Privacy Policy
Last updated: March 11, 2026
Effective date: March 11, 2026
1. Our Commitment to Your Privacy
The Digital Bite is a cybersecurity and technology consultancy. Protecting data — yours and our clients' — is not just a legal obligation for us. It is the foundation of our business. We collect only the information we need, we use it only for the purposes we describe, we store it securely, and we respect your rights under Costa Rican law.
This Privacy Policy explains what personal data we collect through our website (thedigitalbite.com), how we use it, who we share it with, and how you can exercise your rights under Ley 8968 — the Ley de Protección de la Persona frente al Tratamiento de sus Datos Personales.
2. Who We Are
Data Controller:
- Trinrica S.A.
- Cédula Jurídica: [INSERT CÉDULA JURÍDICA]
- San José, Costa Rica
- Email: privacy@thedigitalbite.com
- Website: thedigitalbite.com
For questions about this Privacy Policy or to exercise your data protection rights, contact us at privacy@thedigitalbite.com.
3. Legal Framework
This Privacy Policy is governed by:
- Ley No. 8968 — Ley de Protección de la Persona frente al Tratamiento de sus Datos Personales (enacted July 7, 2011)
- Decreto Ejecutivo No. 37554-JP — Reglamento a la Ley de Protección de la Persona frente al Tratamiento de sus Datos Personales (effective March 5, 2013, amended by Decreto 40008-JP)
- The supervisory authority is PRODHAB (Agencia de Protección de Datos de los Habitantes), an autonomous body under the Ministry of Justice and Peace of Costa Rica. Website: prodhab.go.cr
4. What Personal Data We Collect
We collect personal data in the following circumstances:
When you submit our contact form:
- Full name
- Business email address
- Company name
- Service interest (selected from dropdown)
- Message content (free text)
When you subscribe to our newsletter:
- Email address
- Name (if provided)
When you book a consultation through Calendly:
- Full name
- Email address
- Company name (if provided)
- Selected date and time
- Any information you include in the booking notes
When you contact us about a security emergency:
- Full name
- Email address
- Phone number
- Description of the security incident
When you interact with us via WhatsApp:
- Phone number
- Name (as displayed on your WhatsApp profile)
- Message content
When you browse our website (automatically collected):
- IP address
- Browser type and version
- Operating system
- Pages visited and time spent
- Referring URL
- Device type
- Approximate geographic location (derived from IP address)
This automatically collected data is gathered through cookies and similar technologies, which are described in our separate Cookie Policy.
5. How We Use Your Data
We use your personal data for the following specific purposes:
To respond to your inquiries — When you contact us through our website, WhatsApp, or email, we use your information to respond to your request, provide the information you've asked for, and follow up if appropriate.
To schedule and conduct consultations — When you book through Calendly, we use your information to confirm, prepare for, and conduct the consultation.
To send our newsletter — If you subscribe, we use your email address to send periodic communications about cybersecurity, technology, and our services. Every newsletter includes an unsubscribe option.
To respond to security emergencies — When you contact us through our emergency breach section, we use your information to triage the incident and initiate our response process.
To improve our website — We use analytics data to understand how visitors use our website, identify technical issues, and improve content and user experience.
To protect our website — We use Cloudflare's security services to protect against malicious traffic, DDoS attacks, and automated abuse.
We do not use your data for automated decision-making or profiling. We do not sell your personal data. We do not share your data with third parties for their own marketing purposes.
6. Legal Basis for Processing
Under Ley 8968, we process your personal data based on:
Your express consent — provided when you submit our contact form (via the consent checkbox), subscribe to our newsletter, book a consultation, or contact us through our emergency section. You may withdraw your consent at any time by contacting privacy@thedigitalbite.com. Withdrawal of consent does not affect the lawfulness of processing performed prior to withdrawal.
Legitimate contractual interest — when processing is necessary to fulfill a service request you have initiated or to perform a contract with you.
7. Who Has Access to Your Data
Our team — Only The Digital Bite staff members who need access to your data to perform their functions can access it.
Technology service providers — We use the following third-party services to operate our website and business. These providers process your data on our behalf under contractual obligations to protect it:
| Provider | Purpose | Data Processed | Location |
|---|---|---|---|
| HubSpot, Inc. | CRM, forms, email marketing | Contact form data, newsletter subscriptions, interaction history | United States |
| Google LLC (Analytics) | Website analytics | Anonymized browsing data, IP address (truncated) | United States |
| Calendly LLC | Consultation scheduling | Booking details, name, email | United States |
| Cloudflare, Inc. | Website security and CDN | IP addresses, traffic metadata | Global (US-headquartered) |
| Meta Platforms, Inc. | Marketing analytics (if enabled) | Browsing behavior via pixel (anonymized) | United States |
| LinkedIn Corporation | Marketing analytics (if enabled) | Browsing behavior via insight tag (anonymized) | United States |
Under Decreto Ejecutivo 40008-JP, transfers to technology intermediaries and service providers who process data exclusively for our defined purposes — and do not redistribute, disseminate, or commercialize the data — are not classified as international data transfers under Article 14 of Ley 8968. All providers listed above process data solely for the purposes described and under contractual data processing agreements.
