Introduction
This Privacy Policy describes how Mega City ("we," "us," or "our") collects, uses, and protects personal information when you interact with us through our website at megacity.agency, by email, or in the course of a client engagement.
Mega City is the trade name under which a registered U.S. business operates. Inquiries about this policy can be directed to privacy@megacity.agency.
What we collect
We keep data collection to a minimum. The only categories of personal information we collect are:
Information you provide directly. When you email us, inquire about services, or enter into a client engagement, we collect the information you choose to share: your name, email address, company name (if applicable), and the content of your communications.
Information we receive during a client engagement. In the course of delivering creative, design, copywriting, and engineering services, we may receive materials, brand assets, source files, and other content from clients. We treat this information as confidential and use it only to fulfill the engagement.
Information automatically collected by our website. Our website does not use cookies or tracking technologies for advertising, analytics, or profiling purposes. Our hosting provider may automatically log standard technical information (such as IP address and user agent) as part of normal web server operation. This information is not used to identify individual visitors and is retained only as long as necessary for security and operational purposes.
We do not collect:
- Financial account numbers, payment card information, or banking details
- Health information
- Biometric data
- Precise geolocation
- Information from children under the age of 13
How we use personal information
We use the information we collect only for the following purposes:
- To respond to inquiries and communicate with prospects and clients
- To deliver the services a client has engaged us to perform
- To maintain business records, issue invoices, and receive payment
- To comply with legal, tax, and regulatory obligations
- To protect the security and integrity of our systems and communications
We do not use personal information for advertising, marketing profiling, or automated decision-making that produces legal or similarly significant effects.
How we share personal information
We do not sell personal information. We do not share personal information with third parties for their marketing or advertising purposes.
We share personal information only in the following circumstances:
- Service providers. We use third-party services to operate our business: email hosting, file storage, code hosting, financial services, and AI model providers. These providers process information on our behalf under contracts that require them to protect the information and use it only to provide services to us.
- Legal obligations. We may disclose information when required by law, valid legal process, or to protect the rights, property, or safety of Mega City, our clients, or others.
- Business transfers. If the business is sold, merged, or reorganized, personal information may be transferred to the successor entity subject to the terms of this policy.
How long we keep personal information
We retain personal information only as long as necessary for the purpose it was collected:
- Client engagement data: Retained for one year after the engagement closes, then deleted
- Financial records: Retained for seven years as required by tax and accounting obligations
- Email correspondence: Retained in line with the categories above
- Website server logs: Retained only as long as necessary for security and operational purposes
Specific retention periods are defined in our internal Data Retention Policy and may vary based on legal requirements.
How we protect personal information
We maintain administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. These include:
- Centralized credential management with multi-factor authentication
- Encrypted storage on primary systems and in backups
- Scoped access controls that limit who and what can access personal information
- Documented information security and access control policies, reviewed annually
No system is completely secure. If we become aware of a security incident affecting your personal information, we will notify you in accordance with applicable law.
Your rights
Depending on where you live, you may have rights regarding your personal information. We honor the following requests regardless of jurisdiction:
Right to access. You can request a copy of the personal information we hold about you.
Right to correction. You can request that we correct inaccurate personal information.
Right to deletion. You can request that we delete personal information we hold about you, subject to legal and operational retention requirements (for example, financial records we are required to keep for tax purposes).
Right to object or restrict. You can object to certain processing of your personal information, or request that we restrict specific processing activities.
Rights under the General Data Protection Regulation (GDPR)
If you are located in the European Union or European Economic Area, you have additional rights under the GDPR, including the right to data portability and the right to lodge a complaint with a supervisory authority. The lawful bases on which we process personal information include: performance of a contract (to deliver services to clients), legitimate interests (to operate our business and respond to inquiries), and legal obligations (to comply with tax and regulatory requirements).
Rights under the California Consumer Privacy Act (CCPA)
If you are a California resident, you have the right to know what personal information we have collected about you, the sources of that information, the purposes for which we use it, and the categories of third parties with whom we share it. You also have the right to request deletion of your personal information and the right not to be discriminated against for exercising your rights.
We do not sell or share personal information as those terms are defined under the CCPA.
How to exercise your rights
To exercise any of these rights, send an email to privacy@megacity.agency with a clear description of your request. We will acknowledge receipt within five business days and respond within the timeframe required by applicable law (typically 30 days for GDPR, 45 days for CCPA). We may need to verify your identity before fulfilling your request.
International data transfers
We are based in the United States. If you contact us from outside the United States, your personal information will be processed in the United States, where data protection laws may differ from those in your country. By communicating with us, you consent to this transfer.
For data subjects in the European Union, we rely on appropriate safeguards for international data transfers as required by the GDPR.
Children's privacy
Our services are not directed to children under the age of 13, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
Third-party links
Our website and communications may contain links to third-party websites. This policy does not apply to those websites, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.
Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will provide additional notice as required by applicable law. We recommend reviewing this policy periodically.
Contact us
Questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information can be sent to:
Email: privacy@megacity.agency
Website: megacity.agency