Legal

Privacy Policy

Effective: April 14, 2026Last updated: April 14, 2026

This Privacy Policy explains how Sadik Shaikh(“Sadik”, “I”, “we”, or “my”) collects, uses, and safeguards personal information when you visit sadik.dev, contact me through the site, or pay for my development services.

1. Who we are
2. Information we collect
3. How we use information
4. Legal basis for processing
5. Third-party services
6. Cookies
7. Data retention
8. Data security
9. Your rights
10. International data transfers
11. Children
12. Changes
13. Contact

1. Who we are

Sadik Shaikh is an independent full-stack developer based in India, offering React, Next.js, Shopify, and SaaS development services to clients worldwide. For the purposes of data protection law (including the EU GDPR and India's Digital Personal Data Protection Act 2023), I am the data controller for any personal information collected through this website.

Contact for privacy matters: sadik5780@gmail.com.

2. Information we collect

a) Information you provide

Contact form submissions — your name, email address, optional phone number, selected project type, stated budget, and the message you send.
Payment information — name, email, and billing details you enter in the Razorpay or Stripe checkout flow. Card numbers and bank credentials are never transmitted to or stored on sadik.dev; they go directly to the payment processor.
Project content — anything you share during an engagement (briefs, assets, source materials) is held in confidence under the Terms of Service.

b) Information collected automatically

Request metadata — IP address, user-agent, referring URL, and approximate country (used to display pricing in the right currency). I do not log IP addresses to a personal profile.
Session cookie — a single short-lived, signed sadik_admin_session cookie is set only when I sign in to the admin panel. No tracking cookies are set for site visitors.

3. How we use information

I use the information I collect for these purposes only:

To reply to your inquiry and, if we proceed, to scope and deliver the project.
To process payments via Razorpay (India) or Stripe (international).
To send transactional email (quotes, invoices, delivery updates) — no newsletters without explicit opt-in.
To comply with tax, accounting, and legal obligations.
To improve the site's content and performance using aggregated, non-identifying data.

I never sell your personal information, rent it to advertisers, or use it to train machine-learning models.

4. Legal basis for processing

Under the GDPR (and analogous Indian and Australian law), I process personal data on these bases:

Contract — to respond to your inquiry and perform the services you engage me for.
Legitimate interest — to secure the site (e.g. rate-limiting, abuse prevention) and to maintain accurate business records.
Legal obligation — to meet tax, anti-money-laundering, and accounting requirements.
Consent — where required (e.g. optional marketing emails, which I currently do not send).

5. Third-party services

I use a small, audited set of sub-processors to run the site. Each has its own privacy policy, linked below:

Supabase — database and storage for projects, leads, payments, and uploaded images. Policy →
Vercel — hosts and serves this website. Policy →
Razorpay — processes payments from Indian customers in INR. Policy →
Stripe — processes payments from international customers in USD (when enabled). Policy →
Resend — delivers transactional email from the contact form (when configured). Policy →

I share the minimum data required to operate each service. Payment processors receive what they need to complete the transaction; the database holds structured inquiry records and (if you paid) a reference to the payment. No third party receives data for advertising purposes.

6. Cookies

sadik.dev uses cookies sparingly. The only cookie set during normal browsing is a session cookie for the admin panel, which is only set after the administrator signs in. There are no advertising cookies, no cross-site tracking pixels, and no analytics cookies by default.

If I add analytics in the future (e.g. Plausible, Vercel Analytics), I will use cookieless or first-party-cookie options that do not identify individuals.

7. Data retention

Contact form submissions — kept until the lead is resolved, then archived for up to 3 years for tax and audit purposes.
Payment records — retained for at least 7 years to meet Indian tax-filing requirements (Rule 6F / Section 44AA of the Income Tax Act).
Project assets — retained for the duration of the engagement plus 90 days after delivery, then deleted on request.
Server logs — rotated automatically after 30 days.

8. Data security

The site enforces TLS 1.3 for every request, uses HTTP-only + Secure + SameSite=Lax cookies for the admin session, and stores credentials only as environment variables on the hosting provider (never in source control). Row-level security is enabled on every Supabase table, and admin writes use a server-only service role key.

No system is perfectly secure. If a data breach affects you, I will notify you by email within 72 hours of discovery, in line with GDPR Article 33 and India's DPDP Act obligations.

9. Your rights

Depending on where you live, you have some or all of these rights over the information I hold about you:

Access — request a copy of your personal data.
Rectification — correct inaccurate or incomplete data.
Erasure — request deletion, subject to tax and legal retention obligations.
Portability — receive your data in a machine-readable format.
Objection — object to specific processing on legitimate-interest grounds.
Withdrawal of consent — where processing relies on consent.
Complaint — lodge a complaint with your local supervisory authority (in India, the Data Protection Board; in the EU, your national DPA).

To exercise any of these rights, email sadik5780@gmail.com from the address associated with your account or inquiry. I will respond within 30 days.

10. International data transfers

The site and database are hosted on Vercel (United States) and Supabase (United States). If you visit from outside the US, your data will be transferred to and processed in the US. I rely on the applicable Standard Contractual Clauses (SCCs) and each provider's Data Processing Agreement to ensure an adequate level of protection.

11. Children

sadik.dev is a B2B business site. It is not directed at children under 13 (or the equivalent minimum age in your country), and I do not knowingly collect personal information from children. If you believe a child has provided information, please contact me and I will delete it promptly.

12. Changes to this policy

If I update this policy, the “Last updated” date at the top changes. Material changes that affect your rights will be communicated by email to active clients and announced at the top of this page for at least 30 days.

13. Contact

Questions, concerns, or requests under this policy go to:

Email: sadik5780@gmail.com
Subject line: “Privacy request — [your name]”

If your request relates to a specific project, please reference the project name or invoice number so I can locate your records quickly.