← Back to Home

// LEGAL

Privacy Policy

Last updated: May 7, 2026  ·  Effective immediately

1. Who We Are

Shabih. Agency is operated by Muhammad Shabih Haider, a sole trader providing web development and AI integration services.

Website: shabih.tech
Contact: shabihhaider191@gmail.com
Location: Lahore, Pakistan

For the purpose of the GDPR and UK GDPR, Muhammad Shabih Haider is the data controller for personal data collected via this website.

2. What Data We Collect

We collect only what is necessary to respond to your project inquiry:

  • Name — to address you correctly
  • Email address — to send you a response
  • Project type & budget range — to give you a relevant quote
  • Message — the details you share about your project

We do not collect payment details, sensitive personal data, or any data from minors. The contact form does not require a phone number.

Our web infrastructure (Vercel) automatically records standard server logs — IP addresses, browser type, and request timestamps — for security and performance purposes.

3. Legal Basis for Processing

We process your personal data under the following lawful bases (GDPR Article 6):

  • Legitimate interests (Art. 6(1)(f)) — responding to your project inquiry is a legitimate business interest, and you would reasonably expect a response after submitting a contact form.
  • Consent (Art. 6(1)(a)) — by submitting the contact form, you consent to us processing your data to follow up on your inquiry.

4. How We Use Your Data

Your data is used solely to:

  • Respond to your project inquiry via email
  • Send you a confirmation that your message was received
  • Prepare a project scope and quote

We do not use your data for marketing, sell it to third parties, or share it with advertisers.

5. Third-Party Data Processors

To operate this website, we use the following third-party services that may process your personal data. All are engaged under appropriate data processing agreements:

Notion (Notion Labs, Inc.)

Contact form submissions are stored in a private Notion database to manage project inquiries. Notion is certified under the EU–US Data Privacy Framework.

notion.so/privacy

Google (Gmail & reCAPTCHA v3)

Gmail — confirmation and notification emails are sent via Gmail (Google LLC). Your email address is passed to Google's mail infrastructure to deliver these messages.

reCAPTCHA v3 — our contact form uses Google reCAPTCHA v3 to detect automated submissions. reCAPTCHA operates in the background and collects hardware and software information (e.g. device and application data) to assess whether a submission is from a human. This data is sent to Google for analysis. Google is certified under the EU–US Data Privacy Framework.

policies.google.com/privacy

Vercel (Vercel Inc.)

This website is hosted on Vercel. Vercel processes server request logs (IP addresses, request data) to operate and secure the platform. Vercel is SOC 2 Type II certified.

vercel.com/legal/privacy-policy

6. Data Retention

  • Contact form submissions: retained for 2 years, then deleted
  • Server logs (Vercel): deleted after 90 days
  • Email correspondence: retained for the duration of the client relationship

You can request deletion at any time — see Your Rights below.

7. Cookies

This website uses only the cookies necessary for basic operation. No marketing or tracking cookies are set by us.

Google reCAPTCHA sets a cookie (_GRECAPTCHA) to function. This cookie is necessary for spam protection and is covered by Google's privacy policy. You can manage or delete cookies via your browser settings.

8. Your Rights

Under the GDPR (and UK GDPR), you have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure ("right to be forgotten") — request deletion of your data
  • Restriction — ask us to limit how we process your data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — at any time, without affecting prior processing

To exercise any of these rights, email: shabihhaider191@gmail.com. We will respond within 30 days at no charge.

EU residents may lodge a complaint with their national Data Protection Authority. UK residents may contact the ICO.

9. International Transfers

Your data may be processed outside your country of residence (e.g. in the United States) by the processors listed in Section 5. All such transfers are safeguarded by the EU–US Data Privacy Framework, Standard Contractual Clauses, or equivalent mechanisms approved by the European Commission.

10. Changes to This Policy

We update this policy when our practices change. The date at the top reflects the latest revision. Continued use of the website after changes constitutes acceptance of the updated policy.

Questions? shabihhaider191@gmail.com