Curio Digital Privacy Policy

Last updated: November 19, 2025

This privacy policy explains how Xander Corp, doing business as Curio Digital ("Curio Digital", "we", "us", or "our") collects, uses, and protects personal information when you visit https://www.curiodigital.io or interact with us as a client, prospect, or website visitor.

If you have any questions, you can contact us at it@curiodigital.io.

1. Who we are

Curio Digital is a website design and development agency focused on B2B SaaS and technology companies.

Legal entity: Xander Corp, doing business as Curio Digital

Address: 1629 S Prairie Ave, Apt 809, Chicago, IL 60616, United States

Primary website: https://www.curiodigital.io

Contact for privacy inquiries: it@curiodigital.io

We primarily serve clients in the United States and Canada.

2. Scope of this policy

This policy covers:

  • Visitors to our website at https://www.curiodigital.io
  • People who fill out our contact forms or book meetings with us
  • Contacts at our clients and prospective clients whose information we receive in the normal course of doing business

It does not cover how our clients use their own customer data in their products, websites, or tools. In those cases, our clients are responsible for their own privacy practices and policies, and we act as a service provider or processor on their instructions.

Our services are not directed to children under 16, and we do not knowingly collect personal information about children.

3. Information we collect

3.1 Information you provide to us

When you interact with us, you may provide:

  • Contact details: name, email address, company name
  • Business context: your role, project details, what you are looking for, and other information you include in free text fields or during meetings
  • Meeting information: details you share when booking calls via Calendly and during those calls

3.2 Information we collect automatically

When you visit our site, we automatically collect certain technical and usage data, for example:

  • IP address and approximate location
  • Device and browser information
  • Pages visited, time on page, and click paths
  • Referring URLs and UTM parameters where available

We collect this using tools such as:

  • Google Analytics 4 (GA4)
  • Microsoft Clarity
  • RB2B (B2B analytics and attribution)
  • HubSpot tracking tools
  • Calendly for scheduling

These tools use cookies and similar technologies. More detail is in the Cookies section below.

3.3 Information we receive in the course of client work

As part of our services, we may have access to personal information inside our clients' tools, for example:

  • Marketing and CRM systems such as HubSpot
  • Product analytics or app data that may include user IDs or email addresses
  • CMS and website platforms that may include customer names, testimonials, or account data
  • Support tools such as Intercom or Zendesk

In these cases, we typically act inside the client’s systems and do not intentionally download or maintain separate large data sets of client end user data. We access these systems only as necessary to provide our services.

When we handle this information, we generally act as a service provider or processor on behalf of our clients. Where required, we are happy to sign a data processing agreement or similar addendum that documents our role and obligations.

We do not intentionally work with sensitive categories of personal information such as health data, financial account numbers, or government ID numbers.

4. How we use personal information

We use the information we collect for the following purposes:

  • To respond to inquiries and provide proposals
    • Handling contact form submissions
    • Following up on project requests and questions
  • To provide and improve our services
    • Managing and delivering design and development projects
    • Collaborating with clients in tools such as ClickUp, Figma, Webflow, Loom, Punchlist, Notion, Slack, and similar platforms
  • To operate our business and communicate with you
    • Maintaining our CRM in HubSpot
    • Sending outbound sales and marketing communications that are relevant to your role and business
    • Managing billing and accounting, for example through QuickBooks
    We only send B2B sales and marketing emails where we believe they are relevant to your professional role and where permitted by applicable law, and you can opt out of these communications at any time.
  • To analyze and improve our website and marketing
    • Understanding which content and channels work best
    • Measuring performance of campaigns and site content
  • To comply with legal, regulatory, and security obligations
    • Keeping appropriate business and financial records
    • Responding to lawful requests and protecting our rights, safety, and property

We do not sell personal information and we do not share your information with third parties for their independent marketing purposes.

5. Legal bases for processing (where applicable)

We primarily operate in the United States. For visitors from regions that require a legal basis for processing, such as the European Economic Area or the United Kingdom, we rely on the following bases:

  • Legitimate interests, for example to operate and improve our website, communicate with business contacts, and provide our services
  • Contract, when we process information as necessary to fulfill our agreements or take steps at your request before entering into a contract
  • Consent, where you have given it, for example in relation to certain cookies or marketing communications

You can contact us at it@curiodigital.io if you have questions about how these bases apply.

6. How we share information

We share personal information only as needed and for the purposes described above.

6.1 Service providers

We use third party service providers that process personal information on our behalf, including:

  • CRM and marketing: HubSpot
  • Email and productivity: Google Workspace
  • Project management: ClickUp
  • Design and development: Figma, Webflow
  • Collaboration and feedback: Loom, Punchlist, Notion, Slack
  • Analytics and tracking: GA4, Microsoft Clarity, RB2B, HubSpot tracking
  • Scheduling: Calendly
  • Billing and accounting: QuickBooks

These providers are bound by contractual obligations to protect personal information and use it only to provide services to us.

6.2 Client systems

When we act as a service provider for our clients, we may access personal information inside their systems, such as CRM, analytics, CMS, and support tools. In those cases, we access and use that data only on the client’s instructions and subject to our agreement with them, and the client remains responsible for its own privacy notices and obligations toward its end users.

