At Left Hand Agency, we take privacy and data protection seriously. While we do not directly collect or store personally identifiable information (PII) in the course of delivering media services, we maintain internal controls, vendor standards, and security practices that align with FERPA, GDPR, CCPA, and other applicable regulations.

 

Our framework includes:

​

Data Handling and Compliance

• No direct PII processing: We do not collect or retain regulated personal data. Client-owned first-party data is anonymized, hashed, or aggregated by platforms such as Meta, TikTok, Google, and The Trade Desk.

• Regulatory compliance: We work only with platforms and vendors that certify compliance with FERPA, GDPR, CCPA, and equivalent privacy laws.

• Client-provided data: Any 1P client data is uploaded directly into secure platforms. We never store, retain, or repurpose such data.

​

Security Practices

• AI tool usage: We pay for enterprise-level AI tools to ensure our data is not used to train large language models.

• Password management: All credentials are managed through 1Password with multi-factor authentication enforced.

• Collaboration environment: We operate exclusively in Google Workspace (paid tier), which provides enhanced encryption, access controls, and administrative security.

• Data backups: Agency data is regularly backed up using [Insert Backup Provider], with retention and recovery safeguards in place.

• Access control: We follow least-privilege principles and enforce MFA across devices and accounts.

​

Oversight and Accountability

• Privacy impact alignment: We conduct internal reviews for each new campaign to confirm platform compliance, ensure brand safety, and mitigate privacy risk.

• Complaint and request handling: We have a documented workflow to escalate and resolve privacy-related complaints or data subject requests in partnership with platforms and clients.

​

Commitment

Our goal is to deliver effective campaigns while upholding the highest standards of privacy and security. By minimizing data handling internally and relying on secure, compliant vendors, we reduce risk and ensure client trust.