Privacy Policy

Last updated: June 2026

1. Who we are

This website is operated by Dhrubo Duti Biswas, trading as OneDot ABM (“we”, “us”, “our”). Our principal place of business is Bangladesh. Contact: connect.dhrubo@gmail.com.

2. What data we collect

  • Contact/enquiry data — name, email, phone, company, service interest, budget, message — submitted via the contact/hire form.
  • Client & billing data — name, email, phone, company address, invoices, and payment records — collected when we onboard you as a client.
  • Project data — deliverable status, files, notes — maintained in the client workspace for active engagements.
  • Usage data — pages visited, time on site, referrer — collected automatically via analytics (see §5).

3. How we use it

  • Respond to enquiries and proposals.
  • Deliver contracted services and manage project work.
  • Issue invoices and process payments.
  • Send service-related communications (no marketing email without consent).
  • Improve the website and our services.

4. Legal basis (GDPR)

We process data under: contract performance (delivering services you hired us for), legitimate interests (responding to enquiries, fraud prevention), and legal obligation (invoice retention). [LAWYER REVIEW: confirm lawful basis per applicable jurisdiction]

5. Third parties we share data with

  • Neon (database) — cloud PostgreSQL hosting. Data stored in AWS regions. Privacy policy.
  • Vercel — website hosting & edge network. Privacy policy.
  • Cloudinary — media/file storage for deliverables. Privacy policy.
  • Resend — transactional email (lead notifications). Privacy policy.
  • Meta (Facebook/Instagram) — advertising pixel & conversion tracking, if enabled. Privacy policy.
  • Google Analytics / GTM — website analytics, if enabled. Privacy policy.

We do not sell personal data to third parties.

6. Cookies

We use a session cookie (ddb_workspace_cred) strictly for authenticated client workspace access. Analytics cookies may be set by Google/Meta integrations if enabled. [LAWYER REVIEW: add cookie consent banner if serving EU users]

7. Data retention

Enquiry data: 2 years. Client & billing data: 7 years (legal/tax obligation). Project files: duration of engagement + 1 year. You can request deletion of non-legally-required data at any time.

8. Your rights

Under GDPR (and equivalent laws) you have the right to access, rectify, erase, restrict processing of, and port your data. To exercise any right, email connect.dhrubo@gmail.com. We will respond within 30 days. [LAWYER REVIEW: add supervisory authority complaint info for applicable jurisdiction]

9. Security

We use HTTPS, HttpOnly cookies, server-side authentication, and access-controlled databases. No system is 100% secure; please notify us promptly if you suspect a breach.

10. Changes

We may update this policy. Material changes will be noted by updating the “last updated” date above.

11. Contact

Questions or requests: connect.dhrubo@gmail.com