Privacy & Policy

DesignSynq (“we”, “us”, “our”) is a web design and e-commerce services agency. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, store and protect personal data when you visit our website (designsynq.com), use our services (including design, development, hosting coordination, or maintenance), contact us, or otherwise interact with us.

This policy applies to individuals, business contacts, clients and visitors whose personal information we process in the course of our business. Where you engage us under a written Agreement (proposal, Statement of Work or contract), the privacy-related terms in that Agreement form part of the relationship; this Privacy Policy supplements those terms and explains our general practices. Please read this page carefully. If you do not agree with our practices, please do not provide personal information to us and refrain from using our services or website.

We aim to be transparent and practical: we explain what data we collect, why we collect it, how it is used, how long we retain it, and what choices you have. We also clarify the security measures we take, the circumstances under which we might share data with third parties (for example, hosting providers or payment processors), and how you can contact us about privacy matters. This policy contains specific sections detailing cookies/tracking, user rights, international data transfers, retention periods, and procedures to request data access or deletion.

We collect several categories of information depending on how you interact with us. The primary categories are:

• Contact and identity information: name, job title, company name, email address, phone number, postal address when voluntarily provided on forms, enquiries, proposals or contracts.
• Commercial & transactional data: project scope, proposals, invoices, payment records, billing addresses, bank transfer references and records needed to complete orders or contracted services.
• Account & service usage data: if you register for a client portal or use hosted services we manage, we may store login credentials, service preferences, and activity logs related to your account.
• Content & assets: design assets, logos, images, videos, copy and other materials you provide for use on your website or marketing collateral. You represent that you have the rights to share these assets.
• Technical and analytics data: IP addresses, browser and device information, operating system, pages visited, referral URLs, and other analytics data collected via cookies and server logs to support security, performance and analytics.
• Communications: messages, email correspondence or notes from calls/meetings when you contact us for support, proposals or consultancy.

We collect personal information directly from you when you provide it (e.g., via contact forms, email, or contract signing), and indirectly through automated means (cookies, analytics, server logs). We avoid collecting special category data (sensitive personal data such as health or religious information) and ask that you do not send such data to us unless explicitly requested and agreed in writing as part of a specific service.

Where third parties introduce us to you (such as partner referrals or lead generation platforms), we may receive limited contact information from those parties — we will handle that information in line with this policy and applicable law.

We use personal information for legitimate business purposes necessary to provide our services and to operate our business. Common purposes include:

• Service delivery: to design, build, test, launch and maintain websites and e-commerce platforms; to integrate third-party systems (payment gateways, CRMs); to deploy updates and implement security patches.
• Contract administration: to prepare proposals and contracts, manage project milestones, issue invoices, process payments and handle billing queries.
• Client communication & support: to respond to enquiries, provide technical support, collaborate on project requirements, schedule calls, and share documentation or training materials.
• Security & fraud prevention: to protect systems from abuse or intrusion, investigate suspicious activity, and comply with lawful requests (e.g., subpoenas or legal obligations).
• Improving our services: to analyze usage patterns and feedback, measure the effectiveness of our offerings, and make product or service improvements.
• Marketing & newsletters: with your consent, to send updates, newsletters or promotions about our services. You may opt out at any time.
• Compliance & record keeping: to satisfy legal, regulatory or contractual obligations such as tax record retention and accounting requirements.

We only process personal data where we have a lawful basis — typically performance of a contract, legitimate interests (e.g., to run our business and provide services), compliance with legal obligations, or your consent (for some marketing communications). We will make clear where consent is required and how you can withdraw it. Processing necessary for contract performance or required by law cannot usually be refused without affecting our ability to provide services.

Where we combine data from multiple sources (for example: contact data you provide + analytics derived from site visits), we do so to deliver a better service — for project troubleshooting, performance tuning, or UX improvements — always mindful of data minimisation principles. If you ask us not to use your data for particular purposes (where reasonable), contact us using the details below and we will consider your request in good faith.

We use cookies and similar tracking technologies to make our site work, to measure usage, and to personalise content. Cookies are small data files stored on your device; they enable the site to remember actions and preferences over a period of time.

Types of cookies we use:

• Essential/strictly necessary cookies: required for core site functionality (form submission, security checks). These cannot be turned off if you want to use our site properly.
• Performance & analytics cookies: used to understand how visitors use our site (pages visited, load times). We use these to improve site performance and design. Common providers may include Google Analytics or equivalent.
• Functional cookies: remember preferences such as language or display settings to enhance your experience.
• Marketing/advertising cookies: if we run advertising or remarketing campaigns, third-party providers may use cookies to deliver relevant ads. We only use such cookies where you have consented (where required).

You can control cookie settings in your browser (blocking or deleting cookies). For analytics cookies, many sites offer opt-outs (for example Google’s opt-out add-on). Our website may include a cookie consent banner to capture consent for non-essential cookies; your preferences are stored and respected for future visits. Note that disabling certain cookies may affect the functionality or appearance of the site.

We rely on a set of trusted third-party service providers to operate our business and serve clients. Examples include:

• Hosting providers: companies that host websites or managed services (e.g., AWS, DigitalOcean, local host providers). They store site files, databases and backups.
• Payment processors: gateway providers used to accept payments (e.g., Stripe, PayPal). Payment data is generally handled directly by those providers and not retained on our servers beyond necessary records.
• Analytics & email providers: services used to collect usage statistics and to send newsletters (e.g., Google Analytics, email marketing providers).
• Plugins & integrations: third-party plugins, themes or other code integrated into a client’s site.

When we share data with third parties it is limited to what is necessary for them to provide their service (for example, providing hosting providers with website files and credentials). We enter into contracts that require third parties to protect personal data and to use it only to provide contracted services. However, those third-party providers have their own terms and privacy practices — you should review those policies for more detail on their handling of data.

If a third-party provider is located outside your country, data may be transferred internationally — see the "International Transfers" section below for more information about safeguards we use to protect data exported across borders.

We take a layered approach to security to protect data against unauthorized access, loss or misuse. Practical measures include:

• Technical safeguards: encrypted connections (HTTPS/TLS) for web traffic, secure storage for credentials and secrets, use of password-protected client portals, and routine vulnerability scanning.
• Access controls: principle of least privilege for staff and contractors, multi-factor authentication where feasible, and role-based access to client environments.
• Operational practices: secure backup routines, contractually required security obligations for vendors, device security policies and incident response procedures.

Despite these measures, no method of transmission or storage is 100% secure. If we detect a data breach that may pose risk to individuals, we will follow applicable law and industry best practice — including notifying affected parties and competent authorities where required. We also ask clients to follow secure practices (strong passwords, limiting sharing of credentials) and to notify us promptly if they suspect a security incident.

For projects that require additional security (e.g., handling sensitive personal data, financial systems or regulated industries), we discuss bespoke measures and may require additional contractual terms or infrastructure changes prior to starting work.

We retain personal information only for as long as necessary to provide services and to comply with legal obligations. Typical retention periods include:

• Transactional and billing records: retained for accounting and tax purposes in accordance with applicable law (commonly 5–7 years depending on jurisdiction).
• Project files and deliverables: retained while clients remain active and for a reasonable period afterwards to support maintenance; longer-term archival may be arranged by agreement.
• Marketing consents: retained until consent is withdrawn or where there is a lawful basis to continue (e.g., legitimate interest for minimal contact).
• Support logs & communications: retained as necessary to resolve issues and maintain service quality, then deleted or archived per our retention schedule.

When retention periods expire, we securely delete or anonymize data. If you wish to request deletion of your personal data sooner, please contact us; note that deletion may affect ongoing service delivery or compliance with financial/legal obligations. We will inform you of any practical impacts of deletion requests.

Subject to applicable law, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you and information about how it is processed.
• Correction: request correction of inaccurate or incomplete information.
• Deletion: request erasure of personal data where there is no longer a lawful basis for processing (subject to other legal obligations such as accounting).
• Restriction: request restriction of processing in certain circumstances (e.g., while a dispute is resolved).
• Objection: object to certain processing (e.g., direct marketing) where applicable.
• Portability: where technically feasible, request a structured copy of your data for transfer to another provider.
• Withdraw consent: where processing is based on consent, you may withdraw consent at any time (this will not affect processing before withdrawal).

To make a request, contact us using the details in the "Contact" section below. We will verify your identity before responding to requests to protect data from unauthorized disclosure. We will respond within applicable legal timeframes. If you are unsatisfied with our response, you may have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.

With your consent, we may send newsletters, product updates or marketing messages related to DesignSynq services. We will only send marketing communications if you have expressly opted in where required by law, or if we have a legitimate interest and the communications are not intrusive. Marketing messages include offers, blog updates and case studies that we believe may be relevant to your business.

Every marketing email includes an easy unsubscribe link. You may also withdraw consent or opt-out at any time by contacting us at info@designsynq.com or by clicking the unsubscribe link. After opting out, we will not send further marketing messages, though we may still send transactional or service-related messages (e.g., invoices, service notices) necessary to provide the contracted service.

We may occasionally share aggregated, anonymized data for marketing analysis. Such aggregated data does not identify individuals. We do not sell your personal data to third-party marketers.

Our services and website are intended for professionals, businesses, and individuals over the age of 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal data from children under the applicable age without parental consent. If we become aware that we have collected personal data from a child under the applicable age without appropriate consent, we will take steps to delete the information as soon as practicable.

If you believe that a child under the applicable age has provided us with personal data, please contact us immediately and we will investigate and remove the information where appropriate.

DesignSynq may transfer personal data to service providers or affiliates located in countries outside of your country of residence for the purposes described in this policy (for example, to host website data or use analytics services). Where such transfers occur, we will ensure appropriate safeguards are in place such as:

• using recipients who offer adequate safeguards under applicable law;
• entering into standard contractual clauses or other data transfer agreements that require the recipient to provide comparable protection;
• limiting the types of data transferred and the retention period.

If you live in a jurisdiction that requires specific protections for international transfers (e.g., the EU or UK), please contact us and we will provide details of the safeguards we use for your data. Transfers may be necessary for project delivery (e.g., host and development tooling) — refusing those transfers may impact our ability to provide certain services.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or technology. Where changes are material, we will make reasonable efforts to notify existing clients by email or by an announcement on our website. Each version of the policy includes a "Last updated" date. Continued use of our services after a change indicates your acceptance of the updated policy.

If you have an Agreement in place with us that contains specific privacy terms, material changes to this policy will not override contractual terms unless both parties agree. If you are concerned about how changes may affect you, please contact us to discuss.

If you have questions, wish to exercise your rights (access, correction, deletion, portability), or want to make a complaint about our data handling, please contact our Data Privacy Officer:

Email: info@designsynq.com
WhatsApp: +233 20 764 4667
Address: DesignSynq — contact address as listed on our website

When you contact us for a data request, we will ask you to verify your identity to protect your personal information. We aim to respond promptly and in line with applicable legal timeframes. If you are not satisfied with our response, you may lodge a complaint with your local data protection authority.

Where required by law (for example, in the EU or UK), we rely on specific legal bases for processing personal data: performance of a contract, compliance with legal obligations, legitimate interests (where they do not override your rights), consent, or vital interests where applicable. For example, we process contact and billing information to perform our contract with you (contractual necessity). We process analytics and improvement data on the basis of legitimate interests to improve service quality, balancing that against your privacy rights.

We do not sell personal data to third-party marketers. We may process aggregated or pseudonymized data for analytics and product improvement that does not identify an individual. For any processing which relies on consent, you may withdraw consent at any time (withdrawal will not affect prior processing).

To help you manage data protection for a web project, we recommend you consider the following checklist:

• Confirm you have rights to all content you supply (images, copy, logos).
• Decide where you will host customer data and confirm the hosting provider’s policies.
• Provide clear privacy wording and cookie notices for your site visitors; request DesignSynq’s assistance if needed.
• Use secure password and credential-sharing practices and change passwords after project completion.
• Consider whether you need a Data Processing Agreement (DPA) for us to process data on your behalf for maintenance or hosting.
• Keep a local copy of important assets and backups.

If you would like us to prepare a tailored privacy statement for your website or a DPA between us, we can include that as part of the project scope and proposal.