Last Updated: April 2026

1. Purpose and Commitment

AM Graphic Design Agency (“the Agency”) is committed to protecting the confidentiality, integrity, and security of all client and business information entrusted to it. This Data Protection and Information Security Policy establishes the principles and procedures by which the Agency collects, stores, processes, and safeguards personal and project-related data.

The Agency recognizes that clients entrust sensitive information, including personal details, business assets, and creative materials. As such, all data is handled with a high standard of care, professionalism, and security. This policy is designed to ensure compliance with best practices in digital security while maintaining transparency regarding how information is managed throughout the course of client engagement.

2. Scope of Policy

This policy applies to all data collected, processed, or stored by AM Graphic Design Agency in the course of providing services. This includes, but is not limited to, website design, branding, graphic design, website management, and related digital services.

The policy applies equally to all personal information provided by clients, all project-related files and materials, and all internal administrative data used in the operation of the business. It governs all digital environments in which client data may exist, including cloud-based storage platforms and third-party service providers.

3. Nature of Data Collected

In order to deliver services effectively, AM Graphic Design Agency collects only the information necessary to complete client projects and maintain communication. This typically includes personal identification details such as names, email addresses, phone numbers, and company or organization names.

In addition, the Agency may collect project-related information including website content, branding materials, design assets, marketing copy, and any supporting documents required for creative or technical development. In certain cases, access credentials may be temporarily collected when required to complete website development or management services. These credentials are handled securely and are used solely for the purpose of providing the agreed-upon service.

No financial information such as credit card data is currently collected or stored by the Agency.

4. Data Storage and Infrastructure

AM Graphic Design Agency operates entirely within a cloud-based digital ecosystem. No client information is stored on personal physical devices, external hard drives, or unsecured local storage systems. This ensures that all data remains within controlled, encrypted, and access-restricted environments.

Primary storage and operational systems include Google Workspace, Google Drive, and Sync.com. These platforms are used for file storage, project organization, communication, and secure backup of client data. Google Workspace provides enterprise-level security and encryption, while Sync.com offers additional secure cloud storage with SOC 2 compliant infrastructure and strong privacy protections.

Website hosting and domain management are provided through Bluehost and related infrastructure services. These platforms include built-in security protocols such as SSL encryption and secure data transmission standards. While hosting environments may utilize distributed infrastructure, all services are selected based on their security practices and reliability.

Together, these systems form a layered storage environment designed to protect client information from unauthorized access, loss, or corruption.

5. Security Practices and Safeguards

The Agency applies strict security practices to all client and business data. Access to systems containing client information is limited exclusively to authorized personnel, and all accounts are protected using strong authentication measures, including multi-factor authentication where available.

All data transmitted between systems is encrypted using industry-standard SSL/TLS protocols. Data stored within supported cloud platforms is also protected using encryption at rest, ensuring that information remains secure even in storage environments.

The Agency does not store client data on personal physical devices. All work is conducted within secured cloud environments to minimize the risk of data loss, theft, or unauthorized access.

Regular backups are maintained through secure cloud services to ensure data integrity and recovery capability in the event of system failure or technical disruption.

6. Use of Data

Client data is used strictly for the purpose of delivering contracted services. This includes project development, communication regarding active work, ongoing website management, and technical support where applicable.

At no point is client data used for unrelated purposes, marketing activities, or shared with third parties for commercial gain. The Agency maintains a strict internal policy that client information remains confidential and is only accessed when necessary for the completion of work.

7. Data Sharing and Disclosure

AM Graphic Design Agency does not sell, rent, or distribute client data to third parties under any circumstances. Information is treated as strictly confidential and is protected accordingly.

Disclosure of data may only occur under legally binding circumstances, such as a valid court order, subpoena, or formal request from an authorized legal or governmental authority. In such cases, disclosure will be limited strictly to the information required by law.

Data may also be shared internally with essential third-party service providers solely for the purpose of delivering services, such as hosting providers or cloud storage platforms. These providers are selected based on their security standards and compliance practices.

Any other form of data sharing requires explicit written consent from the client or data owner.

8. Payment Information

At present, AM Graphic Design Agency does not collect, process, or store credit card information. All payments are handled externally through secure invoicing systems or third-party payment processors.

Should payment processing be introduced in the future, it will be conducted exclusively through PCI-compliant platforms such as Stripe or equivalent secure Canadian payment providers. Under no circumstances will full payment card information be stored within the Agency’s systems.

9. Data Retention and Storage Duration

Client data is retained only for as long as necessary to complete active projects and provide ongoing services. Following project completion, data may be securely archived for reference, maintenance, or legal compliance purposes.

Clients may request deletion of their data at any time, subject to any legal or contractual obligations requiring retention. When deletion is requested, data is removed from active systems and secured storage locations in accordance with best practices for digital data destruction.

10. Data Deletion and Client Requests

Clients retain the right to request access to, modification of, or deletion of their personal and project-related data. All such requests are handled in a timely and secure manner.

Upon receipt of a valid request, the Agency will verify the identity of the requester before proceeding. Once verified, relevant data will be securely removed from active systems and, where applicable, from backup environments in accordance with retention policies.

11. Security Incidents and Response Procedures

In the unlikely event of a data breach or security incident, AM Graphic Design Agency will take immediate steps to contain and mitigate the issue. This includes securing affected systems, assessing the scope of the incident, and implementing corrective measures to prevent recurrence.

Where personal or sensitive client information is affected, the Agency will notify impacted clients in accordance with applicable legal and ethical obligations. All incidents are treated with seriousness and are reviewed to improve future security practices.

12. Third-Party Services

The Agency utilizes a limited number of trusted third-party service providers to support its operations. These include cloud storage platforms, hosting providers, domain registrars, and design or development tools.

All third-party services are selected based on their security standards, reliability, and compliance with industry best practices. The Agency ensures that any service provider handling client data maintains appropriate safeguards and encryption standards.

13. Policy Review and Updates

This policy is reviewed periodically and may be updated to reflect changes in technology, security standards, or business operations. Any updates will be reflected in the most recent version published by AM Graphic Design Agency.

Continued use of services following any updates constitutes acceptance of the revised policy.

14. Contact Information

For any questions, concerns, or requests related to this policy or the handling of personal data, clients may contact:

AM Graphic Design Agency
https://amgraphicdesign.ca
Email: info@amgraphicdesign.ca