Arora Media | Award Winning Fractional CMO Agency

Privacy Policy

Last updated: June 27, 2026

1. Introduction

Arora Media LLC ("Arora Media," "we," "us," or "our"), a limited liability company organized under the laws of the State of Arizona, located at [ADDRESS], respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our websites (including [aroramktg.com] and related properties), use our services, or otherwise interact with us, and when we provide marketing services on behalf of our clients.

This Policy applies to information processed in two capacities:

As a data controller / business, for information we collect about our own website visitors, prospects, clients, and contacts.

As a data processor / service provider, for information we process on behalf of our clients in delivering marketing services. When we act as a processor, our processing is governed by our agreement with the relevant client, and that client's privacy policy generally governs that data.

By using our services or websites, you acknowledge you have read and understood this Policy.

2. Information We Collect

We collect the following categories of information:

Information you provide directly:

Identity and contact data: name, email address, phone number, company name, job title, mailing address.

Account and onboarding data: login credentials, billing details, business information you share when becoming a client.

Communications: information you provide in emails, forms, calls, SMS, support requests, surveys, and meetings.

Payment information: processed through third-party payment processors; we do not store full card numbers.

Information collected automatically:

Device and technical data: IP address, browser type and version, operating system, device identifiers, time zone, and language settings.

Usage data: pages viewed, links clicked, time spent, referring URLs, and navigation paths.

Location data: approximate location inferred from IP address.

Cookies and similar technologies: as described in Section 7.

Information collected on behalf of clients (as processor):

In delivering paid media, email/SMS, CRO, and analytics services, we process data relating to our clients' customers and prospects, which may include contact details, behavioral and engagement data, purchase data, and advertising identifiers. This data is collected under the instruction and authority of our clients.

Information from third parties:

Advertising and analytics platforms (e.g., Meta, Google, TikTok, LinkedIn).

Data enrichment and prospecting tools.

Publicly available sources and social media.

Our clients, who provide data for campaign delivery.

Sensitive data: We do not intentionally collect sensitive personal data (such as data revealing health, race, religion, sexual orientation, or biometric data) unless required for a specific service and with appropriate legal basis and consent.

3. How We Use Information

We use information for the following purposes:

To provide, operate, and improve our services and websites.

To deliver marketing campaigns, including paid media, email and SMS marketing, content, and conversion optimization, on our own behalf and on behalf of clients.

To create, target, measure, and optimize advertising (see Section 6).

To communicate with you about services, respond to inquiries, and provide support.

To process payments and manage billing and contracts.

To analyze usage, conduct research, and develop new offerings.

To personalize content and experiences.

To detect, prevent, and address fraud, security issues, and technical problems.

To comply with legal obligations and enforce our agreements.

Legal bases for processing (for individuals in the EEA, UK, and similar jurisdictions): We rely on one or more of: your consent; performance of a contract; our legitimate interests (such as operating and marketing our business, provided these are not overridden by your rights); and compliance with legal obligations.

4. SMS and Email Marketing

Where we send marketing emails or SMS messages (on our own behalf or for clients), we do so in accordance with applicable law, including the CAN-SPAM Act, the Telephone Consumer Protection Act (TCPA), and equivalent international rules.

We obtain consent where required before sending marketing SMS.

Every marketing email includes an unsubscribe mechanism.

You may opt out of SMS at any time by replying STOP.

Message and data rates may apply.消息 frequency varies.

We do not sell mobile opt-in data, and SMS consent is not shared with third parties for their own marketing.

5. How We Share Information

We may share information with:

Service providers and subprocessors: hosting, analytics, CRM, email/SMS platforms, payment processors, and similar vendors who process data on our behalf under contract. [Examples: Framer, Loops.io, ManyChat, and similar.]

Advertising platforms: to deliver and measure advertising (see Section 6).

Our clients: where we process data on their behalf.

Professional advisors: lawyers, accountants, auditors, and insurers.

Business transfers: in connection with a merger, acquisition, financing, or sale of assets.

Legal and safety: where required by law, legal process, or to protect rights, safety, and property.

We do not sell your personal information for money. However, certain data sharing for targeted advertising may be considered a "sale" or "sharing" under some U.S. state laws (such as the CCPA/CPRA). See Section 9 for your rights and how to opt out.

