Privacy Policy

This Privacy Policy describes how Digitract LLC ("Digitract", "we", "us", or "our") collects, uses, and protects information submitted through our website at digitract.io. This policy applies to all visitors and prospective clients of Digitract. All client projects delivered by Digitract are covered by a non-disclosure agreement (NDA) as standard practice.

1. Who We Are

Digitract LLC is a fintech engineering company registered in Saint Vincent and the Grenadines, with operational offices in the United Kingdom. For all data protection enquiries, please contact us at [email protected].

Our full registered address is: Digitract LLC, Suite 305, Griffith Corporate Centre, Beachmont, P.O. Box 1510, Kingstown, Saint Vincent and the Grenadines.

2. Information We Collect

We collect personal information only when you voluntarily submit it through our contact form. This includes:

• Your first and last name
• Business email address
• Phone number (optional)
• Company name and country of operation
• Services of interest, budget range, and project timeline
• Project overview and description provided in the message field
• How you heard about us (optional)

We do not use third-party analytics or tracking technologies on this website. We do not collect IP addresses, browser fingerprints, or behavioural data. We do not place advertising cookies or third-party tracking pixels of any kind. The only client-side storage we use is a short-lived session token to enforce rate-limiting on our contact form (see our Cookie Policy).

3. How We Use Your Information

We process information you submit through the contact form for the following purposes only:

• Responding to your enquiry — to address questions, prepare proposals, and conduct project scoping conversations
• Service delivery — if your enquiry leads to a contractual engagement, to deliver agreed engineering services under a mutually signed NDA
• Legal compliance — to comply with applicable laws and lawful regulatory requests

We do not use your information for marketing, advertising, profiling, or automated decision-making.

4. Legal Basis for Processing

We process your personal data on the following legal grounds:

• Consent — when you voluntarily submit our contact form
• Contract performance — to deliver services under a written engagement contract
• Legitimate interest — to respond to genuine business enquiries directed at us
• Legal obligation — where required by applicable law

5. Confidentiality and NDA Coverage

All active client engagements with Digitract are covered by a mutually signed non-disclosure agreement before any confidential business, technical, or project information is exchanged. Information shared through our contact form is treated with the same confidentiality standards applied to active engagements. Our internal team operates under strict confidentiality obligations as a condition of employment.

6. How We Receive Your Form Submission

Form submissions are transmitted to our own server infrastructure or edge worker deployed under our control. We do not route your enquiries through third-party form-processing services. Standard server access logs may be retained for short periods for operational and security purposes.

7. Information Sharing

Digitract LLC does not sell, rent, or trade your personal information. We share your information only in the following limited circumstances:

• With the email infrastructure providers required to deliver your message to our inbox
• To comply with legal obligations, court orders, or lawful government requests
• To protect our rights, safety, or property where necessary

8. Data Retention

We retain enquiry submissions only as long as necessary for the purposes outlined above. Enquiries that do not progress to a contractual engagement are typically retained for up to 24 months from the date of submission, after which they are deleted from our active systems.

9. GDPR — Your Rights

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with comparable data protection law, you have the following rights regarding the personal data you have submitted to us:

• Right of access — request a copy of the data we hold about you
• Right of rectification — request correction of inaccurate data
• Right to erasure — request deletion of your personal data ("right to be forgotten")
• Right to restriction — request that we limit our processing of your data
• Right to data portability — receive your data in a machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — at any time, where processing is based on your consent
• Right to lodge a complaint — with the data protection supervisory authority in your jurisdiction

To exercise any of these rights, contact us at [email protected]. We will respond to verified requests within 30 days. There is no automated decision-making or profiling performed on your data.

10. Data Security

Digitract takes data security seriously. The technical measures applicable to your form submission include:

• TLS encryption for all data transmitted between your browser and our server
• Strict Content Security Policy (CSP) headers to prevent code injection attacks
• X-Frame-Options, X-Content-Type-Options, and Referrer-Policy headers
• Permissions-Policy disabling geolocation, microphone, and camera access
• Client-side and server-side input validation and sanitisation on all form fields
• Honeypot field and rate-limiting to prevent automated form abuse
• Same-origin CSRF defence on form submissions
• Restricted, audited access to the inboxes that receive enquiries

11. International Data Transfers

Because we operate across multiple jurisdictions, your data may be transferred internationally. Where such transfers occur, we rely on appropriate safeguards (such as Standard Contractual Clauses where required) to maintain protection of your data.

12. Cookies

This website uses one minimal session-only client-side storage entry for form rate-limiting. We do not use third-party tracking cookies, advertising cookies, or analytics cookies. Full details are in our Cookie Policy.

13. Children's Privacy

Our services are intended for business users. We do not knowingly collect personal information from individuals under 16. If you believe we have inadvertently received such information, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page indicates the most recent revision. We encourage you to review this policy periodically.

15. Contact Us

For any questions or requests regarding this Privacy Policy or your personal data, please contact us:

• Email: [email protected]
• Security matters: [email protected]
• Postal address: Digitract LLC, Suite 305, Griffith Corporate Centre, Beachmont, P.O. Box 1510, Kingstown, Saint Vincent and the Grenadines