1. Who we are (Data Controller)
Shakvaro (“we”, “us”, “our”) is the controller of personal data described in this policy. We're an engineering studio based at Chattogram, Bangladesh.
- General contact: support@shakvaro.com
- Privacy & data-subject requests: privacy@shakvaro.com
- Site: https://shakvaro.com
2. EU & UK representative (Art. 27 GDPR)
Because we're established outside the EU and UK, we appoint representatives so EU and UK residents have a local point of contact for data-protection matters.
- EU representative: TBD, to be appointed (Art. 27 GDPR)
- UK representative: TBD, to be appointed (Art. 27 UK GDPR)
You may also contact your local supervisory authority directly (see Section 9).
3. What we collect
- Contact details you submit through our forms, name, email, optional phone, message.
- Project information you share with us during scoping, delivery, and support engagements.
- Technical data automatically captured by our hosting and analytics providers, IP address, browser, referrer, pages viewed, approximate location.
- Cookies & similar storage, only strictly necessary by default; analytics and other categories load only after your consent (see Section 7).
- Consent records, choices you make in our cookie banner are stored in a first-party cookie and logged on our server (event, choices, hashed IP, country, user-agent) for 3 years to satisfy our Art. 7(1) burden of proof.
4. Why we use it (purposes & legal bases, Art. 6 GDPR)
| Purpose | Legal basis |
|---|---|
| Reply to enquiries; deliver services you engage us for | Art. 6(1)(b), steps prior to a contract / contract performance |
| Optional analytics and session replay | Art. 6(1)(a), your consent (withdrawable at any time) |
| Site security, anti-fraud, abuse prevention | Art. 6(1)(f), legitimate interests |
| Legal, accounting, and tax record-keeping | Art. 6(1)(c), legal obligation |
We do not sell personal data and do not use it for automated decisions that legally affect you.
5. Who else processes your data (Sub-processors)
We use a small set of vetted vendors to run the business. Each is bound by their own data-protection commitments (DPAs and Standard Contractual Clauses where applicable).
| Provider | Purpose | Location | Documents |
|---|---|---|---|
| Vercel Inc. | Website hosting, CDN, edge runtime, request logs, Sign in with Vercel | United States (global edge) | Privacy · DPA |
| Google LLC | Google Analytics 4, Google Workspace (email), Sign in with Google (One Tap) | United States | Privacy · DPA |
| LinkedIn Corporation | Sign in with LinkedIn (OIDC), identity capture for inquiries | United States | Privacy · DPA |
| Cal.com Inc. | Meeting scheduling and booking confirmations (EU-hosted via cal.eu) | European Union | Privacy · DPA |
| Microsoft Corporation | Microsoft Clarity (session replay & heatmaps) | United States | Privacy · DPA |
| Resend, Inc. | Transactional email delivery for contact form submissions | United States | Privacy · DPA |
| GitHub, Inc. | Source code hosting (no end-user personal data) | United States | Privacy · DPA |
6. International transfers
Our hosting and tooling vendors operate primarily in the United States and globally. Where we transfer EU/UK personal data outside the EEA/UK, we rely on the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, supplemented by transfer impact assessments where appropriate. Bangladesh is not currently the subject of an EU adequacy decision.
7. Cookies & similar technologies
On your first visit you'll see a cookie banner. Until you make a choice, only strictly necessary cookies load and Google Consent Mode v2 signals all storage as denied. You can change your choices at any time using the “Cookie settings” link in the footer.
| Cookie | Provider | Category | Lifetime | Purpose |
|---|---|---|---|---|
| c15t-consent | Shakvaro | necessary | 1 year | Stores your cookie consent choices. |
| theme | Shakvaro | necessary | 1 year | Remembers your light/dark theme preference. |
| sk_session | Shakvaro | necessary | 30 days | Magic-link session for resource downloads. |
| _ga, _ga_* | Google LLC | measurement | 13 months | Google Analytics 4, distinguishes unique users. |
| _clck, _clsk, CLID | Microsoft | measurement | 1 year / session | Microsoft Clarity, session replay and heatmaps. |
| g_state | Google LLC | functionality | 1 year | Suppresses Google One Tap prompt after dismissal. |
We honour the Sec-GPC: 1 Global Privacy Control signal, when set, we treat marketing and analytics as denied unless you explicitly opt in.
8. How long we keep it
- Inquiry messages: 24 months from last interaction.
- Analytics data: 14 months (GA4 default), 13 months (Microsoft Clarity).
- Consent audit log: 3 years (Art. 7(1) GDPR burden of proof).
- Invoicing & contracts: 7 years (tax & accounting obligations).
9. Your rights
Under the GDPR / UK GDPR you have the right to:
- Access the personal data we hold about you (Art. 15).
- Rectify inaccurate data (Art. 16).
- Erase your data (“right to be forgotten”, Art. 17).
- Restrict processing (Art. 18).
- Receive your data in a portable format (Art. 20).
- Object to processing based on legitimate interests (Art. 21).
- Withdraw consent at any time without affecting the lawfulness of processing carried out before the withdrawal (Art. 7(3)).
- Lodge a complaint with your supervisory authority, for example the ICO (UK), the CNIL (France), or the EDPB members list.
To exercise any of these rights, email us at privacy@shakvaro.com. We respond within 30 days (extendable to 90 for complex requests, with notice).
10. Security
We use TLS for transport, role-based access controls for stored data, encryption at rest at our hosting providers, and patched dependencies. We minimise exposure by collecting only what we need.
11. Children
Our services are aimed at businesses. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact us and we will delete it.
12. Changes to this policy
We'll update this page when our practices change and revise the date at the top. Material changes will be flagged in the cookie banner and, where we have your address on file, by email.
13. Contact
Questions about this policy? privacy@shakvaro.com , we'll get back within one business day.