Privacy Policy

Plain-language summary. We collect very little. We use what we collect to run this site, respond to enquiries, and deliver client work. We never sell your data, and we don't run ad-tech retargeting. Full detail below.

1. Who we are

This site, cresthq.agency ("Crest", "we", "us"), is operated by Score Digital LLC. We are a marketing services firm that works with SaaS companies on organic growth, AI search visibility, affiliate infrastructure, and creator distribution.

This policy applies to information collected via our website, marketing channels, and client engagements. If you have questions, contact us at privacy@cresthq.agency.

2. Information we collect

2.1 Information you provide directly

When you contact us, book a discovery call, subscribe to updates, or sign an engagement letter, we collect what you give us — typically:

Name, work email, company name, and role
Information about your product, growth challenges, and goals
Payment and billing details (handled by our payment processor; we don't store card numbers)
Any content you share with us during a client engagement (briefs, brand guidelines, access credentials)

2.2 Information collected automatically

When you visit the site, our analytics tooling records:

Aggregated traffic patterns (pages viewed, time on page, referrer)
Approximate location based on IP (city/country only — never precise)
Device, browser, and operating system
The first traffic source that brought you to the site

We do not use cross-site advertising trackers and we do not build behavioural profiles for ad targeting.

2.3 Cookies

We use a small number of cookies, all in one of two categories:

Strictly necessary — keeping a session active, remembering form input, security checks. These can't be disabled without breaking the site.
Analytics — anonymous, aggregated. You can opt out via your browser's "Do Not Track" header, which we honour.

We do not set marketing or advertising cookies.

3. How we use information

We use the information described above to:

Respond to enquiries and schedule discovery calls
Deliver the services agreed in a signed engagement
Send service-related communications (kickoff emails, weekly updates, deliverables)
Send the occasional opt-in email if you've subscribed (we send roughly one email a month and never more than weekly)
Understand which pages of our site are useful, so we can improve them
Comply with legal obligations (tax, accounting, anti-fraud)

4. How we share information

We share information only with a small number of trusted service providers, each contractually bound to use it solely on our behalf. Our current providers include:

Cloud hosting and content delivery (for serving this site)
Email and calendar tools (for client communication)
Payment processing (for invoicing and payments)
Analytics (privacy-respecting, no personal profiles)

We do not sell, rent, or trade personal information to third parties. We will only disclose information when legally required — for example in response to a valid subpoena — and where allowed will notify the affected person first.

5. Data retention

Enquiry data: kept for 24 months after last contact, then deleted
Client engagement records: kept for 7 years after engagement closes (tax/legal obligation)
Marketing subscriber lists: kept until you unsubscribe; unsubscribed addresses are suppressed, not retained for marketing
Analytics: aggregated logs kept for 14 months, then auto-deleted

6. Your rights

Depending on where you live, you may have legal rights to:

Request a copy of the personal information we hold about you
Ask us to correct inaccurate information
Ask us to delete your information (subject to legal retention obligations)
Object to certain processing, or ask us to restrict it
Withdraw consent for marketing emails at any time
Lodge a complaint with your local data protection authority

To exercise any of these rights, email privacy@cresthq.agency. We respond within 30 days.

7. International transfers

Crest is operated from the United States. Information we collect may be processed in the US and in other countries where our service providers operate. Where required by law, we put appropriate safeguards in place — including standard contractual clauses — to protect data transferred internationally.

8. Security

We use industry-standard technical and organisational measures to protect information against loss, misuse, and unauthorised access. These include encryption in transit (TLS), encryption at rest for sensitive records, role-based access controls, and routine review of who has access to what.

That said, no system is perfectly secure. If we ever experience a breach affecting your personal information, we will notify you promptly as required by applicable law.

9. Children's privacy

Our services are intended for businesses. We do not knowingly collect information from children under 16. If we discover we have collected information from a child, we will delete it.

10. Changes to this policy

We will update this policy from time to time. Material changes will be flagged at the top of this page for at least 30 days before they take effect. The "Last updated" date at the top reflects the most recent change.

11. Contact

Questions, complaints, or rights requests: privacy@cresthq.agency.

Mailing address available on request.