Legal

Privacy Policy

Last updated: January 15, 2025

Summary: We collect only what we need, we never sell your data, we store it securely, and you can ask us to delete it at any time. The full policy is below.

1. Information We Collect

We collect information you provide directly, such as name, email address, company name, and any details shared through our contact form or project enquiries. We also automatically collect limited technical data such as browser type, pages visited, and session duration through analytics tools (no personally identifiable data is stored in analytics). We do not use third-party advertising trackers.

2. How We Use Your Information

We use the information we collect to: respond to your enquiries and provide the services you have requested; send project updates and communications related to active engagements; improve our website and service offerings based on aggregated usage patterns; comply with legal obligations. We do not sell, rent, or trade your personal information to third parties.

3. Legal Basis for Processing

Where applicable under GDPR and similar regulations, we process your data on the following lawful bases: (a) Contract — processing necessary to provide services you have engaged us for; (b) Legitimate Interests — improving our services and communicating with prospective clients; (c) Consent — where you have given explicit consent, such as subscribing to our newsletter. You may withdraw consent at any time.

4. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy or as required by law. Enquiry data is retained for up to 24 months. Client project data is retained for 7 years for financial and legal compliance. You may request deletion at any time (subject to legal retention obligations).

5. Data Security

We implement industry-standard security practices including TLS encryption in transit, AES-256 encryption at rest, access controls, and regular security audits. While we take every reasonable precaution, no method of transmission over the internet is 100% secure. We will notify you promptly in the event of a data breach as required by applicable law.

6. Your Rights

Depending on your jurisdiction, you may have the right to: access the personal data we hold about you; correct inaccurate data; request deletion of your data ("right to be forgotten"); object to or restrict processing; request data portability; lodge a complaint with a supervisory authority. To exercise any of these rights, contact us at support@smallshark.co.

7. Cookies

Our website uses strictly necessary cookies for session management and optional analytics cookies (Google Analytics, anonymised). You can control cookie preferences via your browser settings. We do not use cookies for advertising or cross-site tracking purposes.

8. Third-Party Services

We may use trusted third-party processors (e.g., cloud hosting providers, payment processors) that comply with GDPR and similar regulations. We maintain data processing agreements with all processors and conduct due diligence on their security practices.

9. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a prominent notice on our website or sending you an email. The date of the most recent update is shown at the top of this page.

Contact Our Privacy Team

For privacy-related enquiries or to exercise your data rights, contact us at support@smallshark.co or write to SmallShark IT, 123 Tech Avenue, Suite 400, San Francisco, CA 94107.