cuibit
/ Legal

Privacy policy.

This policy explains what personal data Cuibit processes, why, how long we keep it and the rights you have.

Last updated: April 20, 2026·Applies site-wide to https://cuibit.com

Cuibit ("Cuibit", "we", "us") is a development company delivering custom web, WordPress, AI and mobile app engagements to clients in the USA, Europe, the Middle East and Pakistan. This privacy policy explains how we handle personal data we collect directly through https://cuibit.com, the Cuibit contact form, engagement email and our CRM.

1. Who is the controller

For visitors of our website, the contact form and any prospective-client correspondence, Cuibit is the data controller. For data we process on behalf of clients during an engagement (for example, customer records inside a product we are building), we act as a data processor and the separate Data Processing Addendum at /dpa governs that relationship.

2. What we collect and why

Contact form + inbound email

  • Identity data — name, email, company, website, services of interest, budget band, message.
  • Technical data — IP address and user-agent string captured when you submit the form, for spam defence and audit.
  • Purpose — to reply to your inquiry, scope an engagement and follow up commercially. Legal basis: legitimate interests (replying to inbound business inquiries) and, for marketing follow-up, consent where required by local law.

Website usage

  • Aggregated analytics — pseudonymous page views, device class and referrer, processed via privacy-respecting analytics. No cross-site tracking, no behavioural advertising cookies.
  • Purpose — measure what content is useful and improve the site. Legal basis: legitimate interests.

Engagement delivery

  • Client-facing personal data — only the minimum we need to deliver the agreed project (typically business email, role, project context).
  • Purpose — contract performance. Legal basis: performance of a contract; legitimate interests for security, billing and support.

3. Legal bases (GDPR / UK GDPR)

We process personal data on the following bases: (a) consent, where you explicitly opt in; (b) performance of a contract with you or your organisation; (c) legitimate interests, balanced against your rights; and (d) compliance with legal obligations (for example tax and accounting records).

4. Cookies and similar technologies

Cuibit.com uses strictly necessary cookies for session, CSRF and authentication on private admin routes, and may use a first-party analytics cookie where privacy-respecting analytics is enabled. We do not use third-party advertising cookies, cross-site tracking pixels or social widgets that profile visitors.

5. How we share data

We share personal data only with the minimum set of sub-processors needed to run the website and respond to inquiries — email infrastructure, web hosting, transactional email, analytics and CRM. Sub-processors are contractually bound to equivalent confidentiality and security terms. A current list is available on request and in the Data Processing Addendum for clients.

6. International transfers

Cuibit is based in Pakistan and delivers globally. Where data is transferred outside the EEA or UK, we rely on EU Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or client-instructed safeguards. EU-only data residency options (AWS Frankfurt, AWS Ireland) are available for engagements that require them.

7. