Data privacy policy
This policy describes how we approach data privacy when delivering services. It is not legal advice and should be adapted to your actual delivery and contracts.
- Principle: collect and process the minimum data required to deliver the agreed service.
- Access control: least privilege; access is time-bound and logged where practical.
- Confidentiality: client data is treated as confidential and is not shared outside the project context.
- Secure handling: use encrypted channels, secure storage, and avoid copying production data unless required.
- Sub-processors: we may rely on infrastructure providers (e.g. email/hosting) to deliver services; these should be documented per engagement.
- Retention: project artifacts and data are retained only as needed for delivery, support, and legal obligations, then deleted/returned.
- Incident response: security/privacy incidents are handled promptly with containment, communication, and corrective actions.