Privacy Policy

ByteOrb Technologies (Private) Limited is a software development company incorporated under the Companies Act, 2017 (XIX of 2017) of Pakistan, registered with the Securities and Exchange Commission of Pakistan (SECP). Our registered office is in Islamabad, Pakistan.

ByteOrb is the data controller responsible for your personal data collected through this website. For questions about this policy, data requests, or privacy concerns, contact us at [email protected].

We collect minimal information, limited to what you provide directly:

• ·Contact form submissions — your name, email address, and message content when you reach out through our website.
• ·Booking information — your name, email, and scheduling preferences when you book a consultation through Cal.com.

We do not collect financial information, government identifiers, or sensitive personal data through this website.

We use the information you provide solely to:

• ·Respond to your inquiries and messages
• ·Schedule and conduct consultations you request
• ·Communicate about projects or services you have engaged us for

We do not use your information for marketing, profiling, automated decision-making, or any purpose beyond what is described here. We will never sell or rent your personal information to third parties.

Lawful basis: We process your data based on your consent (when you voluntarily submit a contact form or book a consultation) and our legitimate interest in responding to your inquiries and providing the services you request. You may withdraw consent at any time by contacting us.

Our website uses a limited number of third-party services. Each processes data according to their own privacy policies:

• ·Cloudflare — provides hosting, CDN, and web analytics. Cloudflare Web Analytics does not collect or use visitors' personal data and does not use cookies for analytics. Cloudflare may set security cookies (such as __cf_bm) to identify trusted traffic. Cloudflare Privacy Policy
• ·Cal.com — handles consultation scheduling. When you book a call, Cal.com processes your name, email, and scheduling data. Cal.com is SOC 2 Type II, ISO 27001, and GDPR compliant. Cal.com Privacy Policy
• ·Resend — delivers emails from our contact form. Resend processes the email content necessary for delivery. Resend Privacy Policy

We do not use Google Analytics or any other tracking or advertising services.

This website does not set its own cookies. However, third-party services integrated into the site may set cookies served from our domain or their own:

• ·Cloudflare may set security cookies (such as __cf_bm) on our domain to distinguish trusted traffic from bots. These are functional cookies, not used for tracking or advertising.
• ·Cal.com may set cookies when the booking widget loads, necessary for the scheduling functionality to work.

You can control cookies through your browser settings. Disabling cookies may affect the functionality of the booking system.

Contact form submissions are delivered to us via email through Resend. We do not store your data in a separate database. Booking data is stored by Cal.com on their infrastructure.

Retention: Contact form emails are retained in our inbox for the duration of the business relationship or inquiry, and no longer than 12 months after the last communication unless a longer retention is required for an active project engagement. Booking data is retained by Cal.com according to their retention policies.

Security measures: We protect the information you provide through:

• ·HTTPS/TLS encryption for all data in transit
• ·Access controls limiting who within our team can view your data
• ·Selection of third-party providers with documented security certifications (SOC 2, ISO 27001)
• ·Regular review of access permissions and security practices

Breach notification: In the event of a data breach affecting your personal information, we will notify affected individuals within 72 hours of becoming aware of the breach, in accordance with GDPR requirements. We will also notify relevant authorities as required by applicable law.

Regardless of where you are located, you have the right to:

• ·Request access to any personal data we hold about you
• ·Request correction of inaccurate data
• ·Request deletion of your data
• ·Withdraw consent for data processing at any time

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

Our third-party service providers may process data outside of Pakistan. Specifically:

• ·Cloudflare operates a global CDN and may process data in multiple jurisdictions
• ·Cal.com processes booking data on infrastructure primarily located in the United States and EU
• ·Resend processes email delivery data on US-based infrastructure

Each of these providers maintains data processing agreements and compliance certifications (including GDPR compliance) that provide safeguards for cross-border data transfers. We have reviewed these agreements and are satisfied that they provide adequate protection for your data.

If you are located in the European Union, European Economic Area, or the United Kingdom, your data may be transferred to servers outside your jurisdiction. The legal mechanisms for these transfers include Standard Contractual Clauses (SCCs) maintained by our service providers.

If you are located in the EU or EEA, you have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability, the right to restrict processing, and the right to lodge a complaint with your local data protection authority.

Our legal basis for processing your data is your consent (when you submit a contact form or book a consultation) and our legitimate interest in responding to your inquiries.

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information, including the right to know what data we collect, the right to delete it, and the right to opt out of the sale of personal information.

We do not sell personal information. To exercise your rights under the CCPA, contact us at [email protected].

Our website and services are not directed at individuals under the age of 18, in line with the age of majority under Pakistani law. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

We may update this policy from time to time. Changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

This privacy policy is governed by the laws of Pakistan. The right to privacy is recognized as a fundamental right under Article 14 of the Constitution of Pakistan. The Prevention of Electronic Crimes Act (PECA) 2016 provides the current statutory framework for electronic data protection in Pakistan.

Pakistan's Personal Data Protection Bill, 2023 (PDPB) has been approved by the Federal Cabinet and is pending passage by Parliament. While the PDPB is not yet enacted into law, this policy has been drafted to align with its principles and requirements where practical, including data minimization, purpose limitation, and individual rights. We will update this policy to reflect the PDPB once it is enacted.

Where applicable, we also comply with the requirements of the General Data Protection Regulation (GDPR) for users in the EU/EEA, and the California Consumer Privacy Act (CCPA) for California residents.