6. Advertising, Targeting, and Analytics

As a marketing agency, advertising is central to what we do. We and our partners use cookies, pixels, SDKs, and advertising identifiers to:

Deliver targeted advertising based on your interests and behavior.

Build and use custom and lookalike audiences on platforms such as Meta, Google, TikTok, and LinkedIn.

Retarget visitors who have interacted with our or our clients' websites.

Measure ad performance, attribution, and conversions (including via conversion APIs and server-side tracking).

Match hashed identifiers (such as emails) to platform user bases for audience targeting.

These platforms may act as independent controllers of the data they receive and process it under their own privacy policies. We encourage you to review the privacy and ad-settings pages of [Meta, Google, TikTok, LinkedIn, and other relevant platforms].

You can opt out of interest-based advertising through industry tools such as the Digital Advertising Alliance (optout.aboutads.info), the Network Advertising Initiative (optout.networkadvertising.org), and the European Interactive Digital Advertising Alliance (youronlinechoices.eu), as well as through your device and browser settings.

7. Cookies and Tracking Technologies

We use cookies and similar technologies (pixels, web beacons, local storage, SDKs) to operate our sites, analyze usage, and deliver advertising. Categories include:

Strictly necessary: required for the site to function.

Performance/analytics: help us understand how the site is used (e.g., Google Analytics).

Functional: remember preferences.

Advertising/targeting: used to deliver and measure ads.

Where required by law (such as in the EEA and UK), we obtain consent before placing non-essential cookies through a consent management tool, and you can change your preferences at any time via our cookie banner or settings link. You can also control cookies through your browser settings. For more detail, see our [Cookie Policy / cookie settings].

8. International Data Transfers

We are based in the United States, and we may process and store information in the U.S. and other countries. Where we transfer personal data from the EEA, UK, or Switzerland to countries that have not been deemed to provide adequate protection, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum / Swiss equivalents) and supplementary measures where required.

9. Your Privacy Rights

Depending on where you live, you may have some or all of the following rights:

Access the personal data we hold about you.

Correct inaccurate data.

Delete your data.

Restrict or object to processing.

Data portability.

Withdraw consent at any time.

Opt out of targeted advertising, "sale," or "sharing" of personal information, and (where applicable) profiling.

Not be discriminated against for exercising your rights.

For U.S. state residents (including California, and residents of states with comprehensive privacy laws such as Virginia, Colorado, Connecticut, Texas, and others): You may have specific rights under laws such as the California Consumer Privacy Act as amended (CCPA/CPRA). California residents may request disclosure of the categories and specific pieces of personal information collected, request deletion, and opt out of the sale or sharing of personal information and targeted advertising. We honor opt-out preference signals such as Global Privacy Control (GPC) where required.

For individuals in the EEA, UK, and similar jurisdictions: You may exercise the GDPR/UK GDPR rights listed above and have the right to lodge a complaint with your local supervisory authority.

How to exercise your rights: Contact us at [privacy@aroramktg.com]. We will respond within the timeframes required by applicable law. We may need to verify your identity before fulfilling a request. You may use an authorized agent where the law permits. Note: where we process data as a processor on behalf of a client, we will direct your request to the relevant client or act on their instructions.

10. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy, including to provide services, comply with legal, accounting, or reporting obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and context. When data is no longer needed, we delete or anonymize it. Data we process on behalf of clients is retained per our agreement with that client.

11. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, loss, misuse, or alteration. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.

12. Children's Privacy

Our services and websites are not directed to children under [16], and we do not knowingly collect personal data from children under [16] (or the relevant age in your jurisdiction). If you believe a child has provided us personal data, contact us and we will delete it.

13. Third-Party Links

Our sites and our clients' campaigns may link to third-party sites and services we do not control. This Policy does not apply to those third parties, and we encourage you to review their privacy policies.

14. Changes to This Policy

We may update this Policy from time to time. We will post the updated version with a revised "Last updated" date and, where required by law, provide additional notice or obtain consent. Your continued use of our services after changes take effect constitutes acceptance.

15. Contact Us

If you have questions or requests regarding this Policy or your personal data, contact us at:

Arora Media LLC

[ADDRESS]

Email: [privacy@aroramktg.com]

[Phone]

[For EEA/UK individuals: if you have an EU/UK representative or Data Protection Officer, list them here, or delete this line.]