Dagrander
Privacy

How we handle your data.

What we collect, where it goes, and how to ask us to delete it. Plain language, backed by an internal audit of what this site actually does.

Who we are

Dagrander Inc. runs this website. We are a small ecommerce consultancy based in the United States. When we say “we” or “us” on this page, we mean Dagrander Inc.

What we collect

We collect what you give us through the contact form. That’s the only place this site asks for personal information. The fields are:

  • Your name
  • Your email address
  • The brand or company you work with
  • Your role
  • A budget range you select from a list
  • A timeline you select from a list
  • The kinds of work you’re considering (a multi-select that mirrors our services)
  • A free-text message describing what you’re working on

We also run automated checks to filter out bot submissions before they reach us. We don’t describe how those checks work on this page because doing so would make it easier to defeat them.

We see your IP address at request time because every web request carries one. We use it for two things: rate-limiting the contact form against abuse, and writing it into our server logs alongside the request URL and user agent. We don’t store your IP in the durable record of your inquiry, and we don’t run third-party marketing trackers, fingerprinting scripts, or pixels on this site.

Where your data goes

When you submit the contact form, your data reaches four service providers we use to run the site:

  • A rate-limit and durable-storage provider holds your submission in a private list so the message survives even if email delivery fails. The same provider also holds a short-lived per-IP counter that rolls off automatically after ten minutes.
  • A transactional email provider delivers two messages: the notification to our team, and the confirmation back to you.
  • The notification lands in our shared inbox provider so we can reply.
  • The hosting provider that serves the pages also captures standard hosting access logs and supplies the analytics described in the next section.

We do not share your data with anyone outside of those four providers. None of them sells it on, and none of them is used for advertising. We are a US-based firm, so if you write to us from the EU, UK, or elsewhere, your data crosses borders to reach us. We do not currently designate a Data Protection Officer or an EU representative; if you need one, email us and we will work out the right path together.

Cookies and analytics

We use Vercel Analytics and Vercel Speed Insights to understand how the site performs. Both run cookielessly, by vendor design, and identify visits with a short-lived request hash instead of a tracking cookie. They run regardless of your cookie choice because there is no cookie to consent to.

The only cookies this site writes are first-party. Before you choose, the only cookie present is the consent cookie itself, dagrander-consent-v1. It expires after one year and contains only your accept-or-decline choice and a timestamp. No identifier.

We also load Google Tag Manager with a single Google Analytics 4 tag inside it. Google’s Consent Mode v2 framework gives us seven categories to declare what visitor consent does and does not allow. By default, all six trackable categories are denied and no Google scripts collect anything. When you click Accept, we flip exactly two of them to granted: analytics_storage (which lets GA4 measure pageviews) and functionality_storage (which lets functional cookies like the GA4 client ID get written).

The other four categories stay denied even after you accept: ad_storage, ad_user_data, ad_personalization, and personalization_storage. We run no advertising tags, no remarketing, and no personalization scripts, so there is nothing on the page that would use those grants. If we ever added a tag that needed them, we would update this page and re-prompt you for consent first.

If you decline, no Google scripts collect anything and no GA4 cookies are written. You can change your mind at any time on the cookie settings page.

How long we keep it

We keep submissions on a rotating basis for operational reasons; older records roll off automatically. We can delete an individual submission on request.

The two transactional emails are retained in the transactional email provider’s logs for 30 days, per their published retention policy. The hosting provider keeps its access logs for roughly the same window. The short-lived rate-limit counter expires automatically as its ten-minute window rolls off. The consent cookie on your browser lasts one year unless you clear it sooner.

Your rights

We process inquiry data on the basis of legitimate interest: you wrote to us about a potential engagement, and we read and reply. We process analytics data on the basis of your consent. Under EU and UK data protection law, you have the right to ask for a copy of the personal data we hold about you, to ask us to correct it, to ask us to delete it, and to ask us to send it to another provider. Email the address at the bottom of this page and we respond within 30 days.

California rights

If you are a California resident, the CCPA gives you the right to know what personal information we hold about you, to delete it, to correct it, and to opt out of any sale or sharing of it. We do not sell or share personal information for cross-context behavioral advertising, so there is no opt-out to exercise. You can still ask us to know, delete, or correct what we hold by emailing the address below.

Do Not Track and Global Privacy Control

We honor browser Do Not Track signals. If your browser sends DNT=1, we treat that as a decline, the cookie banner does not appear, and no analytics cookies are written. We do not currently honor Global Privacy Control as a separate signal, but because we do not sell or share personal information for cross-context behavioral advertising, GPC is operationally moot for what this site does today.

Contact for data requests

Email us at hello@dagrander.com with “Data request” in the subject line. We respond within 30 days.

Last updated: 2026-05-14