Workspace CMS is operated by 1Digital® Agency (“1Digital®,” “we”). This policy describes what data we collect on behalf of our customers (“Customers” — the businesses who use Workspace CMS) and on behalf of their site visitors. We process Customer data as the data processor; Customers are the data controllers for the content and end-user data on their sites.
1. What we collect
1.1 Account & billing data
- Workspace name, owner email, billing contact, and (for paid plans) payment-method token from our payment processor.
- Authentication state (login timestamps, IP, user agent) for fraud and audit purposes.
1.2 Tenant content
- Pages, posts, media, redirects, schema, theme config, and other content authored inside Workspace CMS.
- Form submissions captured by tenant sites (when enabled).
1.3 Usage telemetry
- Per-tenant meters: bandwidth, AI Credits consumed, support hours used, seat count.
- Admin activity log: who edited what and when.
1.4 End-user data on tenant sites
Visitor analytics on a tenant site are governed by that tenant’s configured analytics (typically GA4) and their own privacy notice — we do not aggregate visitor data across tenants for advertising or resale purposes.
2. Third-party processors (sub-processors)
Workspace CMS depends on a small set of upstream providers. Their availability, terms, and pricing are outside our control (see Terms §11.3).
| Processor | Purpose | Data they touch |
|---|---|---|
| Vercel | Hosting + edge runtime for tenant sites and the Workspace CMS admin. | Published pages, request logs, deploy artifacts. |
| Supabase | Postgres database, file storage, and authentication. | All tenant content, user records, usage meters. |
| AI providers (Anthropic, OpenAI, Google) | Powering the in-CMS AI Assistant — drafts, meta rewrites, audits, alt-tag suggestions, brand-voice training. | Prompts and context you send into the assistant. We don’t opt your data into provider training where the provider exposes that toggle. |
| Payment processor (Stripe) | Card-on-file, subscription billing, dunning. | Billing contact, payment-method token, invoice history. |
| Email (transactional) | Renewal reminders, usage notifications (80% / 100% alerts), receipts. | Workspace owner / billing email + the body of the notification. |
3. How we use the data
- To operate Workspace CMS — render tenant sites, run AI actions, surface usage meters, send billing/usage notifications.
- To enforce the Terms, AUP, and Fair Use Policy.
- To improve the product — diagnostics on errors, performance, and feature use. We do not sell Customer or end-user data.
4. Retention & deletion
- Active accounts: we retain Customer content for as long as the workspace is active.
- Post-termination: we retain Customer data for 30 days after termination so you can self-serve export, then permanently delete it. Backups purge within 30 days thereafter. (See Terms §9.)
- Offboarding window: hosted sites stay reachable for 14 days after cancellation so you can re-point DNS without downtime.
- Usage telemetry: per-tenant meters retained for 13 months for billing-recon and audit.
5. Your data, your control
- Self-serve export: from the Workspace admin you can export content as
JSONand your redirect map asCSVat any time. Assisted/bulk migration is a custom-quoted project. - Deletion on request: email info@1digitalagency.com from the workspace owner address. We confirm in writing, then delete on the schedule in §4 above.
- Domains/DNS: you own your domain. On cancellation you re-point DNS (we provide the 14-day offboarding window).
6. Security
- All data in transit is encrypted with TLS 1.2+.
- Workspace data at rest is encrypted by Supabase (Postgres + object storage).
- Role-based permissions and an activity audit log inside the admin.
- We follow least-privilege internally — 1Digital® staff access tenant content only when troubleshooting at your request.
7. Children
Workspace CMS is a B2B product. We do not knowingly collect personal data from children under 13 (or 16 where local law sets that threshold).
8. Changes to this policy
We may update this policy on 30 days’ notice for material changes; the “Last updated” date in the header reflects the current version. Continued use after the effective date constitutes acceptance.
9. Contact
Questions, requests, or formal data-protection inquiries: info@1digitalagency.com — or by mail to 1Digital® Agency (see Terms §13.5 for the registered notice address; two fields there are pending counsel confirmation at v1.0).