Privacy Policy

This Privacy Policy explains how Orkanza ([TODO: legal entity name], "Orkanza", "we", "us", or "our") collects, uses, shares, and protects information about you when you visit orkanza.com (the "Site") or engage us for automation, rapid development, or related professional services (the "Services").

By using the Site or Services you confirm that you have read and understood this Policy. If you do not agree, please do not use the Site or Services.

The data controller responsible for your personal information is:

• [TODO: legal entity name]
• Registered address: [TODO: full registered address]
• Privacy contact: privacy@orkanza.com
• Data Protection Officer (if applicable): [TODO: DPO name / email]

We collect information in the following ways:

3.1 Information you provide directly

• Quote & contact forms — name, work email, company, phone (optional), country, project description, budget range, timeline, and any other details you choose to include.
• Engagement communications — messages, attachments, credentials shared during onboarding (handled per the Confidentiality section of our Terms), and meeting notes.
• Marketing subscriptions — your email address if you subscribe to our newsletter or content updates.

3.2 Information collected automatically

• Technical data — IP address, browser type and version, device type, operating system, time-zone, referring URL, pages viewed, and timestamps.
• Cookies and similar technologies — see Section 7 below.
• Analytics — aggregated, pseudonymous usage data from providers such as [TODO: list analytics providers, e.g. Plausible, Vercel Analytics, Google Analytics].

3.3 Information from third parties

• Publicly available information from business directories, your company website, or professional networks (e.g. LinkedIn) used to research your organisation prior to a sales call.
• Information from integrated tools you authorise during an engagement (e.g. HubSpot, Shopify, Google Workspace) — only the scopes you grant.

We use personal information for the following purposes:

• To respond to quote requests, enquiries, and support messages.
• To deliver the Services you engage us for and to manage our relationship with you.
• To send transactional communications about active engagements.
• To send marketing communications where you have opted in, with the ability to unsubscribe at any time.
• To improve the Site, the Services, and our content based on aggregated usage.
• To comply with legal, tax, accounting, and regulatory obligations applicable in [TODO: governing jurisdiction].
• To detect, prevent, and respond to fraud, abuse, or security incidents.

Where the GDPR or UK GDPR applies, we rely on one or more of the following legal bases:

• Performance of a contract — to deliver the Services or take steps at your request before entering into a contract.
• Legitimate interests — to operate, secure, and improve our business (balanced against your rights).
• Consent — for non-essential cookies and marketing communications, which you can withdraw at any time.
• Legal obligation — for record-keeping, accounting, and regulatory compliance.

We do not sell personal information. We share it only with:

• Service providers (processors) who help us operate the business — hosting, email, CRM, analytics, accounting, and customer support. Each is bound by a written data-processing agreement and may only use your data on our instructions.
• Professional advisors — lawyers, accountants, auditors — under duties of confidentiality.
• Authorities — where required by law, court order, or to protect our legal rights, users, or the public.
• Corporate transactions — in connection with a merger, acquisition, or sale of assets, subject to confidentiality and continued protection.

We use a small number of strictly necessary cookies to operate the Site, and, subject to your consent where required, analytics cookies to understand aggregate usage. You can refuse non-essential cookies via your browser settings or our cookie banner.

A detailed cookie list is maintained at [TODO: link to /cookies or in-page cookie list].

• Quote / contact form submissions: up to 24 months from last contact, unless you become a client.
• Client records: for the duration of the engagement and then for the period required by tax / accounting law in [TODO: governing jurisdiction](typically 6–10 years).
• Marketing subscriptions: until you unsubscribe, after which we keep a suppression record so we do not contact you again.
• Server logs and analytics: up to 14 months in aggregated form.

Some of our service providers operate outside your country of residence. When we transfer personal data internationally, we use lawful transfer mechanisms (such as the European Commission's Standard Contractual Clauses or the UK IDTA) and apply additional safeguards where appropriate.

Subject to applicable law, you have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Request deletion of your information ("right to be forgotten").
• Restrict or object to certain processing.
• Withdraw consent at any time without affecting prior lawful processing.
• Data portability — receive your data in a structured, machine-readable format.
• Lodge a complaint with your supervisory authority (e.g. the ICO in the UK, or your national DPA in the EU).

To exercise any of these rights, email privacy@orkanza.com. We will respond within 30 days.

We apply organisational and technical safeguards including access controls, encryption in transit, least-privilege principles, vetted sub-processors, and regular review of security practices. No system is perfectly secure; if you believe your account or our systems have been compromised, contact us immediately at security@orkanza.com.

The Services are intended for businesses and are not directed to children under 16. We do not knowingly collect personal information from children.

We may update this Policy from time to time. Material changes will be highlighted on this page and, where appropriate, communicated to you by email. The "Last updated" date at the top of the page reflects the most recent revision.

For any questions about this Policy or our handling of your data:

• Email: privacy@orkanza.com
• Post: [TODO: postal address for privacy correspondence]