Privacy Policy

01Who we are

Atomic Web, Inc. (d/b/a Atomic Design) is a marketing and web design agency headquartered in Franklin, Tennessee, with offices in Rochester, New York and Atlanta, Georgia.

02Information we collect

We collect three categories of information:

Information you give us directly. When you fill out a form, request a quote, subscribe to our newsletter, or contact us, we collect what you provide — typically your name, email address, phone number, company name, job title, website URL, and any details you share about your project or business.

Information collected automatically. When you visit our site, we automatically collect technical information your browser sends — IP address, browser type and version, device type, operating system, referring URL, pages viewed, time spent on each page, and similar usage data. We collect this through cookies, server logs, and analytics tools (see Section 5).

Information from third parties. We may receive information about you from analytics providers, advertising platforms, marketing technology vendors, and publicly available business sources when we're researching or qualifying a prospect or customer.

Categories under California law

For California residents, the categories of personal information we have collected over the past 12 months, using the categories defined under the California Consumer Privacy Act (CCPA), are:

• Identifiers — name, email address, phone number, IP address, account identifiers
• Customer records — contact details, billing information, communications with us
• Commercial information — services purchased or considered, transaction history
• Internet or network activity — browsing history on our site, interactions with our content, search queries, referring sources
• Geolocation data — general location inferred from IP address (not precise geolocation)
• Professional or employment information — job title, company, industry
• Inferences — preferences and interests inferred from your activity

Sensitive personal information

Atomic Design does not knowingly collect “sensitive personal information” as defined under California law (precise geolocation, racial or ethnic origin, religious beliefs, contents of mail or messages, biometric data, health information, sexual orientation, or similar categories) in the ordinary course of our marketing operations. If we collect such information for a specific business purpose — for example, with your consent during a project engagement — we use it only for the disclosed purpose, retain it only as long as needed, and do not use or disclose it for purposes other than those for which it was collected.

A note about job applicants

If you apply for a job with Atomic Design, additional categories of information are collected and used solely for recruiting and employment purposes. Job applicants in California will receive a separate Notice at Collection at the point of application.

03How we use information

We use the information we collect to:

• Respond to your inquiries and deliver the services you've requested
• Send you newsletters, marketing emails, or other communications you've opted into
• Improve our website, services, and marketing
• Personalize content and recommendations
• Analyze traffic patterns and user behavior on our site
• Detect, prevent, and respond to fraud, security incidents, or abuse
• Comply with legal obligations
• Carry out other purposes you've consented to or that are reasonably expected based on how you've interacted with us

We do not make decisions based solely on automated processing that produce legal or similarly significant effects on you without offering meaningful human review.

AI tools

As an AI-native agency, we use AI tools (large language models, automation platforms, and similar technologies) in our internal operations. When we process personal information through AI tools, we use enterprise-tier services with data protection terms in place, and we do not knowingly use third-party AI services that train their models on customer data unless you have specifically consented to that use.

04How we share information

We share personal information only in the following circumstances:

Service providers. We use third-party providers to run our business — hosting, email delivery, customer relationship management, analytics, marketing automation, payment processing, and similar operational tools. Service providers can use your information only to perform services for us, under written agreements that require them to protect it.

Advertising and analytics partners. Some of the third-party tools we use for analytics and advertising (such as Google, Meta, LinkedIn) may collect or receive information about your activity on our site for their own purposes, including measurement and audience targeting. Under California law, this disclosure may constitute “sharing” of personal information for cross-context behavioral advertising. We do not sell personal information for monetary consideration, but you can opt out of this sharing — see Section 6 below and the “Do Not Sell or Share My Personal Information” link in our footer.

Professional advisors. We may share information with our attorneys, accountants, auditors, and insurers as needed.

Business transfers. If Atomic Design is acquired, merged, or sells assets, your information may be transferred to the acquiring entity. We'll notify you if such a transfer changes how your information is handled.

Legal requirements. We may disclose information when required by law, court order, subpoena, or government request, or to protect our rights, safety, or property — or those of our users, clients, or the public.

With your consent. In any other case, we share information only when you've directed or consented to it.

05Cookies, analytics, and tracking

We and our service providers use cookies, web beacons, pixels, and similar technologies to remember your preferences, understand how visitors use our site, measure marketing performance, and serve relevant content and ads. These include analytics, advertising, customer relationship management, marketing automation, session research, and similar categories of tools.

For a current list of the specific tools we use, how long each cookie is stored, and how to control them, see our Cookie Policy.

You can disable cookies in your browser settings, and you can use universal opt-out tools like the Global Privacy Control. Some site features may not work correctly with all cookies disabled.

06Your privacy rights

Depending on where you live, you have certain rights over the personal information we hold about you. We honor those rights to the extent required by applicable law.

