Contact Us

Privacy Policy

Effective Date: October 10, 2025
Entity: Winford Harter Consulting LLC
Address: 30 N Gould St Ste R, Sheridan, WY 82801, United States
Website: https://istok.media/
Email: info@istok.media

 

  1. Scope and Role

1.1 This Privacy Policy explains how Winford Harter Consulting LLC (“Company,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal data when you visit our website, interact with our content, contact us, apply to work with us, or receive our services.
1.2 For individuals in the European Economic Area (EEA), the United Kingdom, and Switzerland, Winford Harter Consulting LLC is the data controller for the activities described in this Policy.
1.3 This Policy applies to business contacts, clients, prospects, vendors, contractors, creators, talent, and any individuals whose personal data we process in connection with our creative and consulting operations.
1.4 Additional disclosures or supplemental policies may apply to specific services, brands, or jurisdictions.

 

  1. Categories of Personal Data We Collect

We collect personal data depending on your interaction with us.

2.1 Data you provide directly

  • Identification and contact data (name, title, role, email, phone, address, social handle)
  • Inquiry and communication data (messages, forms, meeting notes, feedback)
  • Contract and billing data (company details, tax data, billing address, invoices, payment confirmations through providers such as Stripe, PayPal, or banking partners)
  • Portfolio and creative data for talent (reels, sample work, resumes, bios, rates, location, availability)
  • Event or education data (registrations, attendance records, feedback forms)

2.2 Data collected automatically

  • Device and usage data (IP, browser, OS, referrer URL, session duration, pages viewed)
  • Interaction data (clicks, scrolls, engagement metrics, session replays where applicable)
  • Cookies and analytics identifiers

2.3 Data from third parties

  • Publicly available professional data (LinkedIn, Behance, Instagram, YouTube)
  • Analytics, advertising, and anti-fraud providers
  • Payment processors, customer-relationship platforms, and affiliates
  • Client-supplied materials that contain third-party data necessary for project delivery

2.4 Sensitive data
We do not intentionally collect sensitive categories such as government identifiers, biometric data, health data, or precise geolocation. Where unavoidable for a specific contractual reason, we will request explicit consent and apply enhanced safeguards.

 

  1. Purposes of Processing

We process personal data to:

  • Operate, secure, and maintain our websites, systems, and platforms
  • Respond to inquiries and prepare proposals or service statements
  • Execute client projects including strategy, production, and campaign management
  • Manage creator and talent onboarding, contracting, and payments
  • Host or manage educational sessions, webinars, and workshops
  • Send service updates and permitted marketing communications
  • Conduct analytics, performance tracking, and service improvement
  • Prevent fraud, enforce legal rights, and ensure compliance
  • Maintain internal records, accounting, and dispute resolution documentation

 

  1. Legal Bases for EEA and UK Processing

Under GDPR and UK GDPR, our legal bases include:

  • Contract performance or taking steps prior to entering into one
  • Legitimate interest in operating and improving services, securing systems, and marketing to business contacts
  • Consent for non-essential cookies, promotional emails, or data re-use in AI workflows where applicable
  • Legal obligation (tax, accounting, regulatory)
  • Vital interests in rare cases involving protection of individuals

 

  1. Cookies and Similar Technologies

5.1 We use cookies, pixels, and tags for functionality, analytics, and advertising measurement.
5.2 Non-essential cookies are set only with your consent. You may manage preferences via the banner or browser settings.
5.3 We respect Global Privacy Control (GPC) and treat valid signals as opt-out requests from cross-context behavioral advertising where legally recognized.
5.4 For more information, see our Cookie Notice if available.

 

  1. AI-Assisted Content and Automated Decisions

6.1 We use AI tools for ideation, content generation, summarization, and performance optimization. All outputs are directed, reviewed, and approved by human staff.
6.2 We do not make fully automated decisions that produce legal or significant effects on individuals.
6.3 Client data used to instruct or fine-tune AI tools is handled under confidentiality, minimization, and provider contracts with data-processing safeguards.
6.4 We evaluate AI vendors for data security, IP rights compliance, and content moderation practices before adoption.

 

  1. Data Processing Agreements and Sub-Processors

7.1 We engage vetted third-party processors to support operations (e.g., hosting, CRM, file storage, analytics, communication, and payment systems).
7.2 Each processor is bound by a Data Processing Agreement (DPA) requiring confidentiality, security measures, and GDPR-equivalent safeguards.
7.3 A list of principal sub-processors may be provided upon request, subject to confidentiality restrictions.
7.4 We periodically review and update our vendor list to maintain compliance with evolving data-protection standards.

