Privacy Policy

Last updated: 24 March 2026

1. Data Controller

The data controller for this website is:

Fahid Ahmed Khan (sole trader)
Trading as LaunchPad Digital
Finninmäenkatu 4 P 133, 33820 Tampere, Finland
Y-tunnus: 3435597-7
Email: hello@launchpaddigital.tech

2. What Data We Collect

We collect personal data only when you voluntarily provide it through our website:

  • Contact form: Name, email address, company name (optional), selected service, budget range (optional), and your message.
  • Newsletter signup: Email address only.

We do not collect data automatically through cookies or tracking technologies beyond basic analytics (see Section 5).

3. Purpose and Legal Basis

We process your personal data for the following purposes:

Purpose Legal Basis (GDPR Art. 6)
Responding to your inquiry Legitimate interest / contract performance
Sending newsletters Your consent
Website analytics Legitimate interest

4. Data Retention

We retain your contact form submissions for up to 12 months after your last interaction. Newsletter subscriber data is kept until you unsubscribe. You can request deletion at any time by emailing us.

5. Cookies & Analytics

This website uses Google Analytics (GA4, property ID: G-Z0HV6DE92D) to understand visitor traffic. Google Analytics uses cookies to collect anonymous usage data (pages visited, time on site, country). No personally identifiable information is collected through analytics.

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

6. Third-Party Services

We use the following third-party services that may process data on our behalf:

  • Google Fonts — Font delivery (Google LLC, USA)
  • Font Awesome — Icon delivery (Cloudflare CDN)
  • YouTube — Embedded videos on the portfolio page (Google LLC, USA)
  • Formspree — Contact form processing (Formspree Inc., USA)

These services may collect technical data such as your IP address. For details, refer to their respective privacy policies.

7. Data Transfers

Some of our third-party service providers are based outside the EU/EEA (primarily the USA). Data transfers to these providers are safeguarded by Standard Contractual Clauses (SCCs) approved by the European Commission, or the EU-US Data Privacy Framework where applicable.

8. Your Rights

Under the GDPR, you have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Correct inaccurate or incomplete data
  • Erasure — Request deletion of your personal data
  • Restriction — Restrict processing of your data
  • Portability — Receive your data in a structured, machine-readable format
  • Object — Object to processing based on legitimate interest
  • Withdraw consent — Withdraw consent at any time (for newsletter subscriptions)

To exercise any of these rights, email us at hello@launchpaddigital.tech. We will respond within 30 days.

9. Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman:

Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)
PO Box 800, 00531 Helsinki, Finland
tietosuoja.fi

10. Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption: All data in transit is protected with TLS/SSL encryption (HTTPS). Our website enforces HSTS with preload.
  • Secure hosting: Our website is hosted on Netlify's enterprise-grade infrastructure with automatic DDoS protection, global CDN, and isolated deployment environments.
  • Access control: Administrative access to our systems is restricted and protected with strong authentication.
  • Security headers: We enforce Content Security Policy (CSP), X-Frame-Options, X-Content-Type-Options, and other HTTP security headers to protect against common web vulnerabilities.
  • Spam protection: Contact forms use honeypot techniques instead of invasive CAPTCHAs, minimizing data collection while preventing abuse.
  • Regular updates: We monitor and update our security practices in line with current best practices and OWASP guidelines.

11. Client Data & Confidentiality

For clients using our services:

  • All project materials, business strategies, and proprietary information shared with us are treated as strictly confidential.
  • We offer Non-Disclosure Agreements (NDAs) upon request for any project or consultation.
  • Client credentials (hosting logins, CMS access, etc.) are stored securely and never shared with unauthorized parties.
  • Upon project completion or contract termination, we delete client credentials from our systems within 30 days unless retention is requested.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when the latest changes were made. We encourage you to review this page periodically.