Non-essential cookies load only after you click “Accept” in our banner. You can revisit preferences via the Cookie Settings link. Full details appear in our Cookie Policy, which also describes Google Consent Mode v2 and Global Privacy Control (GPC) handling.

We only share data with the processors below, each bound by a Data Processing Agreement and acting on our instructions:

Data may be stored in the USA or other countries where our processors operate. Transfers rely on SCCs and, where recognised, the EU-US DPF or UK/Swiss adequacy decisions. You can request a copy of the relevant clauses via info@positive.agency.

We host the Site on Webflow, which is SOC 2 Type II-certified and runs on ISO 27001-certified Amazon Web Services data centres. All traffic is encrypted via SSL/TLS, databases are encrypted at rest, and Cloudflare Enterprise provides DDoS mitigation and web-application firewall protection. Administrative access to Webflow, our CRM and email accounts is restricted with strong passwords and two-factor authentication (TOTP codes or FIDO2 security keys).

If a data incident occurs we will (i) notify the Supervisory Authority within 72 h when required, (ii) contact affected users without undue delay, and (iii) take remediation steps, all per Articles 33-34 GDPR and Google Ads Data Processing Terms.

Ads are served based on pseudonymous identifiers and browsing behaviour.No decision produces legal or similarly significant effects on you within the meaning of Article 22 GDPR.

Our services target adults 18+. If we learn we processed data from a child under 13 (U.S.) or under 16 (EEA) without parental consent, we will erase it immediately.

We may update this notice at any time. The current version is shown by the “Last updated” date.Material changes will be announced on the Site or by e-mail at least 14 days in advance.

Questions about privacy?Email info@positive.agency or our DPO at mdelaroca@positive.agency.We reply within 30 days.