We do not share your personal data with any other third parties unless required by law, court order, or to protect the rights and safety of The Digital Bite, our clients, or the public.
8. International Data Transfers
Several of our technology service providers are headquartered in the United States. Your personal data may be stored and processed on servers located outside of Costa Rica, primarily in the United States. By providing your consent through our data collection mechanisms (contact form checkbox, newsletter signup, Calendly booking), you acknowledge and authorize this international processing.
All service providers maintain industry-standard security certifications (SOC 2 Type II, ISO 27001, or equivalent) and process data under contractual data processing agreements that require them to protect your data in accordance with applicable law.
9. Data Retention
We retain your personal data only for as long as necessary for the purposes described in this policy, subject to the 10-year maximum established by Article 6 of Ley 8968. Our specific retention periods are:
| Data Category | Retention Period |
|---|---|
| Contact form submissions (no engagement) | 2 years from submission |
| CRM records (active or past clients) | Duration of relationship + 5 years |
| Newsletter subscriptions | Until you unsubscribe + 1 year |
| Calendly booking data | 2 years from consultation date |
| Emergency breach contact information | Duration of engagement + 3 years |
| Website analytics data | 26 months (GA4 default) |
| Cookie consent records | 2 years from consent date |
After these periods, personal data is either deleted or anonymized so that it can no longer be associated with you.
10. Your Rights (ARCO Rights)
Under Ley 8968 (Articles 5 and 7), you have the following rights regarding your personal data:
Right of Access (Acceso) — You may request confirmation of whether we hold your personal data, and if so, receive a copy of that data along with information about how it is processed.
Right of Rectification (Rectificación) — You may request correction of any personal data that is inaccurate, incomplete, or outdated.
Right of Cancellation (Cancelación) — You may request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw your consent. We may retain data where required by law or legitimate contractual obligations.
Right of Opposition (Oposición) — You may object to the processing of your personal data or withdraw your consent at any time.
How to exercise your rights:
Submit your request to privacy@thedigitalbite.com with the subject line "ARCO Rights Request." Include your full name, the right you wish to exercise, and sufficient detail for us to locate your data. We will verify your identity before processing any request.
If we fail to respond or deny your request, you may file a complaint with PRODHAB:
- PRODHAB — Agencia de Protección de Datos de los Habitantes
- Ministerio de Justicia y Paz
- San José, Costa Rica
- Website: prodhab.go.cr
11. Sensitive Data
We do not collect sensitive personal data as defined by Article 3(e) of Ley 8968 — including data concerning racial or ethnic origin, political opinions, religious beliefs, health information, sexual orientation, or biometric or genetic data. If you voluntarily include such information in a free-text message field, we will treat it with the enhanced protections required by Article 9 of Ley 8968.
12. Data Security
We implement technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS/SSL), access controls limiting data access to authorized personnel, regular security assessments of our systems and tools, contractual security obligations with all third-party service providers, and Cloudflare-based protection against web-based attacks.
As a cybersecurity consultancy, we apply the same standards to our own data handling that we recommend to our clients.
13. Breach Notification
In the event of a data breach affecting your personal data, we will notify you and PRODHAB within 5 business days from the date the breach is identified, as required by the amended Decreto 37554-JP. Notification will include the nature of the breach, the personal data affected, corrective actions taken, additional measures planned, and contact information for further inquiries.
14. Children's Privacy
Our website and services are designed for businesses and professionals. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that we have collected data from a minor, we will delete it promptly.
15. Cookies and Tracking Technologies
We use cookies and similar technologies on our website. For detailed information about the cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.
Non-essential cookies (analytics and marketing) are only activated after you provide explicit consent through our cookie banner.
16. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you via email or a prominent notice on our website. We encourage you to review this policy periodically.
17. PRODHAB Database Registration
Trinrica S.A. maintains registered databases with PRODHAB as required by Article 21 of Ley 8968. Registration number(s): [INSERT AFTER REGISTRATION].
18. Contact Us
For any questions about this Privacy Policy, your personal data, or to exercise your ARCO rights:
- Email: privacy@thedigitalbite.com
- Address: Trinrica S.A., San José, Costa Rica
- Website: thedigitalbite.com/en/contact/