Koko Agency values the privacy of its visitors, leads, and clients. This policy describes how we collect, use, and protect personal data in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Personal Information Protection Act (PIPA) of British Columbia.
1. Who we are (Controller)
Koko Agency, with offices in New Westminster, British Columbia, Canada. Responsible for handling data collected by this site: [email protected].
2. What data we collect
We only collect what is necessary to provide our services and improve the experience:
| Category | Examples | When |
|---|---|---|
| Contact data | First name, last name, email, phone, company | Contact form / newsletter |
| Browsing data | IP address, user-agent, referrer page, visited URL | Automatically when accessing the site |
| Conversion data | UTM source/medium/campaign, gclid, fbclid | When arriving via a tracked campaign link |
| Message data | Content you fill in on the form | When submitting the form |
3. What we use it for
- Respond to your contact and evaluate business opportunities (legal basis: performance of contract / pre-contractual measures)
- Send the Koko Journal newsletter if you subscribe (legal basis: consent)
- Improve the site and security (legal basis: legitimate interest)
- Comply with legal obligations (accounting, tax)
4. Who we share data with
We use trusted providers to operate the site. Data may be processed by:
- Supabase: database of leads and CRM
- Resend: transactional email and newsletter delivery
- Cloudflare: DNS and abuse protection
- DigitalOcean: hosting
We do not sell personal data. We do not share it with third parties for marketing purposes unrelated to Koko.
5. Retention
We keep data for as long as necessary for its purpose:
- Leads that did not become clients: up to 24 months, after which we anonymize
- Active clients: for the contract period + 7 years (tax record requirements)
- Newsletter: until you unsubscribe
- Server logs: 30 days
6. Your rights (PIPEDA / BC PIPA)
You have the right, at any time, to:
- Confirm the existence of, and access, your personal data
- Correct incomplete, inaccurate, or outdated information
- Request anonymization, blocking, or deletion
- Port your data to another provider
- Withdraw consent (including unsubscribing from the newsletter)
- Be informed about who we share data with
- File a complaint with the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner for British Columbia
To exercise any right, email [email protected]. We respond within 30 days.
7. Cookies
This site uses cookies that are strictly necessary for functionality (theme preferences, preview session). We do not use advertising cookies or third-party behavioural tracking.
8. Security
We apply reasonable technical and organizational measures: mandatory HTTPS, encrypted credentials, restricted access following the principle of least privilege, daily backups. No system is 100% secure. In the event of a material incident, we will notify affected individuals and the relevant privacy commissioners within the legal timeframes.
9. International transfer
Some providers (Resend, Cloudflare, Supabase) may store data on servers outside Canada, including in the United States and European Union. Transfers follow PIPEDA requirements through contractual clauses and providers with an adequate level of protection.
10. Changes to this policy
We may update this policy periodically. The "Updated on" date indicates the latest revision. Material changes will be communicated through our contact channels.
11. Privacy Officer contact
Murilo Souza · [email protected]