Privacy Policy

Effective Date: September 21st, 2025

Privacy Policy

 

  1. Introduction & Scope of Policy

Effective Date: September 21, 2025

Entity: REDSHIFT Creative (a trade name of REDSHIFT Pro, LLC, also known as REDSHIFT Productions)

Registered Location: DuPage County, Illinois, United States.

 

This Privacy Policy applies to all activities and data-processing operations conducted by REDSHIFT Creative (a trade name of REDSHIFT Pro, LLC, also known as REDSHIFT Productions) (“the Company,” “we,” “our,” or “us”).

It governs the collection, use, disclosure, storage, and protection of personal data obtained through our official website [www.redshiftcreative.co], our digital platforms, and any related products or services (collectively, the “Services”).

By accessing or using our Services, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy, as well as the Terms & Conditions and Terms of Sale, which are incorporated herein by reference and form integral parts of this Policy.

The Company is committed to maintaining transparency, professionalism, and compliance with applicable privacy laws, including the laws of the State of Illinois and relevant U.S. federal data protection standards, while adhering to U.S. data-protection standards and, where applicable, aligning voluntarily with key international privacy principles inspired by the EU General Data Protection Regulation (GDPR).

We may update this Privacy Policy periodically to reflect changes in our business operations, legal requirements, or best practices.

All updates will indicate the effective date at the top of this page and become effective immediately upon publication.

Your continued use of the Services after such updates constitutes your acknowledgment and acceptance of the revised version.

 

  1. Information Collection 

 

  1. Overview

REDSHIFT Creative (a trade name of REDSHIFT Pro, LLC, also known as REDSHIFT Productions) (“the Company,” “we,” “our,” or “us”) collects limited categories of information necessary to operate, improve, and protect our Services, as well as to maintain communication with clients and users.

All data are collected lawfully, fairly, and transparently, and are used solely for legitimate business purposes.

 

  1. Personal Data

When you interact with our Services—such as by submitting an inquiry, requesting a quote, or entering into a project agreement—we may collect the following personal information:

  1. Full name and contact details (email address, phone number, mailing address).
  2. Company name, job title, or business affiliation (if applicable).
  3. Billing and payment details necessary for invoicing (processed through secure third-party systems).
  4. Any voluntary information you choose to provide in communications, forms, or uploads.

The Company does not collect or store financial information such as full credit-card numbers; all such transactions are handled through PCI-compliant payment processors.

 

  1. Usage & Technical Data

We automatically collect certain technical data when you visit or use our Services (“Usage Data”), including:

  1. Internet Protocol (IP) address, browser type, operating system, and device information.
  2. Pages visited, session duration, time stamps, and navigation patterns.
  3. Referring URLs, clickstream data, and performance metrics.

These data help us maintain service security, detect misuse, and improve site functionality and user experience.



  1. Cookies & Tracking Technologies

We use cookies, analytics tools, and similar technologies (e.g., beacons, tags, scripts) to collect limited information about how users engage with our website.

Cookies help us remember preferences, analyze usage patterns, and secure our platform.

Users may adjust browser settings to decline or delete cookies; however, some site features may not function properly without them.

Examples include:

  1. Session Cookies: essential for operating the Service.
  2. Preference Cookies: store user settings.
  3. Security Cookies: ensure account and platform protection.

 

  1. Sensitive or Media-Related Data

For creative and media projects, the Company may collect or process limited visual or audio materials provided voluntarily by clients (e.g., photos, footage, or reference files).

Such materials are handled strictly for the purpose of project execution and are protected under confidentiality and intellectual-property obligations.

The Company does not intentionally collect sensitive personal data (e.g., racial origin, medical records, biometric data) unless explicitly required by law or by written client authorization.

 

  1. Use of Data 

REDSHIFT Creative uses the information collected strictly for lawful, limited, and legitimate business purposes, in full compliance with applicable U.S. federal, Illinois state, and international privacy standards (including GDPR-light principles).

 

  1. Purpose of Data Processing

Data may be processed for the following purposes:

  1. Delivering, maintaining, and improving the Services, including content creation, communication, and project execution.
  2. Managing projects, quotations, billing, and contractual obligations in connection with clients or vendors.
  3. Providing customer support and resolving technical issues.
  4. Enhancing user experience and optimizing website functionality.
  5. Sending service-related notifications, invoices, and legal or administrative updates.
  6. Conducting lawful analytics to understand engagement, performance, and quality metrics.
  7. Detecting, preventing, and addressing cybersecurity risks, fraud, or misuse.

 

  1. Legitimate Interest & Consent

Processing of data is based on one or more lawful grounds:

  1. Contractual necessity: where processing is required to fulfill project agreements or quotations.
  2. Legitimate interests: such as improving internal processes, ensuring platform security, and marketing the Company’s own services in a reasonable and non-intrusive manner.
  3. Consent: where required by law (e.g., newsletters, cookies, or optional marketing forms).

Users may withdraw consent at any time without affecting the lawfulness of prior processing.

 

  1. Communication & Marketing

The Company may send limited service or marketing communications to clients and subscribers who have opted in.

Recipients may opt out at any time via the “unsubscribe” link or by contacting the Company directly.

The Company never sells, rents, or shares Personal Data with third parties for marketing purposes.

 

  1. Aggregated & Anonymized Data

We may use aggregated or anonymized information for statistical, analytical, educational, or internal reporting purposes.

Such data do not identify individuals and may be retained indefinitely for trend analysis, performance optimization, or service improvement.

 

  1. Compliance & Legal Obligations

The Company may use or disclose personal data where necessary to comply with applicable laws, regulatory requirements, or lawful requests from government authorities or courts.

All processing and disclosure will be limited to the minimum required by law.

 

  1. Security & Fraud Prevention

Personal Data may be processed to detect, prevent, or respond to security incidents, system vulnerabilities, or misuse of the Services.

The Company employs commercially reasonable safeguards consistent with industry standards.

 

  1. No Sale or Unlawful Disclosure of Data

REDSHIFT Creative does not sell, lease, trade, or disclose Personal Data to third parties, except where necessary to perform contracted Services or comply with law.

 

  1. Retention and Limitation of Use

Data shall be retained only for as long as necessary to fulfill the purposes outlined herein or as required by applicable law.

See Section 4 (Data Retention & Storage) for more details on retention periods.

 

  1. Clarification of Legal Effect

The processing of Personal Data does not create any additional contractual, financial, or fiduciary obligation beyond those expressly set forth in the Company’s Terms and Conditions.

 

  1. Data Retention & Storage

REDSHIFT Creative retains Personal Data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with applicable legal obligations, resolve disputes, and enforce agreements.

 

  1. Retention Periods
  1. Client and Project Data: Retained for up to three (3) years after project completion or last client interaction, unless a longer period is required by law or accounting regulations.
  2. Financial and Billing Records: Retained for seven (7) years to comply with U.S. federal tax and financial reporting requirements.
  3. Marketing and Communication Data: Retained until the user withdraws consent or unsubscribes.
  4. System Logs and Security Data: Retained for a maximum of twelve (12) months, unless needed for cybersecurity or fraud investigation.

After the applicable retention period expires, data are either securely deleted, anonymized, or archived in accordance with industry standards.

 

  1. Storage & Security Measures

All Personal Data is stored on secure servers located in the United States, managed by reputable hosting providers that implement technical and organizational safeguards, including encryption, access control, and regular security audits.

The Company employs commercially reasonable administrative, technical, and physical measures designed to protect information against unauthorized access, destruction, or disclosure.

 

  1. Data Backups & Transfer

Backups are maintained periodically for disaster recovery purposes.

