Privacy Policy — Razex Solutions

1. Who We Are

Razex Solutions ("we", "us", "our") is a software development and digital services agency. We operate the website razexsolutions.com and associated subdomains including ai.razexsolutions.com, blog.razexsolutions.com, and portal.razexsolutions.com.

Contact: For any privacy-related enquiry, please email info@razexsolutions.com.

2. What Data We Collect

2a. Data You Provide Directly

Contact form submissions — name, email address, company name, phone number (optional), and the message content you submit.
Email correspondence — any personal information included in emails you send to us.
Newsletter sign-up — email address only.
Client portal accounts — name, email, company name, and project-related information if you register for our client portal.

2b. Data Collected Automatically

Analytics data — pages visited, session duration, traffic source, approximate geographic region, device type, and browser via Google Analytics 4 (GA4). This data is anonymised and aggregated.
Log data — IP address, browser type, operating system, referring URLs, and access timestamps. Stored in standard server access logs.
Cookies — see Section 6 for full details.

2c. Data We Do NOT Collect

We do not collect payment card numbers or banking details directly (payments, if applicable, are handled by third-party processors).
We do not collect government-issued ID numbers, Social Security numbers, or passport numbers.
We do not collect health or medical information.
We do not build profiles using sensitive categories of data (race, religion, political opinion, etc.).

3. How We Use Your Data

Purpose	Data Used	Legal Basis
Responding to contact enquiries and proposals	Name, email, message	Legitimate interest / Contract
Delivering contracted software services	Contact & project data	Contract performance
Sending newsletters or updates (only if opted in)	Email address	Consent
Website analytics & improvement	Anonymised usage data	Legitimate interest
Security & fraud prevention	IP address, log data	Legitimate interest / Legal obligation
Legal compliance & record keeping	Communication records	Legal obligation

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom (UK), and other jurisdictions requiring a lawful basis for data processing, we rely on:

Article 6(1)(a) — Consent: Where you have given clear consent, such as subscribing to our newsletter.
Article 6(1)(b) — Contract: Where processing is necessary to deliver services you have contracted with us.
Article 6(1)(c) — Legal Obligation: Where we are required to process data to comply with applicable law.
Article 6(1)(f) — Legitimate Interests: For analytics, security monitoring, and business communications where our interests are not overridden by your rights.

Where we rely on legitimate interests, you have the right to object. See Section 9.

5. Who We Share Data With

We share personal data only where necessary and with trusted parties:

Recipient	Purpose	Location	Safeguard
Google Analytics (Google LLC)	Website analytics	USA / Global	Standard Contractual Clauses (SCCs); data anonymised
Google Workspace	Email communication	USA / Global	Data Processing Agreement with Google
Web hosting provider (cPanel)	Website & data hosting	As per host	Contractual obligations
Payment processors (if applicable)	Invoice & payment handling	Varies	PCI-DSS compliant; we receive no card data
Legal authorities	Compliance with court orders / legal obligations	Varies	Only when legally required

We do not use data brokers, ad networks, or sell personal data to any third parties.

6. Cookies & Tracking Technologies

We use cookies and similar technologies to operate and improve our website.

Cookie	Type	Purpose	Duration
_ga, _ga_*	Analytics	Google Analytics — tracks unique sessions and page views (anonymised)	2 years
_gid	Analytics	Google Analytics — distinguishes users (anonymised)	24 hours
razex_theme	Functional	Remembers your light/dark mode preference	1 year

Managing Cookies

You can control and delete cookies at any time through your browser settings. Disabling analytics cookies will not affect the functionality of our website. Browsers that support "Do Not Track" (DNT) signals: we honour these where technically feasible.

For EU/UK users: analytics cookies are non-essential and require your consent. We display a consent notice on first visit. You may withdraw consent at any time.

7. Data Retention

Contact enquiries: Retained for 3 years from last contact, or for the duration of a business relationship plus 2 years.
Client project data: Retained for 7 years for legal/financial compliance (standard contractual retention period).
Newsletter subscribers: Until you unsubscribe. We process removal requests within 10 business days.
Analytics data: Retained per Google Analytics retention settings (default 14 months for event data).
Server logs: Retained for up to 90 days for security monitoring, then deleted.

When data is no longer needed, we securely delete or anonymise it.