Rights for everyone

• Access — request a copy of the personal information we hold about you
• Correction — ask us to correct inaccurate or incomplete information
• Deletion — ask us to delete personal information we hold about you
• Portability — request your information in a structured, commonly used format
• Opt out of marketing — unsubscribe from our emails at any time using the link in any message, or by emailing us directly

Additional rights for California residents (CCPA/CPRA)

If you're a California resident, you also have the right to:

• Know what categories of personal information we've collected, the sources, the business purposes, the categories of third parties we've shared it with, and the specific pieces of personal information we hold — over the past 12 months
• Opt out of the “sale” or “sharing” of personal information — via the “Do Not Sell or Share My Personal Information” link in our footer
• Limit the use and disclosure of sensitive personal information (to the limited extent we collect any)
• Non-discrimination — we will not deny you services, charge a different price, or provide a lesser experience for exercising your rights

Authorized agents. California residents may designate an authorized agent to make requests on their behalf. We may require the agent to provide proof of authorization (such as a written, signed permission) and may require you to verify your own identity directly with us before fulfilling the request.

Additional rights for residents of other US states with privacy laws

If you live in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, Tennessee, Nebraska, New Hampshire, New Jersey, Maryland, Minnesota, Indiana, Kentucky, or Rhode Island, you have rights similar to those above under your state's privacy law. We honor the rights granted by your state.

Right to appeal. If you live in a state whose law provides an appeal right (such as Virginia, Colorado, Connecticut, Montana, or others), and we deny your request, you may appeal our decision by replying to our denial within 60 days. We will respond to your appeal within 60 days. If your appeal is denied, you may contact your state's Attorney General.

Additional rights for residents of the European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)

If you're located in the EEA, UK, or Switzerland, you also have the right to:

• Object to or restrict our processing of your information
• Withdraw consent at any time where processing is based on consent (withdrawal does not affect prior lawful processing)
• Lodge a complaint with your local data protection authority

We process EEA/UK personal data on the legal bases of: legitimate interests (to operate and improve our business), performance of a contract (to deliver services you've engaged us for), consent (where you've opted in), and legal obligation (where required by law).

How to exercise your rights

Send a request to hello@atomicdesign.net with the subject line “Privacy Request.”

Verification. To protect your information, we may ask you to confirm details we already have on file (such as the email address used in your last communication, or details about a recent inquiry) before fulfilling the request. For deletion requests involving sensitive information, additional verification may be required.

Timing. We will respond within 45 days (CCPA) or one month (GDPR), with the possibility of an extension of up to 45 additional days (CCPA) or two additional months (GDPR) for complex requests, with notice to you.

07Children's privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA). If we learn we have collected personal information from a child under 13 without parental consent, we will delete it.

For California residents, we do not knowingly sell or share personal information of consumers under 16 without the affirmative consent required by California law.

08Data retention

We keep your information only as long as we need it for the purposes described in this policy, or as long as required or permitted by law. Specific retention periods depend on the nature of the information and the legal or business basis for processing. For an estimate of how long we retain specific categories of information, contact us at hello@atomicdesign.net.

When information is no longer needed, we delete or de-identify it.

09Data security

We use commercially reasonable technical, administrative, and physical safeguards to protect your information — including encryption in transit (HTTPS), encryption at rest where supported, access controls, employee training, and vendor security reviews. No method of transmission or storage is 100% secure, but we take protecting your information seriously.

In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law.

10International data transfers

We are based in the United States. If you access our site from outside the U.S. — including from the European Economic Area, United Kingdom, or Switzerland — your information will be transferred to, stored, and processed in the U.S., where data protection laws may differ from those in your country.

For transfers of personal data from the EEA, UK, or Switzerland to the U.S. or other countries that have not received an adequacy decision from the relevant authority, we rely on appropriate legal safeguards including Standard Contractual Clauses approved by the European Commission, supplementary measures where required, and equivalent mechanisms in the UK and Switzerland.

You may request a copy of the safeguards we use by contacting us at hello@atomicdesign.net.

11Do Not Track and Global Privacy Control signals

Our website does not currently respond to “Do Not Track” browser signals — a widely recognized standard for DNT has not been established.

We honor Global Privacy Control (GPC) signals as a valid opt-out request from sale or sharing of personal information for users in states whose law recognizes GPC, including California. If you have GPC enabled in your browser, we will treat it as an opt-out for that browser and device.

12Links to other websites

Our site may link to third-party websites or services. We don't control them and aren't responsible for their privacy practices. Review the privacy policy of any site you visit.

13Notice at Collection

For California residents and others entitled to it, this Privacy Policy serves as our Notice at Collection. Where personal information is collected through a specific form or interaction on our site, we provide a brief notice at or before the point of collection that links to this policy.

14Changes to this policy

We may update this Privacy Policy from time to time. When we do, we'll update the “Last Updated” date at the top. If we make material changes that affect how we use your personal information, we will provide additional notice — such as a prominent banner on our site, an email to subscribers, or, where required by law, seeking your affirmative consent — before the changes take effect.

15Contact us

Questions, requests, or complaints about this Privacy Policy or our privacy practices:

For California-specific privacy requests, the same contact information applies. California consumers may also reach us toll-free at the number above.