Privacy is a design decision not a checkbox.

1. Who we are

SiteDiv (“we,” “us,” “our”) is a digital agency headquartered in Lahore, Pakistan, working with clients worldwide — primarily in the United States, the United Kingdom, and Australia. This Privacy Policy explains what we do with information that visitors, prospects, and clients share with us through this website (sitediv.com), our contact and quote forms, our WhatsApp chat widget, and our email correspondence.

2. Information we collect

2.1 Information you give us directly

• Contact details — name, email address, phone number, company name, country.
• Project information — project type, budget range, timeline, current website URL, and the brief you submit through our quote form.
• Communications — emails you send us, WhatsApp messages, call recordings only when you explicitly consent.
• Billing details — if you become a client, we collect what is necessary to invoice (legal entity name, billing address, tax ID where applicable). We do not store credit card numbers; payment is processed directly by Stripe, our payment processor.

2.2 Information collected automatically

• Cookies & analytics — we use Google Analytics 4 to understand which pages are read and which content drives inquiries. Analytics data is anonymized and retained for 14 months.
• Server logs — our hosting provider records IP addresses, user-agent strings, and request timestamps for security and abuse prevention. Logs are retained for 30 days.
• Cookies we set — a single first-party cookie tracks whether you have dismissed the cookie banner. We do not use cookies for advertising or cross-site tracking.

2.3 Information from third parties

If you connect to us through LinkedIn or refer to us via a partner (Upwork, Clutch, etc.), we receive limited profile data necessary to identify the introduction. We do not buy contact lists or scrape email addresses.

3. How we use your information

• To respond to your inquiry and provide a written quote within one business day.
• To deliver the services we have agreed to in your signed Statement of Work.
• To invoice you and process payment.
• To maintain a record of our engagement (legal, accounting, tax).
• To improve our services — aggregated, anonymized analytics only.
• To send you transactional updates about your active project.
• If you opt-in: occasional case-study or article notifications. You can unsubscribe at any time via the link in any such email.

We do not: sell personal information, share it with advertisers, or use it for automated decision-making that produces legal effects.

4. Legal bases (GDPR / UK GDPR users)

Where European or UK data-protection law applies, we rely on the following legal bases:

• Contract — to perform the services you have engaged us for.
• Legitimate interest — to respond to your inquiries and to maintain the security of our website.
• Consent — for marketing communications, which you can withdraw at any time.
• Legal obligation — for tax, accounting, and audit records we are required to keep.

5. Sharing & sub-processors

We share your information with the following categories of trusted third parties only as needed to operate our business:

• Hosting & infrastructure: Hostinger, Kinsta, Cloudflare, Vercel.
• Email & calendar: Google Workspace.
• Project management: Notion, Slack, Linear.
• Payment processing: Stripe (PCI-DSS compliant; we never see your card number).
• Analytics: Google Analytics 4, with IP anonymization enabled.
• Communication: WhatsApp Business (Meta), email.
• Accounting & tax: our chartered accountant and the relevant tax authorities as required by law.

We do not transfer client project data outside this list of sub-processors. If we add a new sub-processor that meaningfully affects your data, we will update this policy.

6. International transfers

Our primary operations are in Pakistan, with cloud infrastructure (hosting, email, project management, analytics) located in the European Union and the United States, depending on the provider. Personal information may therefore be processed in any of these locations. For European and UK clients we rely on the standard contractual clauses (SCCs) and supplementary measures — including encrypted-at-rest project storage, access controls, and named-employee data handling logs — to ensure an equivalent level of protection. For US clients we maintain comparable controls and are happy to sign a separate data-processing agreement on request.

7. How long we keep your information

• Inquiry data (no engagement): 18 months after last contact, then deleted.
• Active client data: retained for the duration of the engagement.
• Past client records: 7 years after final invoice (statutory tax-record requirement). Project deliverables stored encrypted, access-restricted to the partner who led the engagement.
• Marketing list (opt-in): until you unsubscribe.
• Server & security logs: 30 days.
• Backups: rolling 30 days, then overwritten.

8. Your rights

Wherever you live, you can:

• Ask what personal information we hold about you and request a copy.
• Ask us to correct information that is inaccurate.
• Ask us to delete information we no longer need to keep (subject to legal retention requirements above).
• Object to or restrict processing in some circumstances.
• Withdraw consent for any opt-in marketing.
• Lodge a complaint with your local data-protection authority. EU residents can contact their national DPA; UK residents can contact the ICO; California residents have rights under the CCPA/CPRA.

To exercise any of these rights, email hello@sitediv.com. We will respond within 30 days.

9. California residents (CCPA / CPRA)

We do not “sell” or “share” personal information as defined under the California Consumer Privacy Act. California residents have the right to know what we collect, request deletion, and not be discriminated against for exercising those rights. Email us using the address above to make a verifiable consumer request.

10. Children

This website is not directed to children under 16. We do not knowingly collect information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

11. Security

We use industry-standard technical and organisational measures to protect personal information — HTTPS everywhere, encrypted-at-rest storage, two-factor authentication on all admin accounts, principle-of-least-privilege access, regular security reviews. No system is perfectly secure; if we discover a breach affecting your personal information, we will notify you within 72 hours of becoming aware of it.

12. Changes to this policy

We may update this Privacy Policy from time to time. The “Effective” date at the top of this page reflects the latest version. For material changes, we will email active clients and post a notice on the homepage for at least 14 days.

13. Contact

Questions about this policy or how we handle personal information? Email hello@sitediv.com or use the contact form. We respond within one business day, usually within four hours.