Privacy Policy
This Privacy Policy describes how Drishyam Media collects, uses, discloses, retains, and protects your information when you use our services.
1. Introduction and Scope
This Privacy Policy (“Policy”) describes how Drishyam Media (“Drishyam Media,” “we,” “us,” or “our”), a creative media production and marketing based in Tampa, Florida, collects, uses, discloses, retains, and protects information when you (a) visit our website at [WEBSITE URL] (the “Site”), (b) submit a contact, booking, or quote-request form, (c) engage us for professional services, (d) subscribe to our email or SMS communications, or (e) interact with our content on third-party platforms (collectively, the “Services”).
By accessing or using the Services, you acknowledge that you have read and understood this Policy. If you do not agree, do not use the Services. This Policy applies to all users worldwide, supplemented by jurisdiction-specific sections in Article 11 (California), Article 12 (Florida), and Article 13 (International).
2. Who We Are and How to Contact Us
For all data-subject rights requests, complaints, or inquiries about this Policy, contact us at privacy@drishyammedia.com with the subject line “Privacy Request.”
3. Information We Collect
We collect the following categories of information.
(a) Information you provide directly.
Name, business name, email address, phone number, mailing/billing address, project description, event date, location, social media handles, brand assets, creative briefs, scheduling preferences, signed agreements, and any other information you submit through forms, email, calls, or our booking flow.
(b) Payment information.
When you pay an invoice or deposit, payment-card data is collected and processed directly by our payment processor (Stripe, Inc.) and is not stored on our servers. We receive only transaction confirmation, billing name, billing email, transaction amount, and the last four digits of the payment card.
(c) Booking and scheduling information.
When you book a meeting through our scheduling tool (Calendly), we receive your name, email, time zone, IP address, calendar selections, and any custom-form responses.
(d) Content and project materials.
Photos, videos, audio recordings, scripts, brand guidelines, talent releases, location permissions, and other materials you upload, send, or authorize us to capture during pre-production, production, or post-production.
(e) Automatically collected information.
When you visit the Site, we and our analytics and advertising vendors automatically collect: IP address, device type, operating system, browser type and version, language, referring URL, pages viewed, links clicked, scroll depth, session duration, mouse movements, page interactions, device identifiers, and approximate location derived from IP address.
(f) Communications.
Email correspondence, SMS messages, call records, voicemails, and chat transcripts you send to or exchange with us.
(g) Marketing and engagement data.
Email open, click, and unsubscribe events; campaign-source identifiers; lead-source attribution; and engagement with our content on third-party platforms.
We do not intentionally collect Social Security numbers, driver's license numbers, government IDs, precise geolocation, biometric identifiers, health information, or financial-account credentials. Do not submit such information to us unless we expressly request it for a specific engagement.
4. Cookies, Analytics, and Tracking Technologies
We and our service providers use cookies, pixels, software development kits, web beacons, and similar technologies. We use the following named tools:
(a) Google Analytics 4 (GA4).
Measures Site traffic, sessions, conversions, and user paths. GA4 collects pseudonymous identifiers, IP-derived approximate location, device data, and event data. Retention is set to 14 months. Opt out: tools.google.com/dlpage/gaoptout.
(b) Meta Pixel (Facebook/Instagram).
Tracks conversions, builds custom audiences, and supports retargeting. Meta Pixel transmits page views, button clicks, and standard events to Meta. Manage Meta ad preferences: facebook.com/adpreferences.
(c) LinkedIn Insight Tag.
Enables conversion tracking and audience-building for LinkedIn campaigns. LinkedIn opt-out: linkedin.com/psettings/guest-controls/retargeting-opt-out.
(d) Microsoft Clarity.
Records aggregated session-replay data, including mouse movements, clicks, scroll behavior, and page interactions, to help us improve user experience. Microsoft Clarity may capture form-field interactions; we configure Clarity to mask sensitive fields. We do not use Clarity on pages that collect health, financial, or other sensitive personal information.
(e) Strictly necessary cookies.
Used for site security, load-balancing, and form functionality. These cannot be disabled.