Personal Data may be transferred to or processed by trusted service providers or subcontractors under strict confidentiality and data protection agreements.

Where international transfers occur, the Company ensures adequate protection consistent with applicable U.S. privacy law standards and, where relevant, aligned with key international privacy principles.

  1. Deletion & Anonymization

Upon expiration of the retention period or upon a valid written request, the Company will:

  1. Delete Personal Data in a secure and irreversible manner; or
  2. Convert the data into an anonymized form that no longer identifies the individual.

Backups may continue to hold residual copies for a limited time until overwritten during routine cycles.

 

  1. Client Rights Regarding Retention

Clients may request clarification of general retention periods or correction of inaccurate data, subject to verification of identity and applicable legal exceptions.

However, the Company retains full discretion to determine the necessity, duration, and manner of data retention or deletion, consistent with its legal and business obligations.

Requests for deletion, restriction, or modification of data shall not affect the Company’s right to retain records required for accounting, legal defense, audit, or legitimate business purposes.

The Company’s decision regarding retention or deletion shall be final and binding, provided it complies with applicable law.

No compensation, refund, or liability shall arise from the lawful exercise of these rights by the Company.

 

  1. Limitation of Liability for Storage

While the Company takes reasonable security measures, no electronic system is entirely immune to risk.
The Company disclaims liability for any unauthorized access, data loss, or corruption that occurs beyond its reasonable control, provided that commercially acceptable security practices were in place at the time.

 

  1. Data Sharing & Disclosure  

 

  1. General Principle

REDSHIFT Creative does not sell, rent, or trade Personal Data. Any disclosure of information is strictly limited to lawful, necessary, and clearly defined circumstances described below.

 

  1. Disclosure to Service Providers

The Company may share Personal Data with trusted service providers, subcontractors, vendors, or affiliates who perform specific business functions on its behalf—such as data hosting, payment processing, analytics, or customer communication.

All such third parties are bound by confidentiality and data protection obligations equivalent to those set forth in this Policy and are prohibited from using the information for any purpose other than performing their contracted services.

 

  1. Corporate Transactions

In the event of a merger, acquisition, restructuring, sale of assets, or bankruptcy involving the Company, Personal Data may be transferred as part of the business assets, subject to continued protection under this Policy or a substantially similar privacy framework.

 

  1. Legal & Regulatory Disclosures

The Company may disclose Personal Data when required to do so by law, regulation, subpoena, or court order, or when such disclosure is reasonably necessary to:

  1. Comply with legal obligations or respond to lawful requests from public authorities;
  2. Protect the rights, property, or safety of the Company, its clients, or the public;
  3. Detect, prevent, or address fraud, security incidents, or potential violations of law.

Such disclosures will be limited to the minimum extent necessary to fulfill the legal requirement.

 

  1. Third-Party Integrations & External Links

The Services may contain integrations, links, or embedded content from third-party platforms (e.g., hosting, analytics, or media delivery services).

The Company does not control and assumes no responsibility for the data practices or privacy policies of such third parties.

Your use of any third-party service is at your own discretion and subject to that third party’s terms and privacy policies.

 

  1. Anonymized & Aggregated Data

The Company may share anonymized or aggregated data that do not identify individuals with partners, clients, or for analytical, statistical, or marketing purposes. Such data are not considered Personal Data under this Policy.

 

  1. Protection of Company Interests

To the fullest extent permitted by law, the Company reserves the right to use or disclose Personal Data as necessary to defend itself against legal claims, enforce contractual rights, or protect its legitimate business interests.
No such disclosure shall create any obligation of compensation or liability to the Client.

 

  1. Data Security & Protection Measures 

 

  1. Reasonable Safeguards

REDSHIFT Creative implements commercially reasonable administrative, technical, and physical safeguards designed to protect Personal Data against unauthorized access, disclosure, alteration, or destruction. These include secure servers, limited employee access, encrypted data transfers, and periodic security audits consistent with industry standards.