 

  1. Disclosures and Recipients

Personal data may be disclosed to:

  • Service providers (hosting, analytics, payment, CRM, marketing)
  • Talent or creator partners engaged for a client project
  • Professional advisors (legal, tax, audit)
  • Authorities or regulators as legally required
  • Corporate successors in the event of merger or acquisition

We do not sell personal data for money. Certain analytics or ad cookies may qualify as “sharing” under laws like the CCPA. See section 11 for opt-out rights.

 

  1. International Transfers

9.1 Data may be processed in the United States and other jurisdictions with different data-protection laws.
9.2 For transfers from the EEA, UK, or Switzerland, we rely on:

  • Standard Contractual Clauses (EU SCCs)
  • UK International Data Transfer Addendum
  • Vendor participation in the EU-US Data Privacy Framework or equivalent programs

9.3 Copies of relevant safeguards can be requested (redacted where commercially sensitive).

 

  1. Security and Breach Notification

We implement administrative, technical, and physical measures including encryption, access control, MFA, vendor risk assessments, and employee confidentiality agreements.

In the event of a data breach likely to result in risk to individuals, we will:

  • Notify affected users or clients without undue delay
  • Provide details of the incident, categories of data involved, and remedial measures
  • Cooperate with relevant data-protection authorities as required

Despite safeguards, no system is completely secure, and we cannot guarantee absolute protection.

 

  1. Retention

We retain personal data only as long as necessary for the purposes stated in this Policy.
Criteria include:

  • Contractual necessity
  • Legal retention periods (tax, accounting, corporate)
  • Risk and sensitivity of data
  • Business continuity or archival needs

Once retention is no longer required, we securely delete or anonymize data using industry-standard methods.

 

  1. Region-Specific Disclosures and Rights

12.1 EEA and UK
You have rights to access, rectification, erasure, restriction, portability, and objection (including marketing).
You may withdraw consent at any time.
Complaints may be lodged with a supervisory authority (see EDPB list or the ICO).

12.2 California
Under CCPA/CPRA, you have rights to:

  • Know, access, correct, delete, and opt out of sale or sharing
  • Limit use of sensitive data (we do not infer characteristics)
  • Submit opt-outs through the cookie banner or Global Privacy Control signal

12.3 Virginia, Colorado, Connecticut, Utah, and others
You may have rights to access, correct, delete, obtain a portable copy, and opt out of targeted advertising, sale, or profiling. Appeals can be submitted by email with “Appeal” in the subject.

 

  1. Marketing Communications

You can unsubscribe from marketing emails anytime using the unsubscribe link or by contacting us.
We may still send transactional or service communications related to ongoing projects.

 

  1. Children

Our website and services are intended for professional use.
We do not knowingly collect data from individuals under 13.
If you believe a minor has submitted data, contact us for removal.

 

  1. Creator and Talent Network Terms

15.1 Data processed includes profiles, sample work, rates, and performance metrics.
15.2 We may share limited professional information with clients solely to facilitate project matching.
15.3 You can update or request deletion of your data at any time; some records may be retained for compliance or disputes.

 

  1. Corporate Affiliates and Cross-Brand Processing

Winford Harter Consulting LLC may share limited business contact or analytical data with its related entities or affiliated brands under common ownership, subject to this Policy and applicable safeguards.

Such processing supports operational, marketing, and compliance functions without broad disclosure to external parties.

  1. Data Subject Requests

Submit requests to the contact email with your name, jurisdiction, and desired right.
We may require verification or authorized agent documentation.
We respond within legal timeframes and explain reasons if we cannot fulfill a request.

 

  1. AI Ethics and Transparency Principles

We adhere to the following principles for responsible AI use:

  • Human oversight in all AI-assisted decisions
  • Data minimization and anonymization for prompts or training data
  • No sale or misuse of client or user data for independent AI training
  • Regular vendor evaluation for ethical and content-moderation standards

 

  1. Enforcement and Governing Law

This Policy and all related disputes are governed by the laws of the State of Wyoming, United States, without regard to conflict-of-law principles.
Any disputes will be handled in accordance with the arbitration clause outlined in our Terms of Service.

 

  1. Changes to this Policy

We may update this Policy periodically. The Effective Date reflects the latest version.
Material updates will be posted with a clear notice. Continued use of our website or services signifies acceptance of the updated Policy.

 

  1. Contact

For questions, requests, or complaints about this Policy or our data practices, contact:
info@istok.media

 

  1. Supplement on International Safeguards

Upon request, we can provide additional information about international data-transfer safeguards, geographic locations of principal processors, and mechanisms ensuring lawful transfers.

 

  1. Complaints and Resolution

If you are located in the EEA or UK, you may lodge a complaint with your supervisory authority, but we encourage you to contact us first to resolve the issue efficiently and fairly.

 

  1. Effective Integration

This Privacy Policy forms part of our overall legal framework alongside our Terms of Service and Refund Policy. By using our website or services, you acknowledge and agree to all referenced policies.