We work inside client controlled environments and clients can typically add or remove our access to their systems at any time as their needs change. If we hold copies of client controlled personal information outside those environments, we delete or return that information within approximately 30 days of the client's written request, subject to any information we are required to keep for legal, tax, or accounting reasons.

6.3 Legal and business purposes

We may also share information:

  • When required by law or legal process
  • To protect our rights, safety, or property, or the rights, safety, or property of others
  • In connection with a business transaction such as a merger, acquisition, or sale of assets, in which case we will take reasonable steps to ensure the recipient respects this policy

We do not sell personal information.

7. Data retention

We keep personal information for as long as necessary for the purposes described in this policy, including to:

  • Communicate with leads and clients
  • Maintain business records
  • Comply with legal, tax, and accounting obligations

In practice:

  • Lead and contact data in our CRM is kept until a contact unsubscribes, opts out, or is clearly inactive, unless we are required to keep it longer.
  • Client project data in our tools is kept for the duration of the engagement and for a reasonable period afterward for backups, records, and to support follow on work.

When we no longer need personal information, we will delete or anonymize it. If you request deletion, we will delete or anonymize your personal information within 30 days, except for information we are required to keep for legal or accounting reasons.

8. Security

We take reasonable technical and organizational measures to protect personal information, including:

  • Use of password managers for company accounts
  • Two factor authentication (2FA) on critical tools where supported
  • Role based access controls for client tools and environments
  • Confidentiality agreements for employees and contractors
  • Use of encrypted or protected devices with password protected accounts

If we become aware of a security incident that materially affects personal information we process on behalf of a client, we will notify the affected client without undue delay and share information that helps them meet any legal or contractual obligations related to that incident.

No method of transmission or storage is perfectly secure, but we work to use industry standard practices appropriate for the size and nature of our business.

9. Cookies and tracking technologies

We use cookies and similar technologies to:

  • Operate the website and enable core functionality
  • Understand how visitors use our site
  • Improve our content and marketing

Tools we currently use include:

  • Google Analytics 4 (GA4)
  • Microsoft Clarity
  • RB2B
  • HubSpot tracking
  • Calendly for booking meetings
  • A cookie management tool provided by Finsweet

Through Finsweet’s cookie tool you may see a banner or preferences interface that typically allows you to accept all cookies, reject non essential cookies, or customize your preferences for categories such as analytics and marketing cookies, depending on your region and our configuration at the time.

You can also control cookies through your browser settings, for example by blocking or deleting cookies. If you disable certain cookies, some parts of the site may not function properly.

10. Your choices and rights

Even where not legally required, we aim to give you reasonable control over your information.

You can:

  • Opt out of marketing emails by using the unsubscribe link in our emails or contacting us at it@curiodigital.io
  • Request access, correction, or deletion of your personal information that we hold, subject to some limitations
  • Adjust cookie settings via the cookie tool on our site and your browser settings

We honor unsubscribe or opt out requests as quickly as reasonably possible, and no later than the time frames required by applicable law.

If you are located in a region with specific privacy rights, such as California or the European Economic Area, you may have additional rights, including the right to:

  • Know what categories of personal information we collect and use
  • Request deletion of personal information
  • Correct inaccurate information
  • Not be discriminated against for exercising your privacy rights

To exercise any of these rights, contact us at it@curiodigital.io. We may need to verify your identity before completing your request.

We do not sell personal information and we do not use personal information for cross context behavioral advertising in a way that would require a "Do Not Sell or Share My Personal Information" link under California law. If that ever changes, we will update this policy.

10.1 Additional information for California residents

If you are a California resident, California law requires that we describe the categories of personal information we collect and the purposes for which we use them.

In the past 12 months, we have collected the following categories of personal information for the business purposes described in this policy:

  • Identifiers, such as name, email address, company name, and similar contact details
  • Professional or employment related information, such as your role, team, or business area when you choose to share it
  • Internet or other electronic network activity information, such as device and browser information, IP address, and interaction with our website and emails

We use these categories of information for the business purposes described in Sections 3 and 4 of this policy, including to communicate with you, provide our services, operate and improve our website and marketing, and maintain appropriate records.

We do not sell or share personal information as those terms are defined under California law.

California residents can exercise their privacy rights as described above in this section by contacting us at it@curiodigital.io.

11. International transfers

We are based in the United States and our primary systems are located in the United States. Some of our service providers may store or process data in other countries.

Where applicable, we take steps to ensure that international transfers comply with relevant data protection laws. This may include using standard contractual clauses or other safeguards as required.

12. Third party websites

Our website may link to third party sites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any information to them.

13. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices, services, or legal requirements.

When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, provide additional notice.

14. Contact us

If you have any questions or concerns about this privacy policy or our data practices, you can contact us at:

Email: it@curiodigital.io

Mailing Address:

Xander Corp, doing business as Curio Digital

1629 S Prairie Ave, Apt 809

Chicago, IL 60616

United States

Alex Olivero, Director of Client Experience, Curio Digital
Ready to Scale?

Let’s Build Your Next Site

Schedule a call with Alex to discuss your website needs and if Curio could be the right fit for you.

Schedule a Intro Call Today
company
AboutWorkContact
Resources
Blog