 

  1. No Absolute Security Guarantee

While the Company employs reasonable security measures, no system, network, or method of transmission over the Internet can be guaranteed as completely secure. Accordingly, the Company does not warrant or represent that Personal Data will always remain secure or free from unauthorized access, interception, loss, or misuse.

 

  1. Client Responsibility for Security

Clients are solely responsible for maintaining the confidentiality and security of their own devices, accounts, login credentials, and communication channels.

The Company shall not be liable for any unauthorized access, breach, or disclosure resulting from weak passwords, shared credentials, or the Client’s failure to implement appropriate safeguards.

 

  1. Incident Response & Notification

In the event of a data breach or unauthorized access to Personal Data, the Company will take reasonable steps to investigate, mitigate, and—where legally required—notify affected individuals or authorities in accordance with applicable laws and regulations.

Such notification shall not be construed as an admission of fault or liability by the Company.

 

  1. Subcontractors & Third-Party Providers

The Company may rely on subcontractors, cloud providers, or third-party systems to process or store data.
All such third parties are selected with due diligence and required to implement equivalent security standards.
However, the Company shall not be responsible for security failures, downtime, or data incidents arising from third-party systems beyond its reasonable control.

 

  1. Data Integrity & Accuracy

While reasonable efforts are made to ensure data accuracy, completeness, and reliability, the Company is not liable for any loss, error, or corruption of data caused by system malfunction, user error, or external factors outside its control.

Clients are encouraged to maintain independent backups of critical information shared with the Company.




  1. Limitation of Liability for Security Incidents

To the fullest extent permitted by law, the Company disclaims all liability for damages, losses, or claims arising out of or related to any security breach, cyberattack, system failure, or unauthorized access, except where caused by the Company’s proven gross negligence or willful misconduct.

 

  1. Data Security & Protection Measures

REDSHIFT Creative employs a combination of administrative, technical, and physical safeguards designed to protect Personal Data against unauthorized access, loss, misuse, alteration, or destruction.
These measures include—without limitation—secure servers, firewalls, encryption, access controls, and limited retention protocols consistent with industry standards.

While the Company uses commercially reasonable efforts to safeguard all information, no system or transmission method over the Internet is completely secure. Accordingly, REDSHIFT Creative does not guarantee absolute security and shall not be held liable for any unauthorized access, hacking, interception, or technical failure beyond its reasonable control.

The Company periodically reviews and updates its data protection measures to address evolving risks, including cybersecurity threats, software vulnerabilities, and unauthorized activities.

Personnel and authorized contractors with access to Personal Data are required to maintain strict confidentiality and follow internal security procedures.

If a data breach occurs that may compromise the security or privacy of your Personal Data, the Company will take appropriate steps consistent with applicable U.S. laws and Illinois state regulations to mitigate the impact and, where legally required, notify affected individuals.

Clients and users are equally responsible for maintaining the confidentiality of their credentials, secure links, and access tokens. The Company is not responsible for losses or damages resulting from a user’s failure to safeguard their own account information or from any third-party integrations or systems not controlled by the Company.

 

  1. No Warranty of Continuous Availability

The Company makes no representation or warranty that its website, servers, or systems will be continuously available, error-free, or immune to downtime, updates, maintenance interruptions, or cyber incidents.
Temporary unavailability shall not constitute a breach of this Policy or of any related agreement.
Users acknowledge that maintenance, upgrades, and external network issues may occasionally limit access to the Services.

 

  1. International Data Transfers

 

  1. Cross-Border Processing

REDSHIFT Creative operates primarily within the United States.

By submitting Personal Data or using our Services from outside the U.S., you acknowledge and consent that your information may be transferred to, processed in, and stored on servers located in the United States or other jurisdictions whose data protection laws may differ from those of your home country.

