Privacy Policy

1. Introduction

Abstriq Technologies Pvt. Ltd. (“Abstriq,” “we,” “our,” or “us”) is an India-based technology services company serving clients in India, the United States, and the European Union. We are committed to protecting your personal data and your right to privacy.

This Privacy Policy explains what information we collect when you visit abstriq.com or use our services, why we collect it, how we use it, and your rights regarding that data.

This policy is designed to be fully compliant with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and India’s Digital Personal Data Protection Act (DPDPA).

2. Information We Collect

We collect the following categories of personal data:

Information You Provide Directly

When you complete our contact form, we collect: your full name, business email address, phone number (optional), company name, project details, budget range, and any message content you submit.

Usage and Analytics Data

We collect anonymized data about how visitors interact with our website, including pages visited, time on site, referral sources, and general geographic region. This data is aggregated and cannot be used to identify any individual.

Cookies

We use three types of cookies: session cookies (essential for site functionality, deleted when you close your browser), preference cookies (remember your settings), and analytics cookies (track anonymized usage patterns to improve our site). See Section 8 for full cookie details.

IP Addresses

IP addresses are collected and immediately anonymized by removing the last octet. We use this solely for geographic analytics and security purposes.

3. How We Use Your Information

We use the information we collect to:

• Respond to your inquiries and service requests in a timely manner
• Send project-related communications and status updates
• Provide the services you have engaged us for under a contract
• Improve our website experience, content, and service offerings
• Send occasional newsletters or product updates (only with your consent)
• Comply with legal obligations and enforce our terms
• Detect and prevent fraud, abuse, and security threats

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

4. Legal Basis for Processing (GDPR)

For individuals in the European Economic Area (EEA) and United Kingdom, we process your personal data under the following legal bases under GDPR:

• Consent (Article 6(1)(a)) — Where you have given us specific, informed consent (e.g., newsletter subscription, analytics cookies).
• Legitimate Interests (Article 6(1)(f)) — To improve our services, prevent fraud, and conduct anonymized analytics. We always balance these interests against your fundamental rights.
• Contractual Necessity (Article 6(1)(b)) — To fulfill our obligations under a service contract with you or your organization.
• Legal Obligation (Article 6(1)(c)) — Where we are required by law to process or retain certain data.

5. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data — ever.

We may share data with the following categories of service providers, all of whom are bound by Data Processing Agreements (DPAs):

• Google Analytics — Anonymized website usage analytics. IP anonymization is enabled. Data stored in the EU.
• Vercel — Website hosting infrastructure. Data processed under a GDPR-compliant DPA.
• Email service providers — For transactional emails (inquiry responses, project communications). We use GDPR-compliant providers.

We may also disclose data when required by law, court order, or governmental authority, or to protect the rights and safety of Abstriq or third parties.

6. Data Retention

We retain personal data only for as long as necessary:

• Contact form submissions — 2 years from the date of submission, unless you become a client.
• Analytics data — 14 months, after which it is automatically deleted from Google Analytics.
• Project and contract data — Duration of the contract plus 3 years, as required for legal and accounting purposes.
• Newsletter subscriptions — Until you unsubscribe.

After retention periods expire, data is securely deleted or anonymized.

7. Your Rights

Depending on your location, you have the following rights regarding your personal data:

• Right to Access — Request a copy of the data we hold about you.
• Right to Rectification — Correct inaccurate or incomplete data.
• Right to Erasure — Request deletion of your personal data (“right to be forgotten”).
• Right to Data Portability — Receive your data in a structured, machine-readable format.
• Right to Restriction — Request that we limit how we process your data.
• Right to Object — Object to processing based on legitimate interests.
• Right to Withdraw Consent — Withdraw any previously given consent at any time.

To exercise any of these rights, email us at hello@abstriq.com with the subject line “Data Rights Request.” We will respond within 30 days (GDPR standard).

8. Cookies Policy

We use the following categories of cookies:

• Essential Cookies — Required for basic website functionality. These cannot be disabled. They include session management and security tokens.
• Analytics Cookies — Help us understand how visitors use our site (Google Analytics, anonymized). You can opt out via our cookie consent banner or Google’s opt-out browser add-on.

We do not use advertising cookies, tracking pixels, or retargeting cookies of any kind. Our cookie consent banner appears on first visit to all EU users and provides granular control.

9. International Data Transfers

Abstriq is headquartered in India and serves clients in the EU, US, and India. When we transfer data internationally, we apply appropriate safeguards:

• EU transfers — We rely on Standard Contractual Clauses (SCCs) as approved by the European Commission, ensuring equivalent GDPR protections.
• US transfers — We apply SCCs and contractual obligations aligned with Privacy Shield successor frameworks.
• India — Processing occurs in compliance with India’s Digital Personal Data Protection Act 2023 (DPDPA).

10. Security Measures

We implement industry-standard technical and organizational security measures:

• HTTPS/TLS encryption for all data in transit
• Data encrypted at rest using AES-256
• Role-based access controls limiting data access to authorized personnel
• Regular security audits and penetration testing
• Multi-factor authentication for all internal systems
• Data breach notification within 72 hours as required by GDPR Article 33

Despite these measures, no transmission over the internet is 100% secure. We encourage you to use strong, unique passwords and to contact us immediately if you suspect unauthorized use of your account.

11. Children’s Privacy

Our services are directed at businesses and professionals. We do not knowingly collect personal data from individuals under the age of 16. If we become aware that we have inadvertently collected data from a minor, we will delete it immediately. If you believe we have collected data from a minor, please contact us at hello@abstriq.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes — those that significantly affect your rights or how we use your data — we will notify you by email (if you are a subscriber or client) at least 14 days before the changes take effect.

Non-material changes (formatting, clarifications) will be updated on this page with a revised “Last updated” date. Continued use of our website or services after the effective date constitutes acceptance of the updated policy.

13. Contact & Data Controller

If you have any questions, concerns, or requests related to this Privacy Policy, please contact our data protection team: