, messages, call notes)
  • Service performance data and campaign analytics

From end users interacting with AI systems we deploy on behalf of clients:

  • Name and phone number (when provided during an interaction)
  • Call recordings and transcripts
  • Chat messages and conversation history
  • Appointment and scheduling information

Automatically from website visitors:

  • IP address, browser type, and device information
  • Pages visited, time on page, and referral source
  • Cookie data and analytics identifiers

3. How We Use Your Data

We use the information we collect to:

  • Provide, operate, and improve our services
  • Communicate with clients about projects, updates, and billing
  • Process payments through Stripe
  • Send appointment reminders and service notifications
  • Analyze website and campaign performance
  • Comply with legal obligations
  • Respond to inquiries and support requests

We do not sell your personal information to third parties.

4. AI-Specific Data Use

Our services use artificial intelligence tools including OpenAI to power voice agents and chatbots. When an end user interacts with these systems:

  • Conversation content may be processed by OpenAI's API in real time to generate responses.
  • We do not use client or end-user conversation data to train our own AI models.
  • OpenAI's data use is governed by their own Privacy Policy. As of the effective date of this policy, OpenAI does not use API-submitted data for model training by default.
  • Call and chat data is used solely to deliver and improve the contracted service for our clients.
If you are an end user who interacted with an AI agent deployed by one of our clients and have questions about how your data was used, please contact us at [email protected].

5. Third-Party Services

We share data with the following trusted third-party platforms only as necessary to deliver our services:

  • GoHighLevel — CRM, automation, and data hosting platform. Data is stored and processed within GoHighLevel's infrastructure. See their Privacy Policy.
  • Twilio — Voice and SMS communication infrastructure. See their Privacy Policy.
  • OpenAI — AI processing for voice agents and chatbots. See their Privacy Policy.
  • Google Analytics — Website traffic and behavior analytics. See Google's Privacy Policy.
  • Stripe — Secure payment processing. We do not store full payment card details. See Stripe's Privacy Policy.

We only share the minimum information required for each service to function. All third-party providers are contractually required to protect your data.

6. Call Recordings & Transcripts

As part of our AI voice agent services, calls may be recorded and transcribed. The following applies:

  • Callers are notified of recording at the start of each call where required by law.
  • Recordings and transcripts are stored within GoHighLevel's secure platform.
  • Access is limited to authorized Korva Digital Marketing personnel and the applicable client.
  • Recordings are retained for the period specified in the client's service agreement, and deleted upon expiration or written request.
  • Recordings are never sold or shared with unauthorized third parties.

7. SMS Communications

We send SMS messages to clients and, on behalf of clients, to their customers. All messaging complies with the Telephone Consumer Protection Act (TCPA) and carrier requirements.

  • Opt-in: Recipients provide explicit written consent before receiving SMS messages, through intake forms, service agreements, or text-to-join.
  • Message frequency: Typically 2–4 messages per month unless otherwise agreed.
  • Opt-out: Reply STOP to any message at any time. You will receive one confirmation, then no further messages.
  • Help: Reply HELP or email [email protected].
  • Message and data rates may apply. Carriers are not liable for delayed or undelivered messages.
  • Phone numbers collected for SMS are never sold or shared with third parties outside of our service delivery partners (Twilio, GoHighLevel).
Mobile Data Sharing: No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Information sharing to subcontractors in support of service delivery, such as customer service, is permitted.

8. Cookies & Analytics

Our website uses cookies and similar tracking technologies to understand how visitors interact with our site.

  • Essential cookies: Required for basic site functionality.
  • Analytics cookies: Google Analytics tracks page views, session duration, traffic sources, and similar metrics. This data is aggregated and anonymized.

You can control or disable cookies through your browser settings. Disabling cookies may limit some website functionality. To opt out of Google Analytics tracking, you may install the Google Analytics Opt-out Browser Add-on.

9. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

  • Active client data: Retained for the duration of the service agreement plus 2 years.
  • Call recordings and transcripts: Retained per client agreement; default is 12 months unless otherwise specified.
  • Website analytics: Retained for up to 26 months per Google Analytics defaults.
  • Payment records: Retained for 7 years to comply with financial and tax regulations.
  • SMS opt-out records: Retained indefinitely to honor opt-out requests.

Upon expiration of the applicable retention period, data is securely deleted or anonymized.

10. Data Security

We implement reasonable technical and organizational safeguards to protect your information, including:

  • Encrypted data transmission (HTTPS/TLS) across all platforms
  • Access controls limiting data to authorized personnel only
  • Reliance on SOC 2-compliant platforms (GoHighLevel, Stripe, Twilio) for data storage and processing
  • Regular review of security practices as our services evolve

No method of transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your information using industry-standard practices.

11. Your Rights

Depending on your location and applicable law (including CCPA for California residents and GDPR for EU/UK residents), you may have the right to:

  • Access — Request a copy of the personal data we hold about you.
  • Correction — Request correction of inaccurate or incomplete data.
  • Deletion — Request deletion of your personal data, subject to legal retention requirements.
  • Portability — Request your data in a commonly used machine-readable format.
  • Opt-out of marketing — Unsubscribe from marketing emails or SMS at any time.
  • Non-discrimination — We will not discriminate against you for exercising any privacy rights.

To exercise any of these rights, email us at [email protected] with your full name and a description of your request. We will respond within 30 days.

12. Children's Privacy

Our services are directed exclusively at businesses and adults aged 18 and older. We do not knowingly collect personal information from individuals under the age of 13. If you believe a minor has submitted information to us, please contact us immediately at [email protected] and we will promptly delete it.

13. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected individuals within 72 hours of becoming aware of the breach, where required by applicable law.
  • Notify relevant regulatory authorities as required.
  • Provide clear information about what data was affected and steps being taken to address the breach.
  • Offer guidance on protective measures you can take.

Breach notifications will be sent to the email address associated with your account or via written notice where required.

14. International Data Transfers

Korva Digital Marketing is based in the United States. If you are accessing our services from outside the U.S., please be aware that your data may be transferred to, stored, and processed in the United States. By using our services you consent to this transfer. We take steps to ensure appropriate safeguards are in place through our platform partners.

15. Policy Changes

We may update this Privacy Policy periodically to reflect changes in our services, legal obligations, or industry practices. When we do, we will update the "Last Updated" date at the top of this page. For significant changes, we will notify active clients by email. Continued use of our services after the effective date of any update constitutes acceptance of the revised policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Korva Digital Marketing
East Wenatchee, WA
Email: [email protected]
Website: www.korvadigitalmarketing.com

We aim to respond to all privacy-related inquiries within 5 business days.