The Company will take commercially reasonable measures to ensure that any such transfer complies with applicable U.S. data-protection standards and, where relevant, is voluntarily aligned with key international privacy principles inspired by the EU General Data Protection Regulation (GDPR).

These measures aim to uphold fairness, transparency, purpose limitation, and data security across all processing activities.

 

  1. Safeguards for International Transfers

Where required, the Company may implement appropriate safeguards such as:

  1. Contractual clauses consistent with U.S. and international data-transfer standards;
  2. Processing through reputable service providers offering adequate privacy assurances;
  3. Limiting cross-border transfers strictly to what is necessary for business continuity, project delivery, or legal compliance.

The Company retains full discretion to store or back up data within or outside the United States, provided that commercially reasonable technical and organizational security measures are maintained.

 

  1. Client Acknowledgment

By using our Services, clients and users expressly consent to such international transfers and processing, and waive any claim against the Company related to differences in foreign data-protection regimes, provided that the Company acts in accordance with this Privacy Policy and applicable law.

No transfer of Personal Data shall create any liability, compensation obligation, or indemnity right for the Client, except as expressly provided by law.

 

  1. User Rights & Choices

 

  1. Overview of Rights

Subject to applicable laws, users may have certain rights regarding their Personal Data, including the right to:

  1. Access and obtain a copy of their Personal Data held by the Company;
  2. Request correction of inaccurate or incomplete information;
  3. Request deletion (“erasure”) of Personal Data where legally permissible;
  4. Object to or restrict certain types of processing, such as direct marketing;
  5. Withdraw previously granted consent for optional data uses (e.g., newsletters or cookies).

The exercise of these rights is subject to verification of the user’s identity and the limits established under applicable law or legitimate business interests.

 

  1. How to Exercise Your Rights

Requests may be submitted in writing via email at privacy@redshiftcreative.co or through the Contact page on our website.

The Company will review and respond to verified requests within a reasonable time frame, typically within 30 days, unless extended as permitted by law.

Where legally required, the Company may decline requests that are:

  1. Manifestly unfounded, excessive, repetitive, or technically infeasible;
  2. Inconsistent with the Company’s legal or contractual obligations;
  3. Likely to compromise the rights, confidentiality, or security of others.

 

  1. Limitations & Legitimate Retention

Requests for deletion or correction do not override the Company’s right or obligation to retain data:

  1. As required by law, taxation, accounting, or regulatory compliance;
  2. As necessary to enforce agreements, resolve disputes, or protect legal interests;
  3. As part of backup or archival copies maintained for legitimate operational continuity.

The Company retains the discretion to maintain minimal identifying or transactional data where necessary to demonstrate lawful processing or compliance.

 

  1. Marketing & Communication Preferences

Users may opt out of marketing or promotional communications at any time by:

  1. Clicking the “unsubscribe” link in any email communication, or
  2. Contacting the Company directly at privacy@redshiftcreative.co.

Opting out of marketing does not affect essential transactional or service-related notifications (e.g., billing, project updates, legal notices).

 

  1. No Compensation or Indemnity

Exercising user rights under this Policy does not entitle the user to any compensation, damages, or reimbursement of costs.

By submitting a data request, the user acknowledges that all actions will be performed in accordance with applicable law and within the Company’s operational capabilities.

 

  1. Children’s Privacy & Age Restrictions

 

  1. Age Limitation

The Services provided by REDSHIFT Creative are intended solely for individuals aged eighteen (18) years or older.
By using the Services, you represent and warrant that you meet this age requirement or are a legally authorized representative (such as a parent, guardian, or organizational officer) acting on behalf of a minor or entity.

The Company does not knowingly collect, store, or process personal data from any individual under the age of eighteen (18) years. If we become aware that such information has been provided without verified parental or guardian consent, we will promptly delete it and take reasonable steps to prevent future collection.

 

  1. Parental Responsibility

If you are a parent or legal guardian and believe that your child has provided personal data to REDSHIFT Creative without your consent, you may contact us at privacy@redshiftcreative.co.

