Privacy Policy
Last updated: January 3, 2026
At Bedupath, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.
Information We Collect
Personal Information You Provide
We collect information that you provide directly to us, including:
- Contact forms: name, email, company, phone, project description
- Email communications: correspondence with our team
- Calendly bookings: name, email, time zone, meeting notes
- WhatsApp messages: phone number, message content, conversation history
- Project agreements: business details, technical requirements, confidential information
Automatically Collected Information
When you visit our website, we automatically collect certain information about your device and usage:
- Device information: browser type, operating system, device type, screen resolution
- Usage data: pages visited, time spent, navigation paths, referral sources
- IP address and approximate geographic location
- Cookies and similar tracking technologies (see Cookies section below)
Information from Third Parties
We may receive information from third-party services integrated into our website, including Google Analytics (anonymous usage statistics), Calendly (scheduling information), and payment processors (transaction data when applicable).
How We Use Your Information
We process your information for the following purposes:
Service Delivery
- Respond to inquiries and consultation requests
- Provide project estimates and proposals
- Execute development work and deliver project milestones
- Communicate project updates and technical support
Website Improvement
- Analyze usage patterns to improve navigation and user experience
- Identify popular content and optimize website performance
- Test new features and design improvements
Marketing (with consent)
- Send newsletters and blog updates (opt-in only)
- Share relevant case studies and technical insights
Legal Compliance
- Maintain records for tax and accounting purposes
- Comply with legal obligations and enforce our Terms of Service
- Protect against fraud and security threats
Legal basis for processing (GDPR): consent, contractual necessity, legitimate interests, and legal obligations.
Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience and analyze website usage.
Types of Cookies We Use
Essential Cookies: Necessary for website functionality (session management, security)
Analytics Cookies: Google Analytics for understanding visitor behavior (anonymous data)
Performance Cookies: Site speed and performance monitoring via Vercel Analytics
Third-Party Cookies
- Google Analytics: Tracks page views, sessions, user demographics
- Calendly: Manages scheduling widget functionality
- Social media widgets: May set cookies when you interact with share buttons
Your Cookie Choices
You can control cookies through your browser settings. Disabling certain cookies may limit website functionality. To opt out of Google Analytics, visit the Google Analytics opt-out page.
We honor Do Not Track signals where technically feasible. Our analytics is configured to respect user privacy preferences.
Third-Party Services and Data Sharing
We work with trusted third-party services to provide and improve our offerings. We do not sell your personal information.
Services We Use
Google Analytics: Website analytics and performance monitoring (anonymous data)
Calendly: Appointment scheduling (name, email, time zone)
Vercel: Website hosting and infrastructure
Email service providers: Transactional and marketing emails (when you opt in)
WhatsApp Business API: Customer communications (when you initiate contact)
When We Share Information
- Service providers: Only to perform specific functions (hosting, analytics, communications)
- Legal requirements: When required by law, court order, or regulatory authority
- Business transfers: In case of merger, acquisition, or asset sale (with notice)
- With your consent: When you explicitly authorize sharing
All third-party processors are bound by contracts requiring appropriate data protection and security measures.
Data Security and Retention
Security Measures
We implement industry-standard security practices to protect your information:
- HTTPS encryption for all data transmission
- Secure cloud infrastructure with access controls
- Regular security audits and updates
- Limited employee access on need-to-know basis
- Encrypted backups and disaster recovery procedures
Data Retention
- Inquiry data: Retained for 2 years or until you request deletion
- Client project data: Retained for duration of engagement plus 7 years (tax/legal requirements)
- Analytics data: Anonymous data retained indefinitely for business insights
- Marketing data: Retained until you unsubscribe, then deleted within 30 days
While we implement strong protections, no method is 100% secure. You're responsible for protecting your account credentials and notifying us of any security concerns.
Your Rights and Choices
Under applicable privacy laws (including GDPR and CCPA), you have the following rights:
Right to Access
Request a copy of personal data we hold about you. We'll provide this in a portable format within 30 days.
Right to Rectification
Correct inaccurate or incomplete personal information. Contact us to update your details.
Right to Erasure ("Right to be Forgotten")
Request deletion of your personal data. We'll comply unless we have legal obligations to retain it.
Right to Restrict Processing
Ask us to limit how we use your information in certain circumstances.
Right to Data Portability
Receive your data in a structured, machine-readable format to transfer to another service.
Right to Object
Object to processing based on legitimate interests. We'll cease unless we have compelling legitimate grounds.
Right to Withdraw Consent
Withdraw consent for marketing or optional processing at any time (doesn't affect prior processing).
How to Exercise Your Rights
Email privacy@bedupath.com with your request. We'll respond within 30 days and verify your identity before processing.
Children's Privacy and International Transfers
Children's Privacy
Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we've inadvertently collected information from a child, contact us immediately at privacy@bedupath.com and we'll delete it promptly.
International Data Transfers
Bedupath operates globally and may transfer your data to countries outside your residence. Our infrastructure partners (Vercel, Google) maintain data centers worldwide. All transfers comply with applicable data protection laws including:
- Standard contractual clauses (SCCs) for EU data
- Privacy Shield frameworks where applicable
- Adequate safeguards as required by GDPR
By using our services, you consent to these transfers subject to the protections described in this policy.
Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We'll notify you of material changes by:
- Updating the "Last Updated" date at the top of this policy
- Posting a notice on our website homepage for 30 days
- Sending email notification to registered clients (for significant changes)
Your continued use of our services after changes become effective constitutes acceptance of the updated policy. We encourage you to review this policy periodically to stay informed about how we protect your information.
Contact Us About Privacy
For questions, concerns, or requests regarding this Privacy Policy or your personal data:
Email: privacy@bedupath.com
Response time: Within 48 hours for privacy inquiries
General Contact
Email: hello@bedupath.com
WhatsApp: +1-555-0199
Website: https://bedupath.com/contact
For GDPR-related inquiries (EU residents): privacy@bedupath.com with subject "GDPR Request"
For CCPA-related inquiries (California residents): privacy@bedupath.com with subject "CCPA Request"