Privacy Policy

1. Introduction

Crocs and Clicks (“we,” “us,” or “our”) is a digital marketing agency based in Vancouver, Washington, providing search engine optimization, pay-per-click advertising, web design, social media marketing, and contractor-focused marketing services. We respect your privacy and are committed to protecting the personal information you share with us.

This Privacy Policy explains what information we collect through our website at crocsandclicks.com (the “Site”), how we use and share that information, and the rights you have regarding your personal information under applicable state and federal laws, including the Washington Consumer Protection Act (RCW 19.86), the Washington Data Breach Notification Law (RCW 19.255), Washington's My Health My Data Act (RCW 19.373), the federal CAN-SPAM Act, the Telephone Consumer Protection Act (TCPA), and the Children's Online Privacy Protection Act (COPPA).

By using our Site or our services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Site.

2. Information We Collect

Information You Provide Directly

When you contact us, request a quote, subscribe to our newsletter, or engage our services, we may collect:

• Name and business name
• Email address and phone number
• Mailing or business address
• Information about your business, industry, website, and marketing goals
• Messages and communications you send us
• Billing and payment information (processed by third-party payment processors; we do not store full payment card data on our servers)

Information Collected Automatically

When you visit our Site, we automatically collect certain technical information through cookies, pixels, and similar technologies, including:

• IP address and approximate geographic location (city, state, country)
• Browser type, operating system, and device information
• Pages viewed, time spent on pages, click paths, and referring URLs
• Date and time of access
• Search terms used to reach our Site

Information from Third Parties

We may receive information about you from third-party sources, such as analytics providers (Google Analytics, Google Search Console), advertising platforms (Google Ads, Meta), and publicly available business listings.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To respond to inquiries and provide quotes, proposals, and information about our services
• To deliver services we have agreed to provide, including SEO, PPC, web design, and related marketing work
• To communicate with you about your project, account, billing, or service updates
• To send marketing communications (such as newsletters or service announcements), only when you have opted in or have an existing business relationship with us, and always with an option to unsubscribe
• To analyze and improve our Site, content, and services through aggregated and de-identified analytics
• To comply with legal obligations, enforce our agreements, and protect the rights, property, or safety of Crocs and Clicks, our clients, or others
• To prevent fraud, spam, and abuse on our Site and services

4. Cookies and Tracking Technologies

We use cookies and similar technologies to make our Site function properly, understand how visitors use our Site, and improve performance. Categories include:

• Essential cookies required for the Site to function (such as form submission and security)
• Analytics cookies that help us understand traffic patterns through Google Analytics 4 (GA4) and Google Search Console
• Performance and behavior cookies from tools such as Microsoft Clarity (heatmaps and session recordings, where enabled), used to improve user experience
• Advertising cookies placed by Google Ads or Meta when we run remarketing campaigns, to show relevant ads on other sites

You can control cookies through your browser settings, by opting out of Google Analytics at tools.google.com/dlpage/gaoptout, and by adjusting ad personalization at adssettings.google.com. We also honor Global Privacy Control (GPC) signals where applicable.

5. How We Share Your Information

We share information only in the limited circumstances described below:

Service Providers and Vendors

We share information with trusted third-party providers who help us operate our business and deliver services. These include:

• Hosting and infrastructure: ycode (website platform), Cloudflare (security and content delivery)
• Analytics: Google Analytics, Google Search Console, Microsoft Clarity
• Form processing: FormSubmit.co (handles contact form submissions)
• Advertising platforms: Google Ads, Meta (Facebook/Instagram), where we run client or agency campaigns
• Email and communication tools used for client correspondence
• Payment processors for invoicing and billing

These providers are contractually required to handle your information in accordance with applicable law and only for the purposes we authorize.

Legal Compliance

We may disclose information when required by law, subpoena, court order, or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, comply with a legal obligation, or prevent fraud or harm.

Business Transfers

If Crocs and Clicks is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

With Your Consent

We will share your information with third parties for any other purpose only with your explicit consent.

6. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including providing services, complying with legal obligations, resolving disputes, and enforcing our agreements. Specifically:

• Inquiry and lead form data: up to 24 months after last contact, unless you request deletion sooner
• Active client records: for the duration of the engagement plus 7 years (for tax, accounting, and legal purposes)
• Website analytics data: up to 14 months in Google Analytics 4, per our default retention setting
• Email marketing subscriber data: until you unsubscribe

When information is no longer needed, we delete or de-identify it in accordance with our retention schedule.

7. Data Security

We use reasonable administrative, technical, and physical safeguards designed to protect your personal information against unauthorized access, disclosure, alteration, or destruction. These measures include:

• HTTPS/TLS encryption for all data transmitted to and from our Site (managed via Cloudflare)
• Access controls limiting which team members can view client data
• Reputable third-party vendors with their own established security practices
• Regular review of our data handling and security practices

No method of transmission or storage is 100% secure, however. We cannot guarantee absolute security, but we will notify you in accordance with applicable law in the event of a data breach affecting your personal information.

8. Your Privacy Rights

Depending on your location, you may have rights regarding your personal information, including:

• Right to access the personal information we hold about you
• Right to correct inaccurate or incomplete information
• Right to delete personal information, subject to legal retention requirements
• Right to opt out of marketing communications at any time
• Right to restrict or object to certain processing
• Right to data portability, where applicable
• Right to withdraw consent where processing is based on your consent

To exercise any of these rights, contact us using the information at the bottom of this policy. We will respond within the timeframes required by applicable law (typically within 45 days). We will not discriminate against you for exercising any privacy right.

9. Washington State Resident Rights

Washington does not currently have a comprehensive consumer privacy statute in effect, but Washington residents are protected under the Washington Consumer Protection Act (RCW 19.86), the Washington Data Breach Notification Law (RCW 19.255), and the Washington My Health My Data Act (RCW 19.373) for consumer health data. Additionally, Washington residents are protected against unfair or deceptive trade practices, including misrepresentations about how their data is collected and used.

As a Washington resident, you may:

• Request access to or correction of personal information we hold about you
• Request deletion of your personal information
• Opt out of marketing emails at any time
• File a complaint with the Washington Attorney General's Office at atg.wa.gov if you believe your rights have been violated

10. Consumer Health Data (Washington My Health My Data Act)

Crocs and Clicks does not collect, process, or share “consumer health data” as defined under Washington's My Health My Data Act (RCW 19.373) in the ordinary course of providing our marketing services. We do not knowingly collect data that identifies a consumer's past, present, or future physical or mental health status, including health conditions, treatments, diagnoses, biometric data tied to health, precise geolocation tied to health services, or genetic information.

If our services in the future require us to process consumer health data on behalf of a healthcare-related client, we will publish a separate Consumer Health Data Privacy Policy as required by the Act, obtain the consents required by law, and provide the rights described in RCW 19.373, including the right to access, withdraw consent, request deletion, and receive a list of third parties that have received your health data.

11. California and European Residents

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (as amended by the CPRA), including the right to know, the right to delete, the right to correct, the right to opt out of the “sale” or “sharing” of personal information, and the right to limit the use of sensitive personal information. As stated above, we do not sell or share personal information for cross-context behavioral advertising within the meaning of the CCPA. To exercise your California rights, contact us using the information below.

European Economic Area, United Kingdom, and Switzerland Residents

If you are located in the EEA, UK, or Switzerland, our processing of your personal data is governed by the General Data Protection Regulation (GDPR) or its UK equivalent. Our lawful bases for processing include your consent, performance of a contract, our legitimate interests in operating our business, and compliance with legal obligations. You have rights to access, rectify, erase, restrict, port, and object to processing, and to lodge a complaint with your local supervisory authority.

12. Email Marketing and Communications (CAN-SPAM, TCPA)

We comply with the federal CAN-SPAM Act in all our commercial email communications. Every marketing email we send includes:

• Accurate sender identification and a valid physical postal address
• A clear and conspicuous unsubscribe link
• Honoring of unsubscribe requests within 10 business days

We do not send unsolicited text messages or autodialed phone calls in violation of the Telephone Consumer Protection Act (TCPA). If we contact you by phone or text in connection with services or marketing, it is on the basis of an existing business relationship or your express prior consent, and you may opt out at any time.

13. Children's Privacy (COPPA)

Our Site and services are intended for businesses and adults age 18 and older. We do not knowingly collect personal information from children under the age of 13 in violation of the Children's Online Privacy Protection Act (COPPA). If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will promptly delete it. If you believe we may have inadvertently collected such information, please contact us immediately.

14. Data Breach Notification

In the event of a security breach affecting unencrypted personal information of Washington residents, we will notify affected individuals and, where required, the Washington Attorney General, in accordance with RCW 19.255 (Washington's Data Breach Notification Law). Notification will occur in the most expedient time possible and without unreasonable delay, and no later than 30 days after discovery, unless a longer period is required by law enforcement or to determine the scope of the breach.

15. Third-Party Links

Our Site may contain links to third-party websites, plug-ins, and applications. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party sites and are not responsible for their privacy practices. We encourage you to read the privacy policies of any third-party site you visit.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the “Last Updated” date at the top of this page and, where appropriate, provide additional notice (such as posting a notice on our Site or sending an email). Your continued use of the Site after changes are posted constitutes your acceptance of the updated policy.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us: