Legal

Data Governance
Protocol.

Effective Date: October 1, 2024
Legal Entity: Deploy8, Inc.

Status: Verified Secure (SOC 2 Type II)

1. Introduction

Deploy8, Inc. ("Deploy8", "we", "us") respects your privacy and is committed to protecting the proprietary data of our clients. This Privacy Policy outlines our practices regarding the collection, use, and disclosure of information through our website and our managed agency platform services (the "Services").

By initializing a deployment or using our platform, you agree to the protocols described in this policy.

2. Data Collection Schema

We collect data to facilitate the "Pod" deployment model. Below is the schema of data points we ingest:

{ // 1. Client Identity "account_data": { "entity_name": "String (Legal Business Name)", "admin_contact": "String (Email/Phone)", "billing_details": "Encrypted (Stripe Token)" }, // 2. Technical Access (For Systems/Growth Pods) "integrations": { "crm_access": "OAuth Token (HubSpot/Salesforce)", "codebase": "Read/Write (GitHub/GitLab)", "analytics": "View Only (GA4/Mixpanel)" }, // 3. Operational Data "telemetry": [ "Browser User Agent", "IP Address", "Session Cookies" ] }

3. How We Use Data

We are a functional platform, not an ad network. We use your data strictly to execute the scope of work:

  • Deployment Execution: To configure Pods (teams) with the necessary context to perform tasks (e.g., giving a Marketing Pod access to your Google Ads account).
  • Billing & Compliance: To process payments via Stripe and generate invoices compliant with local tax laws.
  • Quality Assurance: We analyze communication logs (Slack/Jira) to score Agency Pod performance and ensure SLA compliance.

4. Pod Access & Sharing

This is unique to the Deploy8 model. When you deploy a Pod, you are authorizing Deploy8, Inc. to grant sub-access to specific, vetted third-party agencies ("Partners") within our network.

Strict Containment Protocol

Data is shared on a Need-to-Know basis. A "Creative Pod" will never have access to your "Financial Back-Office" data, even if both are deployed simultaneously.

All Partners are bound by:

  • Strict NDAs (Non-Disclosure Agreements) with Deploy8, Inc.
  • Data Processing Agreements (DPA) mirroring our obligations to you.
  • Background checks on key personnel.

5. Security Standards

We treat your IP like a trade secret. Our infrastructure is built on AWS and adheres to the following standards:

  • Encryption: Data is encrypted at rest (AES-256) and in transit (TLS 1.3).
  • Access Control: We use Role-Based Access Control (RBAC). Agency pods are provisioned with temporary credentials that automatically rotate.
  • HIPAA Compliance: For Medical Data Annotation pods, we utilize a separate, isolated environment (PHI-Safe Zone) that is physically separated from our standard commercial servers.

6. Your Rights

Under GDPR and CCPA, you retain full sovereignty over your data:

  • Right to Access: Request a dump of all data we hold on your organization.
  • Right to Erasure (The "Kill Switch"): Upon contract termination, you may request the permanent deletion of all proprietary data and credentials from our systems.
  • Right to Audit: Enterprise clients may request a review of our SOC 2 Type II report.

Contact Data Protection Officer

For privacy inquiries, please initialize a ticket to:

privacy@deploy8.co