Privacy Policy

Welcome to souravchhimpa.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at https://www.souravchhimpa.com, book a discovery call, submit a project inquiry, or engage with any of our Web3 development, SaaS development, token ecosystem creation, smart contract development, or AI product development services.

We take your privacy seriously. This policy is designed to comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), India's Digital Personal Data Protection Act (DPDPA), and other applicable data protection laws. By accessing or using our website and services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

If you do not agree with the terms of this Privacy Policy, please do not access the website or use our services. If you have any questions, you can reach us at hello@souravchhimpa.com.

Personal Data You Provide Voluntarily

When you interact with our website such as booking a discovery call, filling out a contact form, or engaging our services we may collect the following personal information:

• Identity data: Full name, professional title, company name
• Contact data: Email address, Telegram handle, phone number (if provided)
• Project data: Project type, budget range, timeline preferences, technical requirements, project descriptions, and any files or documents you share
• Booking data: Selected date, time slot, timezone, and meeting preferences
• Communication data: Messages, emails, and correspondence between you and us

Data Collected Automatically

When you visit our website, we automatically collect certain technical information through cookies and similar technologies:

• Device data: IP address, browser type and version, operating system, device type, screen resolution
• Usage data: Pages visited, time spent on each page, click patterns, scroll depth, referring URL, entry and exit pages
• Location data: Approximate geographic location derived from your IP address (country/city level only)
• Performance data: Page load times, error reports, and website performance metrics

Data We Do Not Collect

We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health data, sexual orientation, genetic data, or biometric data. We do not process financial data such as credit card numbers all payments are handled through third-party payment processors.

We use the personal information we collect for the following specific purposes:

• Service delivery: To respond to your inquiries, schedule and conduct discovery calls, send booking confirmations, provide meeting links, and deliver project-related communications
• Project management: To manage ongoing project engagements, track deliverables, and maintain records of our professional relationship
• Website improvement: To analyze website traffic patterns, understand user behavior, identify popular content, and improve the overall user experience
• Analytics: To measure website performance, track visitor demographics, and generate aggregate usage statistics through Google Analytics
• Email communications: To send booking confirmations, meeting links, project status updates, and other service-related transactional emails through Resend
• Legal compliance: To comply with applicable laws, regulations, legal processes, or governmental requests
• Security: To detect, prevent, and address technical issues, fraud, or security vulnerabilities

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We do not use your data for automated decision-making or profiling.

Under the GDPR and similar regulations, we process your personal data based on the following legal grounds:

• Consent: When you voluntarily submit your information through our booking form or contact form, you consent to our processing of that data for the stated purposes
• Contractual necessity: Processing is necessary for the performance of a contract or to take steps at your request before entering into a contract (e.g., scheduling a discovery call, providing project estimates)
• Legitimate interests: Processing is necessary for our legitimate business interests, such as improving our website, understanding our audience, and marketing our services provided these interests do not override your fundamental rights
• Legal obligation: Processing is necessary to comply with applicable legal obligations

We use the following trusted third-party services that may process your data on our behalf. Each service acts as a data processor under our instructions:

• Google Analytics (Google LLC): Website traffic analysis, audience insights, and usage statistics. Data may be transferred to Google servers in the United States. Google Privacy Policy
• Vercel (Vercel Inc.): Website hosting, deployment, edge network delivery, and serverless function execution. Vercel Privacy Policy
• Supabase (Supabase Inc.): Database storage for booking data, project information, and content management. Supabase Privacy Policy
• Clerk (Clerk Inc.): Authentication and user management for admin access only. No visitor data is processed through Clerk. Clerk Privacy Policy
• Resend (Resend Inc.): Transactional email delivery for booking confirmations, meeting links, and status updates. Resend Privacy Policy
• Cloudinary (Cloudinary Ltd.): Image hosting, optimization, and content delivery for project images and portfolio assets. Cloudinary Privacy Policy

We carefully vet all third-party services and only use providers that maintain appropriate security measures and comply with applicable data protection regulations.

Our website uses cookies and similar tracking technologies to enhance your browsing experience and collect usage data. Here is what we use:

• Essential cookies: Required for the website to function properly (e.g., session management, authentication for admin access). These cannot be disabled.
• Analytics cookies: Google Analytics uses cookies to collect anonymous usage data such as page views, session duration, and traffic sources. This data helps us understand how visitors use our website and improve the experience.
• Performance cookies: Vercel may set cookies for performance monitoring and edge caching optimization.

We do not use advertising cookies, social media tracking pixels, or retargeting technologies. You can control cookie behavior through your browser settings. Most browsers allow you to refuse cookies or alert you when a cookie is being set. Note that disabling certain cookies may affect website functionality.

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Booking data: Retained for 24 months after the booking date, then automatically deleted
• Project data: Retained for the duration of the project engagement plus 36 months for portfolio and reference purposes
• Analytics data: Google Analytics data is retained for 26 months (Google default), then automatically aggregated and anonymized
• Email communication data: Retained for 24 months after the last communication
• Website logs: Server logs are retained for 90 days for security and debugging purposes

You may request early deletion of your data at any time by contacting us at hello@souravchhimpa.com.

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

• All data transmission is encrypted using TLS/SSL (HTTPS)
• Database access is restricted through row-level security policies and API key authentication
• Admin access is protected by multi-factor authentication through Clerk
• Regular security audits and dependency vulnerability scanning
• Principle of least privilege applied to all data access

While we strive to use commercially acceptable means to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to industry best practices.

Your information may be transferred to and processed in countries other than your country of residence, including the United States (where Google, Vercel, Supabase, Clerk, and Resend are headquartered). These countries may have data protection laws that differ from the laws of your country.

When we transfer your data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on the service provider's compliance with applicable data protection frameworks.

If you are located in the European Economic Area (EEA), the United Kingdom, or other jurisdictions with similar data protection laws, you have the following rights:

• Right of access: You can request a copy of all personal data we hold about you
• Right to rectification: You can request correction of any inaccurate or incomplete data
• Right to erasure: You can request deletion of your personal data ("right to be forgotten")
• Right to restrict processing: You can request that we limit how we use your data
• Right to data portability: You can request your data in a structured, commonly used, machine-readable format
• Right to object: You can object to processing based on legitimate interests or for direct marketing purposes
• Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please email us at hello@souravchhimpa.com. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection authority.

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

• Right to know: You can request disclosure of the categories and specific pieces of personal information we have collected
• Right to delete: You can request deletion of personal information we have collected from you
• Right to opt-out: You can opt out of the sale of your personal information (note: we do not sell personal information)
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise your California privacy rights, contact us at hello@souravchhimpa.com.

Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us immediately at hello@souravchhimpa.com. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take immediate steps to delete that information from our servers.

We reserve the right to update or modify this Privacy Policy at any time. When we make changes, we will update the "Last updated" date at the top of this page and, where required by law, notify you of material changes via email or a prominent notice on our website. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Your continued use of the website after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through any of the following channels:

• Email: hello@souravchhimpa.com
• Website: souravchhimpa.com/contact
• Telegram: @meetsourav

We will respond to all privacy-related inquiries within 30 calendar days. For data subject access requests under GDPR, we will respond within the legally required timeframe of 30 days, with a possible extension of up to 60 additional days for complex requests.