Sitefiy ("Sitefiy," "we," "us," or "our") respects your privacy. This policy explains what personal data we collect, why we collect it, how it is used, and your rights over it. We will never sell your data to third parties.
Who we are
Sitefiy is a digital product studio incorporated in India, with its registered office at Ardente Office One, Hoodi,Bangalore - 560048. We design and build websites, web applications, mobile apps, and digital experiences for clients worldwide.
This Privacy Policy applies to information collected via our website at Sitefiy, through our client onboarding processes, via email and communication channels, and during the delivery of our professional services. By accessing our website or engaging our services, you agree to the terms described herein.
Information collected
We collect information in two ways: data you provide directly to us, and data collected automatically when you visit our website.
| Category | Examples | Source |
|---|---|---|
| Identity Data | Name, job title, company name | Contact forms, calls |
| Contact Data | Email address, phone number, WhatsApp ID | Contact forms, email |
| Project Data | Brief descriptions, budgets, requirements, files shared | Intake forms, meetings |
| Financial Data | Invoice details, payment references (no card data stored) | Agreements, invoices |
| Technical Data | IP address, browser type, OS, referrer URL | Analytics, server logs |
| Usage Data | Pages visited, session duration, click paths | Analytics tools |
| Communication Data | Email/chat history, meeting notes, feedback | Correspondence |
We do not collect sensitive personal data (health, biometric, political, or religious data). We do not store payment card numbers - all payments are processed via third-party gateways (Razorpay / Stripe) subject to their own privacy policies.
Purpose of processing
- To respond to enquiries and provide pre-sales consultation
- To onboard clients and deliver contracted services
- To send project updates, invoices, and legal documents
- To improve our website experience and identify technical issues
- To comply with applicable Indian laws, tax regulations, and legal obligations
- To send marketing communications where you have given consent (opt-out any time)
- To protect against fraud, abuse, and unauthorised access
We rely on the following legal bases: Contract performance (fulfilling our service agreement), Legitimate interest (improving our services, fraud prevention), Legal obligation (tax, regulatory compliance), and Consent (marketing emails).
Who sees your data
We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:
| Recipient | Reason |
|---|---|
| Sub-contractors | Vetted freelancers/partners bound by NDA who assist on your project |
| Payment processors | Razorpay / Stripe - for secure payment processing only |
| Cloud infrastructure | AWS / GCP / Vercel - for hosting client deliverables and our own systems |
| Analytics providers | Google Analytics (anonymised) - website performance insights |
| Legal / regulators | When required by law, court order, or government authority |
Cookies & tracking
Our website uses cookies - small text files placed on your device. Here is what we use and why:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Core website functionality, security | Session |
| Performance | Google Analytics - anonymised traffic data | Up to 2 years |
| Preference | Remembering your settings (e.g. reduced motion) | 1 year |
| Marketing | Only if you opt in; remarketing via Google / Meta | 90 days |
You can manage cookie preferences via your browser settings. Blocking strictly necessary cookies may impair website functionality. For Google Analytics opt-out, visit Google's opt-out page.
How long we keep it
We retain personal data only as long as necessary for the purpose it was collected, or as required by law:
| Data Type | Retention Period |
|---|---|
| Project & contract records | 7 years (Indian Companies Act requirement) |
| Financial / invoice records | 8 years (GST and tax compliance) |
| Enquiry / contact form data | 2 years from last interaction |
| Marketing consent records | Until consent is withdrawn + 1 year |
| Website analytics (anonymised) | 26 months |
| Server access logs | 90 days |
How we protect your data
- All data transmitted over TLS 1.3 encryption
- Data at rest encrypted using AES-256
- Access to client data restricted to named team members on a need-to-know basis
- Multi-factor authentication enforced on all internal systems
- Annual third-party security audits of our infrastructure
- All sub-contractors and staff sign confidentiality agreements
- Incident response plan in place; we will notify you within 72 hours of any confirmed breach affecting your data
Control over your data
Under the Digital Personal Data Protection Act 2023 (India) and, where applicable, the GDPR (UK/EU clients), you have the following rights:
To exercise any right, email privacy@Sitefiy. We will respond within 30 days. Identity verification may be required before we can act on a request.
Cross-border data flows
As a studio serving global clients, some of your data may be processed outside India - for example, on cloud servers located in the EU or USA. When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required by GDPR, and data processing agreements with all third-party processors.
UK and EU clients: Sitefiy's London partner office serves as a point of contact for EU/UK data protection matters. Transfers from the EEA to India are conducted under Article 46 GDPR mechanisms.
Under 18s
Our website and services are directed at business professionals and are not intended for children under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently received data from a minor, please contact us immediately at privacy@Sitefiy and we will delete it promptly.
Keeping you informed
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. For material changes, we will notify existing clients directly via email at least 14 days before the change takes effect. Continued use of our website or services after any update constitutes acceptance of the revised policy.
Privacy enquiries
For any questions, requests, or concerns regarding this policy or our data practices, please reach out to our Privacy team:
If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Board of India (for Indian residents) or your relevant supervisory authority (for EU/UK residents).