Privacy Policy

1. Introduction and Scope

Welcome to Sajjan Studio. Operating globally since 2014 from our headquarters in Pakistan, we have been at the forefront of delivering cutting-edge IT solutions, including custom software, web applications, and mobile application development. We recognize that your privacy is a serious matter, and we take our data protection and cybersecurity obligations extremely seriously.

This comprehensive Privacy Policy outlines the types of information we collect, how we process it, the legal basis for such processing, and the rigorous measures we implement to safeguard your data. This policy applies to all individuals accessing our website, clients utilizing our IT consulting services, end-users of our proprietary applications, and corporate entities engaging with our development architecture. By accessing our Site or utilizing our services, you acknowledge that you have read, understood, and agree to the data practices described in this extensive document.

2. Definitions of Key Terms

To ensure absolute clarity regarding our data handling procedures, the following terms are used throughout this Privacy Policy:

• "Company", "We", "Us", or "Our": Refers to Sajjan Studio, the entity responsible for the collection and processing of your Personal Data.
• "Service": Refers to the Sajjan Studio website, mobile applications, web applications, software products, and IT consulting services.
• "Personal Data": Any information relating to an identified or identifiable natural person. This includes names, identification numbers, location data, online identifiers, or factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.
• "Processing": Any operation performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.

3. Comprehensive Data Collection Practices

When you formally request a "Quote," consult our architecture team, or interact with our digital infrastructure, we collect various categories of data to provide optimal service delivery. We strictly adhere to the principle of data minimization, collecting only what is absolutely necessary.

We also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your Personal Data but is not considered Personal Data in law as this data does not directly or indirectly reveal your identity.

4. Methods of Data Collection

Sajjan Studio utilizes diverse, secure methodologies to gather necessary operational data:

• Direct Interactions: You may provide us with your Identity, Contact, and Financial Data by filling in forms or by corresponding with us by post, phone, email, or otherwise. This includes data provided when you inquire about our web apps, software development, or IT support.
• Automated Technologies: As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies.
• Third Parties or Publicly Available Sources: We may receive personal data about you from various third parties, such as analytics providers (e.g., Google based outside the EU), advertising networks, and search information providers.

5. Cloud Security, NDA Compliance, and Infrastructure Integrity

Given the nature of our operations, the vast majority of data we handle relates directly to clients' unreleased, proprietary codebases, intellectual property, and enterprise algorithms. Sajjan Studio relies on industry-grade security protocols that meet international compliance standards.

We absolutely do not store client databases containing live production end-user data on our local, unsecured systems. All software testing, staging, and quality assurance are conducted in heavily fortified Docker container environments utilizing "mock data" or Amazon Web Services (AWS) RDS copies that have been strictly stripped of any PII. We enforce comprehensive Non-Disclosure Agreements (NDAs) and strict access controls for all internal developers, engineers, and project managers accessing your repositories via GitHub, GitLab, or Bitbucket.

Data at rest and in transit is encrypted using advanced cryptographic standards, including TLS 1.2+ for web traffic and AES-256 for database storage. Regular vulnerability assessments and penetration testing are conducted on our internal infrastructure.

6. Specific Protocols for Web and Mobile Applications

As a premier developer of web and mobile applications since 2014, Sajjan Studio builds products that inherently process user data. When we develop applications for clients, the client acts as the Data Controller, and Sajjan Studio acts as the Data Processor. Our processing of end-user data within these applications is strictly governed by the specific Data Processing Agreements (DPAs) signed with our clients.

For proprietary mobile applications developed and owned internally by Sajjan Studio, we may require access to device-specific features such as the camera, microphone, local storage, and push notification services. Explicit user consent is always prompted via standard iOS and Android permission models before any device-level data is accessed or processed.

7. Information Sharing and Third-Party Disclosures

Sajjan Studio will never sell, rent, lease, or maliciously distribute your personal, corporate, or API details to any third-party marketers, data brokers, or advertising agencies. Information sharing is strictly limited and highly regulated.

We may share your data under the following highly controlled circumstances:

• Verified Technical Sub-contractors: With trusted IT service providers, cloud infrastructure providers (such as AWS, Google Cloud Platform, Microsoft Azure), and continuous integration tools, exclusively for hosting, deploying, and maintaining software operations.
• Legal and Regulatory Requirements: We may disclose your data if legally mandated by law enforcement agencies, courts, or government authorities, provided such requests meet strict legal standards and are necessary for national security, fraud prevention, or the safety of the public.
• Business Transfers: In the event of a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

8. International Data Transfers

Sajjan Studio operates globally, meaning your data may be transferred, stored, or processed outside of your country of residence, including in Pakistan, the United States, and the European Union. We ensure that your data receives an adequate level of protection by implementing stringent safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission, whenever we transfer personal data originating from the European Economic Area (EEA) to countries lacking an adequacy decision.

9. Cookies, Web Beacons, and Analytical Tools

We utilize browser cookies, web beacons, and similar tracking technologies to track general website functionality, maintain user sessions, and manage Google Analytics flow. This statistical information allows our engineering team to understand how you navigate our web pages, enabling us to optimize performance loading times, debug UI/UX issues, and improve our service offerings.

Cookies are small text files placed on your device. You have the full right to accept or decline non-essential cookies via your browser settings or our website's cookie consent banner. Please note that disabling essential cookies may render certain parts of our Site or client portals inaccessible or improperly functional.

10. Data Retention Policy

We will only retain your Personal Data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with respect to our relationship with you.

11. Your Comprehensive Data Protection Rights

Depending on your legal jurisdiction, you are empowered with significant rights regarding your personal data. We are fully compliant with major global data frameworks including the GDPR (Europe) and CCPA/CPRA (California).

• The Right to Access: You have the right to request copies of your personal data.
• The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• The Right to Erasure ("Right to be Forgotten"): You have the right to request that we erase your personal data, under certain legally specified conditions.
• The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The Right to Data Portability: You reserve the right to request a full extraction of all personal data held by us, delivered in a structured, commonly used, and machine-readable format.

12. Changes and Updates to this Policy

The technology landscape evolves rapidly, and so do legal regulations. We reserve the right to update or modify this Privacy Policy at any time. Any changes will be posted immediately on this page, with an updated "Effective Date" at the top of the document. We encourage our clients and users to review this policy periodically to stay informed about how we are protecting your information.