← Back to home
§ Privacy Policy

Plain‑English privacy.

We’re a two-person studio in Denver. We don’t sell anything to anyone, we don’t run ads, and we collect only what we need to do our job. Here’s the long version, in plain English.

EffectiveMay 1, 2026
Applies tolarkspur.digital & sites we host

i. Who we are

Larkspur Digital(“Larkspur,” “we,” “us,” “our”) is a website-design studio based in Denver, Colorado that designs, builds and maintains websites for restaurants. This policy explains what we do with personal information when you visit our website at larkspur.digital, contact us, or work with us as a client.

If you’re a guest of one of our client restaurants and you’re looking for that restaurant’s privacy policy, please contact the restaurant directly — this policy only covers Larkspur’s own site and operations.

ii. What we collect

We try to collect as little as possible. In practice, we may have:

  • Contact information you give us. Your name, restaurant name, email address, phone number, and anything else you tell us when you fill out a form, send us an email, or talk to us in person.
  • Project information. Photos, menus, hours, links to your existing accounts (Toast, Resy, Google Business, etc.), and other things you share so we can build and maintain your site.
  • Account credentials and API keysfor the systems you ask us to connect (your POS, reservations platform, Google Business profile, email tool, etc.). We need to keep these for as long as your website is live so the integrations keep working — if we lose them, your site stops syncing. They’re stored encrypted in a managed secrets vault and only the people working on your account can access them.
  • Basic web analytics when you visit larkspur.digital: pages visited, approximate region, device type, and referring site. We use privacy-respecting analytics that does not track individuals across sites and does not use third-party cookies.
  • Billing informationhandled by our payment processor (Assembly, which uses Stripe to process card payments). We don’t see or store full card numbers ourselves.
We collect your contact info, the materials you share with us to build your site, the API keys we need to keep your integrations running, and basic anonymous web stats. That’s it. No ad tracking. No selling data. Ever.

iii. How we use it

We use information for the obvious things and nothing else:

  • To reply to your enquiries and proposals.
  • To design, build, launch, and maintain your website.
  • To integrate your website with the systems you’ve asked us to connect (your POS, reservations platform, Google Business profile, etc.).
  • To send you invoices and receive payment.
  • To send you occasional, relevant emails about your project. We don’t run a marketing list.
  • To improve our own website — reading anonymous analytics to see what’s working.

iv. Who we share it with

We never sell your personal information. We share information only with the service providers we need to do our work, and only the minimum required:

  • Hosting & infrastructure— the companies that physically run our servers and your site (e.g. Vercel, Cloudflare, AWS).
  • Email & communication— the providers we use to email you (e.g. Google Workspace).
  • Payments— our payment processor, Assembly (which uses Stripe to handle the actual card processing).
  • Integrations you ask us to set up— e.g. your Toast account, your Resy account, your Google Business profile. We share only what’s needed for the integration to work.
  • Required by law.If we receive a valid legal request, we comply — but we’ll push back where we can and tell you when we’re allowed to.

v. Cookies and tracking

larkspur.digital uses a small number of strictly-necessary cookies (to remember things like your accessibility preferences). We do not use advertising cookies, behavioural-tracking cookies, or third-party tracking pixels. We do not use Google Analytics. If we ever add analytics, it’ll be a privacy-respecting tool (such as Plausible or Fathom) that doesn’t track individuals across sites.

No ad tracking. No Facebook pixel. No retargeting. If your browser’s “Do Not Track” is on, we honour it.

vi. How long we keep it

We hold project information for as long as you’re a client, plus a reasonable archive period afterwards (typically two years) in case you come back. Account credentials and API keys for third-party systems are kept — encrypted in our secrets vault — for the life of your website, because we need them for the integrations to keep working; if you end your service with us, we delete them within 30 days unless you ask us to hand them back to you first. Billing records are kept as long as the law requires (typically seven years in the U.S.).

You can ask us to delete your information at any time. We’ll do it within 30 days, except where we’re legally required to keep something (like a tax record).

vii. Your rights

Wherever you live, you have the right to:

  • Know what personal information we have about you.
  • Correctanything that’s wrong.
  • Delete your information (subject to the limits above).
  • Take it with you— we’ll export your project files and data if you move on.
  • Opt out of any non-essential email at any time.

Email hello@larkspur.digital with any of these requests. We’ll get back to you within a few business days.

If you’re in California, the CCPA gives you specific rights including the right to know, the right to delete, and the right to opt out of any “sale” of personal information (we don’t sell personal information). If you’re in the EU or UK, the GDPR/UK-GDPR give you similar rights including the right to lodge a complaint with your local data protection authority.

viii. Security

We use industry-standard security practices: HTTPS everywhere, encrypted storage, strong passwords with two-factor authentication, and the principle of least privilege when it comes to who can access what. No system is perfectly secure, but we treat the data you share with us the way we’d want our own treated.

If we ever discover a data breach that affects you, we’ll tell you as quickly as we can — in plain language, with what happened, what’s affected, and what we’re doing about it.

ix. Children

Larkspur Digital is a business-to-business service. Our website and services are not directed to children under 13 (or under 16 in the EU), and we don’t knowingly collect personal information from them. If you believe a child has provided us with information, please email us and we’ll delete it.

x. Changes to this policy

If we change this policy in a material way, we’ll update the “Effective” date at the top and, if you’re a current client, email you about the change. The latest version is always at larkspur.digital/privacy.

xi. Contact

Questions about this policy, or about how we handle your information? Email us.

This document is provided for informational purposes and does not constitute legal advice. Before relying on it for any specific situation, please consult an attorney licensed in your jurisdiction.

© 2026 Larkspur Digital · Denver, Colorado