Underbeat ← Back

Legal

Privacy Policy

Last updated: May 25, 2026.

On this page 1. Who we are
2. Information you provide
3. Information collected automatically
4. Cookies
5. How we use information
6. How we share information
7. Data retention
8. Security
9. Your choices and rights (general)
10. California residents (CCPA/CPRA)
11. EEA, UK, and Swiss residents (GDPR/UK GDPR)
12. International data transfers
13. Children
14. Do Not Track and Global Privacy Control
15. Changes
16. Contact

This Privacy Policy (“Policy”) describes how Underbeat (“Underbeat”, “we”, “us”) handles information collected through underbeat.com (the “Site”). The Site exists to allow prospective clients to contact us. We collect the minimum information necessary to operate the Site and respond to inquiries.

1. Who we are

Underbeat is a private consulting and design practice with offices in Brooklyn, New York, and Long Beach, California. For purposes of the European Union General Data Protection Regulation and the United Kingdom General Data Protection Regulation, Underbeat acts as the data controller for personal data submitted through the Site. You can reach us at info@underbeat.com.

2. Information you provide

When you use the contact form, you provide:

Submission is voluntary. Please do not include sensitive personal data (for example, government identifiers, financial account numbers, or health information) in a contact-form message. If you do, you do so at your own discretion; the Site is not a substitute for a privileged or encrypted communication channel.

3. Information collected automatically

When you visit the Site, our hosting provider (Cloudflare) automatically logs limited technical information needed to deliver the Site and protect against abuse, including:

The Site does not use third-party analytics, advertising trackers, cross-site tracking pixels, behavioral profiling, or device-fingerprinting. We do not maintain a customer profile based on your browsing.

4. Cookies

We do not set tracking, analytics, or advertising cookies. Cloudflare may set short-lived, security-purpose cookies (such as __cf_bm or cf_clearance) to distinguish humans from automated traffic and to keep the Site available. These cookies are strictly necessary for the secure delivery of the Site and are not used for advertising.

5. How we use information

We use information for the following purposes:

We do not use personal information to train artificial-intelligence or machine-learning models.

6. How we share information

We do not sell or rent personal information, and we do not share it with third parties for cross-context behavioral advertising. We share information only as follows:

7. Data retention

We retain personal information only as long as needed for the purpose for which it was collected, or as required by law.

8. Security

The Site is served over HTTPS with HSTS. Form submissions are transmitted over TLS to the server and relayed to our inbox over TLS using SMTP authentication. Access to the inbox is protected by Google Workspace security controls, including multi-factor authentication and password rotation where applicable. We follow reasonable administrative, technical, and physical safeguards in accordance with applicable law (including the New York SHIELD Act). No system is perfectly secure, and we cannot guarantee absolute security.

9. Your choices and rights (general)

You may decline to use the contact form. If you have already contacted us and would like a copy of, correction of, or deletion of the information we hold about you, email info@underbeat.com. We will respond within a reasonable time and consistent with applicable law. We will not discriminate against you for exercising any of these rights.

10. California residents (CCPA/CPRA)

This section provides information required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the “CCPA”), and applies to California residents.

10.1 Notice at collection

In the last twelve (12) months, we have collected the following categories of personal information from California consumers, for the purposes described in Section 5 (How we use information):

The sources of this information are: directly from you (form input) and automatically from your device and browser (server logs).

10.2 No “sale” or “sharing”

We do not sell personal information and do not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA. Because we do not sell or share, there is no “Do Not Sell or Share My Personal Information” opt-out link required on the Site. We have not sold or shared personal information of California consumers (including consumers under 16) in the prior twelve (12) months.

10.3 Your CCPA rights

California residents have the right to:

10.4 How to submit a request

Submit a verifiable consumer request by emailing info@underbeat.com with “California privacy request” in the subject. We will verify your identity using the email address on file and may ask for additional information sufficient to verify that you are the person about whom we have collected information. An authorized agent may submit a request on your behalf; we may require written proof of the agent's authority. We will respond within 45 days, with a possible 45-day extension if reasonably necessary, as permitted by the CCPA.

10.5 Shine the Light

California Civil Code section 1798.83 (the “Shine the Light” law) permits California residents to request information regarding our disclosure of personal information to third parties for their direct-marketing purposes. We do not disclose personal information to third parties for their direct-marketing purposes.

11. EEA, UK, and Swiss residents (GDPR/UK GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, this section applies in addition to the rest of this Policy.

11.1 Controller

Underbeat is the controller of personal data submitted through the Site. We do not have a representative or Data Protection Officer designated in the EU or UK at this time; you can reach us directly at info@underbeat.com for any data-protection matter.

11.2 Legal bases

We rely on the following legal bases under Article 6 of the GDPR/UK GDPR:

11.3 Your rights

Subject to applicable law, you have the right to: access your personal data, rectify inaccurate data, request erasure, request restriction of processing, object to processing based on legitimate interests, request data portability, and withdraw consent at any time. To exercise any of these rights, email info@underbeat.com.

11.4 Right to lodge a complaint

You have the right to lodge a complaint with your supervisory authority. In the United Kingdom, the supervisory authority is the Information Commissioner's Office (ico.org.uk). In the European Union, you may contact the supervisory authority of the Member State in which you reside or work.

11.5 Automated decision-making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

12. International data transfers

Underbeat is headquartered in the United States, and our service providers (Cloudflare and Google) are based in the United States. If you contact us from outside the United States, the personal information you provide will be transferred to and processed in the United States. Where required, transfers from the EEA, UK, or Switzerland are protected by appropriate safeguards under Article 46 of the GDPR/UK GDPR, including the European Commission's Standard Contractual Clauses entered into with our service providers, supplemented as needed by additional technical and organizational measures.

13. Children

The Site is not directed to children under 13 (or under 16 in jurisdictions where that is the applicable threshold), and we do not knowingly collect information from them. If you believe a child has submitted information through the Site, please contact us and we will delete it.

14. Do Not Track and Global Privacy Control

This Site does not respond to Do Not Track (DNT) browser signals because there is no widely accepted standard for how such signals should be interpreted. We do not sell or share personal information, so the Global Privacy Control (GPC) signal has no additional effect on our processing on this Site.

15. Changes

We may update this Policy from time to time. Updates are reflected in the “Last updated” date above. Material changes will be highlighted when reasonable; for example, by a banner on the Site or a notice in a follow-up email to recent inquirers.

16. Contact

Questions or requests about this Policy can be sent to info@underbeat.com, or by mail to: Underbeat, 300 Cadman Plaza West, 12th Floor, Brooklyn Heights, NY 11201, USA.