Data &
Privacy

We collect several categories of data, always with a lawful basis under GDPR Article 6:

• ▹Identity & Contact Data: Name, email address, phone number, and professional details provided via contact forms, email correspondence, or contractual agreements. Lawful basis: Contractual necessity or consent.
• ▹Technical & Usage Data: IP address, browser type and version, device identifiers, operating system, referral source, visit duration, page views, and click paths. Lawful basis: Legitimate interest (security, analytics) or consent for non-essential cookies.
• ▹Project & Service Data: Technical specifications, architectural requirements, credentials for deployment environments, and communication history related to client engagements. Lawful basis: Contractual necessity.
• ▹Performance & Telemetry Data: Anonymized Core Web Vitals metrics, error logs, and application performance monitoring (APM) data. Lawful basis: Legitimate interest (service improvement).

We use cookies and similar tracking technologies to enhance your browsing experience. Under the ePrivacy Directive and GDPR, we classify cookies as follows:

You can manage your cookie preferences at any time by clicking the "Cookie Settings" link in the footer of our website.

If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, the GDPR grants you the following rights regarding your personal data:

• 1.Right to Access (Article 15): You have the right to request copies of your personal data. We provide these within 30 days, free of charge for the first request.
• 2.Right to Rectification (Article 16): You may request correction of inaccurate data or completion of incomplete data.
• 3.Right to Erasure (Article 17): Also known as the "Right to be Forgotten." You may request deletion of your personal data where there is no compelling reason for continued processing.
• 4.Right to Restrict Processing (Article 18): You may request that we suspend processing of your personal data.
• 5.Right to Data Portability (Article 20): You may request transfer of your data to another controller in a structured, commonly used, machine-readable format.
• 6.Right to Object (Article 21): You may object to processing based on legitimate interests or direct marketing.

To exercise any of these rights, please contact us at [email protected]. We verify identity before processing such requests to prevent unauthorized data access.

To deliver our services, we engage carefully vetted third-party subprocessors. Each maintains rigorous security certifications:

We do not sell, rent, or trade your personal information to third parties for marketing purposes. All subprocessors are bound by Data Processing Agreements (DPAs) that comply with GDPR Article 28 requirements.

We implement defense-in-depth security measures aligned with OWASP, NIST CSF, and ISO 27001 best practices:

We conduct annual penetration testing by independent security firms and maintain a responsible disclosure program for vulnerability reporting.

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

• ▹Contact form submissions: 24 months from last interaction, then anonymized or deleted.
• ▹Client project data: Duration of contract + 7 years for legal/tax compliance, then securely purged.
• ▹Analytics data: 26 months (Google Analytics default), then automatically deleted.
• ▹Server logs: 90 days for security monitoring, then purged.

When data is no longer needed, we use NIST 800-88 compliant deletion methods (cryptographic erasure for encrypted data, secure overwriting for unencrypted media).

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child under 16, we will delete such information promptly upon discovery.

If you believe we might have information from or about a child, please contact us immediately at [email protected].

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or service offerings. When we make material changes, we will:

• ▹Update the "Last Updated" date at the top of this policy.
• ▹Notify registered users via email at least 30 days before material changes take effect.
• ▹Display a prominent notice on our website for the first 7 days after an update.

We encourage you to review this policy periodically. Continued use of our services after changes constitutes acceptance of the revised policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:

If you are located in the European Union and believe we are processing your personal data in violation of GDPR, you have the right to lodge a complaint with your local supervisory authority.