Legal

Privacy Policy

Last updated 2026-05-18. Magister Digital LLC, a California limited liability company operating from 1135 Garnet Ave #13, San Diego, CA 92109. This policy explains what data we collect when you use magisterdigital.ai, why we collect it, and what your rights are as a California resident or otherwise.

Section 1

What we collect, named honestly.

We do not sell personal information. We collect only what we need to operate the engagement and the website.

01 · You submit it

Direct form submissions

Name, company, email, phone, revenue band, and the message you write in the contact or consultation form. Stored in our WordPress database and forwarded to [email protected]. We never share this with third parties beyond the founders and back-end fulfillment team named in our engagement letters.

02 · Automatic

Site analytics

Standard server logs (IP, browser, referrer, pages visited, timestamps) for security and performance. We use Google Analytics 4 with IP anonymization enabled. No personally identifying information leaves your browser without your consent. We do not use third-party advertising cookies on this site.

03 · Cookies

First-party functional only

WordPress session cookies for form state. Optional analytics cookies subject to consent banner when you visit from a CCPA, CPRA, or GDPR jurisdiction. No advertising, retargeting, or cross-site tracking cookies on this site.

Section 2

How we use what you give us.

We use submitted contact information to respond to your inquiry, schedule a consultation, prepare a working brief, and follow up while the engagement is active. We retain inquiry records for 24 months from last contact for our own operational continuity. We do not use this information for marketing to you unless you explicitly opt in to receive updates.

If you become a client, the data we collect inside the engagement is governed by our Master Services Agreement and any executed Business Associate Agreement (BAA) for healthcare or HIPAA-covered work. Engagement data lives in client-owned systems (your CRM, your ad accounts, your analytics) wherever feasible. Where Magister holds derivative data (BI dashboards, attribution models), it is segregated by client and never combined across accounts.

Section 3

Compliance posture by vertical.

Three verticals, three compliance regimes. We work inside each one.

  • Medical & Dental clients HIPAA BAA-ready posture. Security controls aligned with SOC 2 trust criteria. We execute a Business Associate Agreement with healthcare clients before any PHI touches our systems. Ad copy, landing pages, and CRM data flows are reviewed against HIPAA marketing rules and state medical board requirements before launch.
  • Legal clients ABA Model Rule 7.1 and 7.2 are baked into the brief approval flow. We do not produce outcome guarantees, fee-comparative claims, or testimonials that do not meet state bar rules. State-specific advertising rules (notably California SB 37, Texas Rule 7.04, Florida Rule 4-7) are checked before any creative ships.
  • Home Services clients FTC Truth in Advertising compliance. We do not fabricate before-and-after, guarantee specific job outcomes, or use unsubstantiated review counts. Local Services Ads verification status, GBP profile compliance, and license-disclosure language are reviewed before campaigns launch.

Section 4

Your rights.

California residents have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). Residents of other states with consumer privacy laws (Virginia, Colorado, Connecticut, Utah, others) have functionally similar rights. EU and UK residents have rights under GDPR.

  • Right to know what we collect about you, how we use it, and who we share it with.
  • Right to access a copy of the personal information we hold about you.
  • Right to correct inaccurate personal information.
  • Right to delete personal information we hold about you, subject to legal retention requirements.
  • Right to opt out of any sale or sharing of personal information (we do not sell or share for cross-context advertising).
  • Right to limit use of sensitive personal information.
  • Right not to be discriminated against for exercising any of these rights.

To exercise any of these rights, write to us via the contact form. We respond within 45 days as required by CCPA. We may ask you to verify your identity before completing the request.

Section 5

Retention and security.

Inquiry submissions: 24 months from last contact. Client engagement data: per Master Services Agreement and applicable Business Associate Agreement, typically deleted or returned within 60 days of engagement close. Analytics aggregates: 26 months (Google Analytics default), de-identified after that.

Security controls include encryption in transit (TLS 1.3), encryption at rest where data crosses our systems, role-based access with multi-factor authentication for every operator on the account, vendor due-diligence checks before any third-party processor touches client data, and incident notification within 72 hours of confirmed material breach.

Questions or requests

Reach a founder directly.

Privacy requests, BAA execution, data deletion, or anything else legal. We respond personally, not through a ticket queue. The contact form reaches one of the three founders within seven days, typically sooner.

Magister Digital LLC · 1135 Garnet Ave #13, San Diego, CA 92109 · (619) 330-0953