Upon verification, the Company will delete the minor’s information unless retention is required by law for specific legal or security purposes.

 

  1. Educational or Institutional Use

Where the Services are accessed on behalf of an educational institution, production project, or organization involving minors, the responsibility for obtaining and maintaining proper consent rests solely with the contracting entity or authorized adult supervisor.

The Company shall not be liable for any failure by such third parties to obtain or verify required parental or institutional consents.

 

  1. Limitation of Liability

The Company expressly disclaims all liability arising from any misrepresentation of age, unauthorized use by minors, or failure by parents, guardians, or institutions to properly supervise use of the Services.

All data collected inadvertently from minors shall be deleted as soon as reasonably practicable, consistent with applicable law and data security standards.

 

  1. Updates & Amendments to the Policy

 

  1. Periodic Review & Notification

REDSHIFT Creative reserves the right to review, update, or modify this Privacy Policy at any time to reflect changes in its business practices, legal obligations, or applicable regulations.

Any material changes will be announced through one or more of the following methods:

  1. a notice displayed on our website;
  2. direct email notification to active clients; or
  3. a dated revision to the “Effective Date” section at the top of this document.

All revisions become effective immediately upon publication, unless a later effective date is specified.

 

  1. Client Acknowledgment & Continued Use

Your continued use of our Services after the publication of an updated Privacy Policy constitutes your acknowledgment and acceptance of the revised version.

If you disagree with any modification, you must cease using the Services and may contact us in writing to clarify or close your account.

The Company shall not be liable for any claims, damages, or misunderstandings arising from a user’s failure to review updates periodically.

 

  1. No Retroactive Effect

Unless expressly stated otherwise, any amendment to this Policy shall apply prospectively only and shall not affect data previously collected or processed under an earlier version.

 

  1. Regulatory Compliance Alignment

The Company ensures that all amendments remain consistent with applicable U.S. federal and Illinois state privacy laws, as well as the essential principles of “GDPR-light compliance,” including fairness, transparency, purpose limitation, and accountability.

  1. Contact Information & Inquiries

 

  1. Primary Contact for Privacy Matters

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your Personal Data, you may contact REDSHIFT Creative using the following official channels:

  • Email: privacy@redshiftcreative.co
  • Mailing Address:

REDSHIFT Creative (a trade name of REDSHIFT Pro, LLC)

DuPage County, Illinois, United States

 

  1. Verification & Response Process

For your protection, the Company may request additional information to verify your identity before responding to a data-related inquiry or request.

All verified requests will be addressed within a reasonable timeframe, typically within thirty (30) days, unless extended under applicable law.

The Company reserves the right to deny or limit requests that are manifestly unfounded, repetitive, or incompatible with legal or contractual obligations.

 

  1. No Unauthorized Communications

The Company’s designated email addresses and contact channels listed above are the exclusive means for submitting formal privacy-related inquiries.

REDSHIFT Creative does not accept or process privacy requests sent through social media, informal messages, or unverified third-party channels.

Any communications received outside the authorized channels will be deemed invalid and will not trigger any response obligations.

 

  1. Cooperation with Regulatory Authorities

The Company will cooperate in good faith with any competent data-protection authority or regulator in connection with inquiries, investigations, or disputes arising under this Policy, to the extent required by applicable U.S. federal and Illinois state privacy laws.

Such cooperation shall not be construed as an admission of liability or wrongdoing by the Company.

 

  1. Language & Interpretation

This Privacy Policy is drafted and published exclusively in English, which shall be the sole governing language for interpretation, enforcement, and any related legal proceedings.

In the event of any translation provided in the future, the English version shall prevail.

 

  1. Acknowledgment Clause

By continuing to access or use our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

Your continued use of the Services constitutes your informed consent to the collection, processing, and use of your Personal Data as described herein.