Data Processing Overview

For website inquiries, AnneFocus generally processes data to qualify and respond to requests.

For formal projects, data roles and responsibilities should be defined in contract, DPA or project documents.

If GDPR, CCPA/CPRA, PIPL or sector rules apply, raise this before project kickoff.

We prefer summaries, anonymized samples and field definitions before raw sensitive data.

Sensitive data should only be provided when necessary and authorized.

Projects should define data sources, permissions, retention and deletion expectations.

Access should be limited to people who need the data for the project.

Third-party AI, cloud or collaboration tools should be assessed based on data type and project agreement.

We do not sell client project data for unrelated marketing.

Return, deletion or continued retention of project materials should follow the written agreement.

Necessary records may be retained for legal, finance, audit or dispute purposes.