Back to home
Legal

Privacy Policy

Last updated: 1 March 2025

Privacy PolicyTerms of ServiceCookie PolicyAI PolicyAcceptable UseRefund Policy

Sofeat ('we', 'our', 'us') is committed to protecting your personal information. This policy explains what personal data we collect, how we use it, your rights over it, and how we keep it safe. We comply with applicable data protection laws including the UK GDPR, the EU General Data Protection Regulation (GDPR), and India's Digital Personal Data Protection Act 2023 (DPDP Act) where applicable.

01Who We Are

Sofeat is a software development studio operating from India, providing services globally. For the purposes of data protection law, Sofeat is the data controller of personal data collected via this website. You can contact us at karan.rajput@sofeat.in for any privacy-related matter.

02Information We Collect

  • Contact information you submit via our contact form: name, email address, and message content.
  • Business information provided during client engagements: company name, project details, and communication records.
  • Technical data automatically collected when you visit our site: IP address, browser type, operating system, referring URL, pages visited, and approximate location (country/city level only).
  • Cookies and similar technologies — see our Cookie Policy for full details.
  • Any information you voluntarily provide during a project (scoping documents, access credentials, business content) — this is handled under confidentiality obligations as set out in our Terms of Service.

03How We Use Your Information

  • To respond to your enquiries and provide the services you have requested.
  • To send project updates, invoices, and contractual communications.
  • To fulfil our legal and contractual obligations, including tax and accounting requirements.
  • To improve our website by understanding how it is used (anonymised analytics only).
  • To protect against fraud, security incidents, and misuse of our website.
  • We do not sell, rent, lease, or trade your personal data to any third parties under any circumstances.
  • We do not use personal data for automated decision-making or profiling that significantly affects individuals.

04Legal Basis for Processing (UK/EU GDPR)

  • Contract performance: processing necessary to respond to your enquiry and deliver agreed services.
  • Legitimate interests: understanding how our website is used, security monitoring, and improving our services — provided those interests are not overridden by your rights.
  • Legal obligation: compliance with applicable tax, accounting, and regulatory requirements.
  • Consent: where we rely on consent (e.g., optional communications), you may withdraw it at any time by contacting karan.rajput@sofeat.in.

05Legal Basis for Processing (India DPDP Act 2023)

Where Indian law applies, we process your personal data on the basis of your consent (given when you submit a contact form or engage our services) and as necessary to fulfil contractual obligations. You may withdraw consent or request data erasure at any time by contacting karan.rajput@sofeat.in. We act as a Data Fiduciary under the DPDP Act.

06Data Retention

  • Contact form submissions: retained for 12 months after last contact, then securely deleted.
  • Client project data: retained for 7 years from project completion to comply with tax and accounting regulations, then securely deleted.
  • Server access logs: retained for 90 days for security monitoring, then deleted.
  • You may request deletion of your personal data at any time — see 'Your Rights' below.

07International Data Transfers

  • As a global service provider, your data may be processed or stored outside your country of residence, including in countries that may have different data protection standards.
  • Where we transfer data from the UK or EEA to third countries, we rely on Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms approved by the relevant supervisory authority.
  • Third-party processors we use (such as Resend and Vercel) maintain their own data protection policies and are subject to contractual obligations that protect your data.

08Third-Party Processors

  • Resend (resend.com) — transactional email delivery for contact form submissions. Processes your name and email address.
  • Vercel (vercel.com) — website hosting and edge delivery. May process IP addresses for security and performance purposes.
  • We do not use Google Analytics, Meta Pixel, Hotjar, or any other third-party behavioural tracking or advertising platforms.
  • We do not share your data with any third party for marketing purposes.

09Your Rights

  • Right of access — you can request a copy of the personal data we hold about you, free of charge.
  • Right to rectification — you can ask us to correct inaccurate or incomplete data.
  • Right to erasure ('right to be forgotten') — you can ask us to delete your personal data, subject to legal retention obligations.
  • Right to restriction — you can ask us to restrict processing of your data while a dispute is being resolved.
  • Right to data portability — you can request your personal data in a structured, machine-readable format.
  • Right to object — you can object to processing based on legitimate interests at any time.
  • Right to withdraw consent — where processing is based on consent, you can withdraw it without affecting lawfulness of prior processing.
  • To exercise any of these rights, email karan.rajput@sofeat.in. We will respond within 30 days. We may ask for proof of identity before fulfilling a request.

10Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and in accordance with applicable law. We maintain an internal breach response procedure and report notifiable breaches to the relevant supervisory authority within 72 hours of becoming aware.

11Children's Data

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will delete it promptly. If you believe we have collected data from a child, please contact us immediately at karan.rajput@sofeat.in.

12Security

  • We use industry-standard security measures including TLS/HTTPS encryption for all data in transit.
  • Access to personal data is restricted to authorised personnel on a need-to-know basis.
  • We conduct regular reviews of our data handling and security practices.
  • No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we take all reasonable steps to protect your information.
  • To report a security vulnerability responsibly, contact karan.rajput@sofeat.in.

13Complaints

  • If you are unhappy with how we have handled your personal data, please contact us at karan.rajput@sofeat.in and we will do our best to resolve the issue.
  • If you remain unsatisfied, you have the right to lodge a complaint with your relevant supervisory authority: in the UK, the Information Commissioner's Office (ico.org.uk); in India, the Data Protection Board of India (once operational).

14Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated to active clients via email. The 'last updated' date at the top of this page will always reflect the most current version. Continued use of our website after changes constitutes acceptance.

15Contact

For any privacy-related questions, requests, or concerns, contact us at karan.rajput@sofeat.in. We respond to all enquiries within 5 business days.

Questions about this policy?

Reach out and we'll respond within 24 hours. karan.rajput@sofeat.in

Start a projectBack to home