Consent management. Where required by applicable law (including for visitors from California, the European Economic Area, the United Kingdom, or other jurisdictions requiring opt-in cookie consent), non-essential trackers are gated behind a cookie-consent banner. We honor the Global Privacy Control (GPC) browser signal as a valid opt-out of “sale” and “sharing” of personal information for visitors who transmit it.
Third-party tracker liability disclaimer. Each third-party analytics, advertising, and tracking vendor named above operates as an independent controller under its own privacy policy and terms. Drishyam Media's responsibility is limited to its configuration of these tools on the Site. We do not control, and are not responsible for, the downstream collection, retention, or use of data by these vendors once data is transmitted to them. We disclaim liability for any change in vendor behavior, vendor data breach, or vendor practice that is outside our reasonable configuration control.
5. Sources of Information
We obtain information from (a) you directly, (b) automated collection on the Site, (c) third-party service providers (Stripe, Calendly, email service providers, CRM, project-management platforms), (d) public sources (e.g., your business website or public social-media profiles), and (e) referrals from existing clients.
6. How We Use Information
We use information for the following purposes:
(a) Service delivery.
To respond to inquiries, prepare proposals, schedule and conduct shoots, deliver creative work, manage retainers, communicate about projects, issue invoices, and provide support.
(b) Payments and accounting.
To process payments, collect outstanding balances, maintain financial records, and comply with tax and accounting obligations.
(c) Site operation, analytics, and improvement.
To operate, secure, maintain, and improve the Site and our marketing channels; measure campaign performance; and understand visitor behavior in aggregate.
(d) Marketing and business development.
To send newsletters, promotional content, case studies, and event invitations; to deliver and measure advertising; and to remarket to past Site visitors. You may opt out at any time (Article 8).
(e) Portfolio, case studies, and showcase.
To display deliverables, behind-the-scenes content, and project case studies on our website, social media, awards submissions, and marketing materials, subject to the license granted in our Terms of Service.
(f) Legal, compliance, and enforcement.
To comply with applicable laws (including FAA, tax, and consumer-protection laws); enforce our agreements; respond to lawful requests, subpoenas, and court orders; investigate and prevent fraud, abuse, and security incidents; and establish, exercise, or defend legal claims.
(g) Business transfers.
To facilitate a merger, acquisition, financing, reorganization, or sale of all or substantially all of our assets, in which case information may be transferred to the successor entity.
7. How We Share Information
We share information only as described below. We do not sell personal information for monetary consideration. Certain disclosures to advertising and analytics partners may constitute “sharing” or “sale” under California law; see Article 11.
(a) Service providers and vendors.
Stripe (payments), Calendly (scheduling), Google (analytics, workspace), Meta (advertising), LinkedIn (advertising), Microsoft (analytics, productivity), our email-service provider, our CRM, our cloud-storage provider, our project-management platform, our accounting software, professional advisors (legal, tax, insurance), and contractors and freelance creatives engaged on a project (each bound by confidentiality).
(b) Subcontractors and crew.
Photographers, videographers, drone pilots, editors, designers, audio engineers, and other creative professionals engaged for a project may receive information necessary to perform their work.
(c) Clients and authorized recipients.
If you are an end-recipient of content (e.g., subject of a shoot), we may share relevant information with the client commissioning the work.
(d) Business transfers.
As described in Article 6(g).
(e) Legal disclosures.
When required by law, regulation, legal process, or governmental request, or to protect rights, property, or safety.
(f) With your consent.
For any purpose disclosed at the time of collection.
8. Marketing Communications and Your Choices
You may opt out of marketing communications at any time by (a) clicking the “unsubscribe” link in any marketing email, (b) replying STOP to any marketing SMS, or (c) emailing privacy@drishyammedia.com with the subject line “Unsubscribe.” We honor unsubscribe requests within ten (10) business days, consistent with the CAN-SPAM Act, 15 U.S.C. §§ 7701–7713. Transactional and service-related communications (project updates, invoices, contract notices) are not subject to opt-out while you have an active engagement.
9. Data Retention
We retain information only as long as necessary for the purposes described in this Policy, to comply with legal obligations, to resolve disputes, and to enforce agreements. Specific defaults:
| Category | Default Retention |
|---|---|
| Active client engagement records and final deliverables | Seven (7) years after engagement ends |
| Raw footage, RAW images, and project files | Ninety (90) days after final delivery, unless purchased separately |
| Contact-form and lead inquiries that do not become clients | Twenty-four (24) months from last contact |
| Email-marketing subscriber records | Until opt-out, plus twelve (12) months for suppression-list compliance |
| Analytics data (GA4) | Fourteen (14) months |
| Advertising-pixel and cookie data | Thirteen (13) months (vendor default) |
| Payment, invoice, and tax records | Seven (7) years |
| Backup archives | Up to twelve (12) months in encrypted backup, then purged |
After the applicable retention period, we securely delete, anonymize, or destroy the information in a manner consistent with Florida Statutes § 501.171(8).
10. Security and Breach Notification
We maintain administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS 1.2 or higher), access controls, principle-of-least-privilege user permissions, multi-factor authentication on key accounts, encrypted cloud storage, secure disposal practices, and contractual confidentiality obligations on subcontractors. No system is perfectly secure, and we cannot guarantee absolute security.
In the event of a security incident affecting personal information, we will investigate, contain, and notify affected individuals and applicable authorities consistent with the Florida Information Protection Act (Fla. Stat. § 501.171), which requires notification as expeditiously as practicable and no later than thirty (30) days after determination of a breach affecting Florida residents, and consistent with the CCPA/CPRA and other applicable laws for residents of other jurisdictions. Our service providers and processors are contractually required to notify us within ten (10) days of any incident affecting our data.
If you suspect unauthorized access to your information, contact us immediately at privacy@drishyammedia.com.
11. Your California Privacy Rights (CCPA/CPRA)
This Article applies to natural persons who reside in California. Drishyam Media may not currently meet the thresholds for “business” status under the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (as amended by the CPRA), but we voluntarily extend the following rights to California residents as a matter of good practice.
(a) Categories of personal information collected.
Identifiers (name, email, phone, IP address, device IDs); commercial information (services purchased, transaction history); internet/network activity (browsing, clickstream, pixel data); geolocation (approximate, IP-derived); audio/visual (project content, when applicable); professional/employment information (when relevant); inferences (audience segments).
(b) Sources, purposes, and recipients.
As described in Articles 5, 6, and 7.
(c) Sensitive personal information.
We do not intentionally collect “sensitive personal information” as defined by Cal. Civ. Code § 1798.140(ae) and do not use any such information for purposes requiring a “Limit the Use of My Sensitive Personal Information” link.
(d) Sale and sharing.
We do not “sell” personal information for monetary consideration. Our use of advertising cookies and pixels (Meta Pixel, LinkedIn Insight Tag) for cross-context behavioral advertising may constitute “sharing” under the CPRA. To opt out, click “Do Not Sell or Share My Personal Information” in our cookie banner or website footer, or transmit a Global Privacy Control signal from a supported browser.
(e) California rights.
California residents have the right to: (i) know and access categories and specific pieces of personal information collected; (ii) delete personal information, subject to legal exceptions; (iii) correct inaccurate personal information; (iv) opt out of sale and sharing; (v) limit use of sensitive personal information (if applicable); and (vi) be free from retaliation for exercising these rights.
(f) How to exercise rights.
Submit a verifiable request to privacy@drishyammedia.com with the subject line “California Privacy Request.” We will verify your identity and respond within forty-five (45) days, with a one-time forty-five-day extension if necessary. You may designate an authorized agent in writing.
(g) Shine the Light.
California residents may request information about disclosures of personal information to third parties for direct-marketing purposes once per calendar year. Email privacy@drishyammedia.com.