8. Your Rights (All Users)

Regardless of where you are located, you have the right to:

Access the personal data we hold about you.
Correct inaccurate or incomplete data.
Request deletion of your data (subject to legal obligations).
Withdraw consent at any time where processing is based on consent.
Opt out of marketing communications via the unsubscribe link in any email.
Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at info@razexsolutions.com. We respond within 30 days (or sooner where required by law).

9. EU / UK GDPR Rights

If you are located in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) or UK GDPR grants you additional rights:

Right to Erasure ("Right to be Forgotten"): You may request deletion of your personal data unless we have a legal obligation to retain it.
Right to Restriction: You may request that we restrict processing of your data in certain circumstances.
Right to Data Portability: Where processing is automated and based on consent or contract, you may request your data in a machine-readable format.
Right to Object: You may object to processing based on legitimate interests, including profiling. We will cease processing unless we can demonstrate compelling legitimate grounds.
Right not to be subject to automated decision-making: We do not use fully automated decision-making that produces legal or similarly significant effects.

How to complain (EU): You have the right to lodge a complaint with your national supervisory authority. A list of EEA authorities is available at edpb.europa.eu.

How to complain (UK): You may complain to the Information Commissioner's Office (ICO) at ico.org.uk or call 0303 123 1113.

10. California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following rights:

Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and any third parties we share it with.
Right to Delete: You may request deletion of personal information we have collected, subject to certain exceptions.
Right to Correct: You may request correction of inaccurate personal information.
Right to Opt-Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioural advertising. You do not need to opt out.
Right to Limit Use of Sensitive Personal Information: We do not collect or use sensitive personal information beyond what is necessary.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

Do Not Sell or Share My Personal Information: Razex Solutions does not sell or share personal information with third parties for targeted advertising. No opt-out is required.

Categories of Personal Information Collected (CCPA)

Category	Examples	Collected?
Identifiers	Name, email, IP address	Yes
Commercial information	Service enquiries, project scope	Yes (clients only)
Internet / network activity	Pages visited, session data	Yes (anonymised via GA4)
Geolocation data	Country/region (approximate)	Yes (anonymised via GA4)
Sensitive personal information	Health, financial, biometric	No
Protected classifications	Race, religion, etc.	No

To submit a California privacy rights request, contact us at info@razexsolutions.com with the subject line "California Privacy Request". We will respond within 45 days.

11. International Data Transfers

Razex Solutions operates globally. If you are located in the EEA, UK, or other regions with data transfer restrictions, your information may be transferred to and processed in countries with different data protection laws.

Where we transfer personal data outside the EEA/UK, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission.
Adequacy decisions where the destination country has been deemed adequate by the relevant supervisory authority.
Binding Corporate Rules (BCRs) where applicable.

Google Analytics data is processed by Google LLC in the United States. We have enabled IP anonymisation and have a Data Processing Agreement with Google in place.

12. Security

We implement technically and organisationally appropriate measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction, including:

HTTPS/TLS encryption on all pages and form submissions.
Access controls limiting data access to authorised personnel only.
Regular security assessments and vulnerability testing.
Secure password policies and multi-factor authentication for internal systems.

No transmission over the internet is 100% secure. We cannot guarantee absolute security of data transmitted to us, but we take commercially reasonable precautions.

In the event of a personal data breach that is likely to result in high risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by applicable law (e.g. within 72 hours under GDPR).

13. Children's Privacy

Our website and services are directed at businesses and adults. We do not knowingly collect personal data from individuals under the age of 16 (or 13 in the United States under COPPA).

If we become aware that we have inadvertently collected personal data from a child under the applicable age threshold, we will delete it promptly. If you believe we have collected data from a child, please contact us at info@razexsolutions.com.

14. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

Update the "Last Updated" date at the top of this page.
Where required by law or where changes are significant, notify you by email or a prominent notice on our website.

We encourage you to review this policy periodically. Your continued use of our website after any change constitutes your acceptance of the updated policy.

15. Contact & Data Protection Officer

For any privacy-related questions, to exercise your rights, or to make a complaint, please contact us:

Razex Solutions — Privacy Contact

📧 Email: info@razexsolutions.com

🌐 Website: razexsolutions.com

📬 Subject line: "Privacy Request" or "GDPR Request" or "CCPA Request"

We aim to respond to all privacy requests within 30 calendar days. For complex requests, we may extend this period by a further 2 months and will notify you accordingly.