Skip to content
Ephirium logo

Privacy Policy

Last updated: March 2026

1. Introduction and Data Controller

Ephirium ("we", "us", or "our"), based in El Salvador, is the data controller responsible for your personal data. This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit our website (ephirium.com) or engage our services. This policy applies to all visitors and clients regardless of location. We strive to comply with the data protection regulations applicable in each user's jurisdiction. For any privacy-related inquiries, contact us at legal@ephirium.com.

2. Information We Collect

We collect the following categories of personal information:

  • Identifiers: First name, last name, email address, company name, and IP address — collected when you submit our quote form or visit our website.
  • Project Information: Project category, selected services, budget range, timeline, and free-text descriptions shared through our quote form.
  • Internet Activity: Pages visited, time spent, navigation patterns, referring URLs, and performance metrics — collected automatically via our analytics tools.
  • Device and Technical Data: Browser type and version, operating system, device type, screen resolution, and language preferences — collected automatically.

3. Legal Basis for Processing

Under applicable data protection frameworks, we process your personal data based on the following legal grounds:

  • Consent: When you submit the quote form, you explicitly consent to the processing of your data by checking the privacy agreement box. You may withdraw consent at any time by contacting us.
  • Contract Performance: Processing is necessary to respond to your quote request, negotiate project terms, and deliver services you have contracted.
  • Legitimate Interest: We process anonymized analytics data to improve our website performance and user experience. This processing is proportionate and does not override your rights.
  • Legal Obligation: We may process data when required by applicable law, regulation, or legal process.

4. How We Use Your Information

We use collected information for the following purposes:

  • To respond to your inquiries and provide requested services
  • To prepare and send project quotes and proposals
  • To send project updates, invoices, and communications related to contracted services
  • To analyze anonymized usage patterns and optimize website performance
  • To detect and prevent fraud, abuse, and security incidents
  • To comply with legal obligations and enforce our agreements

5. Analytics and Tracking

We use privacy-focused analytics tools to understand how visitors interact with our website. These tools collect aggregated data about page views, performance metrics, and user interactions. Our analytics provider does not use this data for cross-site tracking or advertising. No third-party advertising trackers are present on our website. Note: While we collect IP addresses for functional purposes such as form submission processing and rate-limiting (as described in Section 2), our analytics tools only process aggregated, non-identifiable data and do not track individual IP addresses.

6. Cookies

Our website uses a minimal set of cookies strictly necessary for functionality. We use a locale preference cookie to remember your language selection. We do not use advertising, social media, or third-party tracking cookies. You can control cookie preferences through your browser settings. To delete cookies: in Chrome, go to Settings → Privacy → Clear browsing data; in Firefox, go to Settings → Privacy → Cookies; in Safari, go to Preferences → Privacy → Manage Website Data. Disabling cookies may affect language detection functionality.

7. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We have never sold personal information and have no plans to do so. We may share your information only in the following limited circumstances:

  • Service Providers: Third-party providers for hosting, analytics, database, and email delivery — each bound by data processing agreements
  • When required by law, regulation, subpoena, or court order
  • To protect our rights, safety, or property, or those of our users or the public
  • With your explicit, informed consent
  • If you wish to know the specific providers that process your data, you may request this information at legal@ephirium.com

8. International Data Transfers

Your personal data is processed and stored on servers located in the United States through our service providers. If you are located in the European Economic Area (EEA), United Kingdom, Brazil, or other jurisdictions with data transfer restrictions, please be aware that your data will be transferred to the US. We ensure appropriate safeguards are in place through our service providers' data processing agreements and compliance certifications. By submitting your information through our website, you acknowledge this transfer.

9. Data Retention

We retain your personal data for specific, defined periods based on the purpose of collection:

  • Quote submissions: Retained for 2 years from submission date to allow follow-up on potential projects, then permanently deleted
  • Client project data: Retained for the duration of the business relationship plus 5 years to comply with tax and legal obligations
  • Analytics data: Aggregated and anonymized — retained indefinitely as it cannot be linked to individuals
  • Rate-limiting records: Automatically deleted after 1 hour
  • You may request earlier deletion at any time by contacting legal@ephirium.com

10. Data Security

We implement robust technical and organizational security measures to protect your personal information, including: encryption for all data in transit, protection against common web vulnerabilities, secure cookie configurations, input validation and sanitization, and access controls limited to authorized personnel. We follow industry best practices and continuously review and improve our security measures. While no method of internet transmission is 100% secure, we are committed to protecting your data to the highest standard. In the event of a security breach affecting your personal data, we will notify you without undue delay in accordance with applicable law.

11. Your Rights

Regardless of your location, you have the following rights regarding your personal data:

  • Access the personal information we hold about you
  • Request correction of inaccurate or incomplete information
  • Request deletion (erasure) of your personal information
  • Object to or restrict processing of your information
  • Request portability of your data in a machine-readable format
  • Withdraw consent at any time without affecting the lawfulness of prior processing

12. Region-Specific Rights

In addition to the general rights above, the following rights apply based on your jurisdiction:

  • European Economic Area (GDPR): You have the right to lodge a complaint with your local Data Protection Authority. You may exercise any right listed above free of charge. We will respond to your request within 30 days.
  • California (CCPA/CPRA): You have the right to know what personal information we collect and how it is used, to request deletion, to opt out of the sale or sharing of personal information (we do not sell your data), and to non-discrimination for exercising your rights. You may designate an authorized agent to make requests on your behalf.
  • Brazil (LGPD): You have the right to confirmation of data processing, access, correction, anonymization, portability, deletion of data processed with consent, and information about shared data. You may file a complaint with the ANPD (Autoridade Nacional de Proteção de Dados).
  • Mexico (LFPDPPP): You have ARCO rights (Access, Rectification, Cancellation, and Opposition). To exercise them, send a request to legal@ephirium.com with your full name, description of the data, and desired action. We will respond within 20 business days.

13. Do Not Sell or Share My Personal Information

Ephirium does not sell, share, or use your personal information for cross-context behavioral advertising as defined by the CCPA/CPRA. We have not sold personal information in the preceding 12 months. If you wish to exercise your right to opt out, or if our practices change in the future, contact us at legal@ephirium.com.

14. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you become aware that a minor has provided us with personal information, please contact us at legal@ephirium.com and we will promptly delete it.

15. Changes to This Policy

We review and update this Privacy Policy at least annually and whenever our data practices materially change. We will post the revised policy on this page with an updated "Last updated" date. For material changes, we will make reasonable efforts to notify affected users via email or a prominent notice on our website. Your continued use of our website after changes are posted constitutes acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy, wish to exercise any of your data rights, or want to file a complaint, you can reach us at:

  • Email: legal@ephirium.com
  • Quote form: Contact form
  • We aim to respond to all privacy-related requests within 15 business days, or within the timeframe required by your applicable local law.