12. Florida Residents — Courtesy Disclosures
The Florida Digital Bill of Rights, Fla. Stat. §§ 501.701–501.721, applies to controllers exceeding certain revenue and operational thresholds (including a $1 billion global gross annual revenue threshold). Drishyam Media does not meet those thresholds and is not a “controller” subject to the FDBR. Nevertheless, as a courtesy, Florida residents may request access, correction, or deletion of personal information by contacting privacy@drishyammedia.com. We comply with Fla. Stat. § 501.171 breach-notification obligations as described in Article 10. We comply with the Florida Telephone Solicitation Act for any SMS or telephone marketing campaigns.
13. International Users (EU, UK, and Other Jurisdictions)
Our Services are operated from the United States. If you access the Services from outside the United States, your information will be transferred to, stored in, and processed in the United States, which may not provide the same level of protection as your home jurisdiction. By using the Services, you consent to such transfer.
For visitors from the European Economic Area or United Kingdom, our lawful bases under Regulation (EU) 2016/679 and the UK GDPR are: (a) performance of a contract for clients; (b) legitimate interests for marketing, analytics, and security; (c) consent for non-essential cookies and electronic marketing; and (d) compliance with legal obligations. EU/UK data subjects have rights of access, rectification, erasure, restriction, portability, objection, and to lodge a complaint with a supervisory authority. Cross-border transfers rely on Standard Contractual Clauses and the UK International Data Transfer Addendum where applicable. Clients with GDPR-scoped engagements should request our Data Processing Addendum before commencement.
14. Children's Privacy
The Services are intended for businesses, professionals, and adults aged eighteen (18) and over. We do not direct the Services to children under thirteen (13) and do not knowingly collect personal information from children under thirteen, consistent with the Children's Online Privacy Protection Act, 15 U.S.C. §§ 6501–6506 and 16 C.F.R. Part 312. If we learn we have collected personal information from a child under thirteen without verifiable parental consent, we will promptly delete it. Parents and guardians may contact privacy@drishyammedia.com for deletion requests.
When children are subjects of commissioned content (e.g., a family event, school performance, or commercial shoot), the commissioning client is responsible for obtaining all necessary parental consents and releases, and warrants the same in our Terms of Service.
15. Third-Party Links and Platforms
The Services contain links to, embeds from, and integrations with third-party websites, social-media platforms, and tools, including but not limited to Instagram, Facebook, YouTube, TikTok, LinkedIn, Vimeo, Google, Stripe, and Calendly. We do not control and are not responsible for the content, privacy practices, security, or availability of any third-party site, embed, or platform. Your use of third-party services is at your own risk and is governed by their own terms and privacy policies. Inclusion of a link or embed does not imply endorsement.
16. DMCA — Copyright Complaints
We respect intellectual property rights and respond to valid notices under the Digital Millennium Copyright Act, 17 U.S.C. § 512. To report infringement on the Site or in content we host, send a written notice to our designated agent containing all elements required by 17 U.S.C. § 512(c)(3): (a) physical or electronic signature; (b) identification of the copyrighted work; (c) identification of the allegedly infringing material with sufficient detail to locate it (including URL); (d) your contact information; (e) a statement of good-faith belief; and (f) a statement, under penalty of perjury, that the information is accurate and you are authorized to act.
DMCA Designated Agent
9946 Brompton Drive, Tampa, Florida
Email: privacy@drishyammedia.com
Subject Line: “DMCA Notice”
We will respond expeditiously and may remove or disable access to the material. A counter-notice procedure consistent with 17 U.S.C. § 512(g) is available. We maintain a policy of terminating, in appropriate circumstances, the access of repeat infringers.
17. Do Not Track Signals
Because there is no industry consensus on the meaning of “Do Not Track” browser signals, the Site does not respond to DNT signals. We do honor the Global Privacy Control signal as described in Article 4.
18. Changes to This Policy
We may update this Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated by updating the “Effective Date” above and, where appropriate, providing a banner on the Site or sending email notice to active clients. Continued use of the Services after the effective date constitutes acceptance of the updated Policy.
19. Contact
For all privacy questions, requests, and complaints, contact us at:
Drishyam Media
9946 Brompton Drive, Tampa, Florida
Email: contact@drishyammedia.com
Phone: +1 (813) 965-7606