Databit Solutions

Privacy Policy

Last updated: 2026-04-25

1. Who this applies to

This policy describes how Databit Solutions (“Databit”, “we”, “us”) handles information collected through databit.ca and during client engagements. Databit Solutions is operated by Stijn Servaes from Canada.

2. What we collect

We collect only what we need to respond to inquiries, deliver client work, comply with the law, and improve the site. Specifically:

  • Information you submit. Name, email, message body, and any context you provide through the contact form, email, or scheduled calls.
  • Usage and analytics data. Pages visited, referrer, approximate device and browser, time on page, scroll depth, and CTA interactions. Used in aggregate to understand which pages are useful and which are not.
  • Technical data. IP address, request timestamps, and user-agent string. Used by rate-limiting and security infrastructure to prevent abuse.
  • Client engagement data. During paid engagements, we receive whatever data the client shares with us under the engagement contract. This is governed by the contract, not by this policy.

3. Why we collect it

Lawful bases (under GDPR terminology, applied globally for consistency):

  • Legitimate interest: operating the site, preventing abuse, understanding aggregate usage, and reaching out in response to inquiries.
  • Contract: fulfilling client engagements once a statement of work is signed.
  • Consent: where we ask for it explicitly (e.g. an opt-in newsletter, if and when one is offered).
  • Legal obligation: tax records, anti-fraud, and any disclosure required by Canadian law or applicable international law.

4. Third-party processors

We use the following processors to operate the site and respond to inquiries. Each is bound by its own data processing terms.

  • Railway (US-based): hosting and deploy infrastructure.
  • Cloudflare (US-based): CDN, DDoS protection, edge routing.
  • Resend (US-based): transactional email delivery for contact-form submissions.
  • Upstash (US-based): Redis-backed rate limiting on contact and newsletter endpoints.
  • Amplitude (US-based): aggregate product and page-level analytics (production environment only, never local or staging).
  • Sentry (US-based): runtime error monitoring.
  • Koalendar (when used for booking calls): scheduling and calendar integration.

We do not sell personal information to anyone, ever.

5. Cookies and similar technologies

We do not use advertising cookies or cross-site trackers. The analytics provider (Amplitude) sets a first-party device identifier in production to deduplicate visits. You can disable cookies in your browser; the site still functions.

6. International transfers

Some processors listed above are based in the United States. If you submit information from the European Economic Area, the United Kingdom, or another jurisdiction with international transfer restrictions, you are consenting to the transfer of that information to those processors for the purposes described above.

7. Your rights

Depending on where you live, you may have the right to access, correct, delete, or port your personal information, and to object to or restrict certain processing. Residents of California (CCPA), the European Economic Area and the United Kingdom (GDPR), and Canadian provinces with applicable privacy law have specific statutory rights. To exercise any of them, email [email protected] with a clear request and we will respond within 30 days.

8. Data retention

Contact-form submissions and email correspondence are retained for up to three years after the last interaction, then deleted unless an active engagement requires longer retention. Aggregate analytics data is retained per Amplitude’s default policy. Engagement-specific data is retained as agreed in the engagement contract.

9. Security

We use TLS for all traffic, hash credentials at rest, scope third-party access to least privilege, and review processor security posture annually. No system is unbreachable; if a security incident affects your data, we will notify you in accordance with applicable law.

10. Children

The site is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has submitted information, contact us and we will delete it.

11. Changes to this policy

We may update this policy as the service evolves or as the law requires. Material changes will be reflected by updating the “last updated” date at the top of this page. For substantial changes, we will note the change in a clearly visible way for at least 30 days.

12. Contact

Questions, complaints, or requests: [email protected].