Overview
KD Global Studio ("KD Global", "we", "us", "our") is a two-person IT services studio based in Ahmedabad, India. This Privacy Policy explains how we collect, use, store, and protect personal information when you visit our website or engage us for services.
We keep this simple: we collect what we actually need, we do not sell your data, and we do not use it for advertising.
Applicable law. This policy is drafted in accordance with India's Information Technology Act, 2000, the IT (Amendment) Act, 2008, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. We also align with the spirit of the EU General Data Protection Regulation (GDPR) as a baseline for international clients.
Data We Collect
We collect personal data in two contexts: through our website and through project engagements.
| Category | What we collect | How |
|---|---|---|
| Contact data | Name, email address, message content | Contact form on our website |
| Project data | Business information, technical requirements, system credentials shared for integration work | Provided by Client during engagement |
| Communication data | Emails, messages, call notes | Direct communication during an engagement |
| Usage data | IP address, browser type, pages visited, referrer | Automatically via server logs or analytics (if enabled) |
We do not intentionally collect sensitive personal data (health information, financial account credentials, government ID numbers). If such data is inadvertently shared, we will delete it promptly.
How We Use Your Data
We use collected data solely for the following purposes:
- Responding to enquiries — to contact you about your message or project inquiry
- Delivering services — to perform agreed project work including development, configuration, integration, and support
- Project communication — to coordinate and manage ongoing engagements
- Invoicing and payments — to issue invoices and process payments
- Legal compliance — to comply with applicable laws and regulations
- Website improvement — to understand how our site is used and make it better
We do not use your data for advertising, profiling, or any automated decision-making that produces legal or similarly significant effects.
Legal Basis for Processing
For clients in the European Economic Area (EEA) or UK, our legal bases for processing personal data are:
- Contract — processing necessary to perform services you have engaged us for
- Legitimate interests — responding to enquiries, maintaining business records, and improving our website, where these interests are not overridden by your rights
- Legal obligation — processing required to comply with applicable law (e.g. tax record-keeping)
- Consent — where you have given clear consent, such as opting into future communications (which you may withdraw at any time)
Sharing & Disclosure
We do not sell, rent, or trade your personal data. We may share data only in the following limited circumstances:
- Service providers — third-party tools we use to run our business (email, project management, invoicing). These processors are contractually bound to handle data only as directed by us.
- Your systems — data you provide (e.g. Salesforce org credentials, API keys) is used solely to configure and build within those systems on your behalf.
- Legal requirements — if required by applicable law, court order, or governmental authority.
- Business transfer — in the event of a merger, acquisition, or sale of KD Global's business, personal data may be transferred as part of that transaction. We will notify affected individuals in advance where required by law.
Third-Party Tools We Use
Our website and business operations may use the following categories of third-party services, each governed by their own privacy policies:
- Email — Gmail (Google LLC) for business communication
- Analytics — if enabled, a privacy-respecting analytics tool to understand website traffic (no advertising identifiers)
- Forms — contact form submissions may be processed through Formspree or a similar service
- Hosting — website hosted on Vercel (Vercel Inc.), which may log request data per their infrastructure policies
During project delivery, we may access your third-party platforms (Salesforce, HubSpot, QuickBooks, Stripe, Twilio, etc.) using credentials provided by you. Data within those platforms is governed by their respective privacy policies and your agreements with them.
Data Retention
We retain personal data only as long as necessary for the purposes described in this policy:
- Enquiry data — retained for up to 12 months after the last communication, then deleted unless an engagement commenced
- Project and client data — retained for 5 years after project completion for legal and tax compliance, then securely deleted
- System credentials — deleted immediately upon project completion. We recommend you rotate credentials after our access concludes.
- Usage/log data — typically retained for 90 days in server logs
Security
We implement reasonable technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. These include:
- Encrypted communications (TLS/HTTPS) for all website and email traffic
- Access controls limiting who can access project data
- Secure credential management practices (password managers, least-privilege access)
- Prompt deletion of credentials after project completion
No method of electronic transmission or storage is completely secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights, we will notify affected individuals as required by applicable law.
Your Rights
Depending on your location, you may have some or all of the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate or incomplete data
- Deletion — request deletion of your data, subject to our legal retention obligations
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interests
- Restriction — request that we restrict processing of your data in certain circumstances
- Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing
To exercise any of these rights, email us at kdglobal.2025@gmail.com. We will respond within 30 days. We may need to verify your identity before processing your request.
If you are in the EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.
Cookies
Our website is primarily a static site. We do not use advertising cookies or third-party tracking pixels. The only cookies that may be set are:
- Essential/session cookies — set by the hosting infrastructure (Vercel) for normal site operation. These are strictly necessary and cannot be disabled.
- Analytics cookies — only if analytics is enabled; if so, these are first-party and do not contain advertising identifiers. We will update this section if analytics is implemented.
You may configure your browser to block or delete cookies. Essential cookies required for basic site function may affect your experience if disabled.
Children's Privacy
Our services are directed to businesses and professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has submitted personal data to us, please contact us immediately and we will delete it.
International Data Transfers
KD Global is based in India. If you are located outside India, your data will be transferred to and processed in India. We take appropriate steps to ensure your data is handled with equivalent protections to those in your jurisdiction.
For EEA/UK clients, transfers are conducted under standard contractual clauses or equivalent mechanisms where required. Please contact us for details of specific transfer mechanisms.
Changes to This Policy
We may update this Privacy Policy periodically. The effective date at the top of this page indicates when the policy was last revised. For material changes, we will notify active clients directly. We encourage you to review this policy when engaging with us.
Contact & Data Controller
The data controller for the purposes of this policy is:
KD Global Studio
Ahmedabad, Gujarat, India
kdglobal.2025@gmail.com
For privacy-related requests, complaints, or questions, email us with the subject line "Privacy Request" and we will respond within 30 days.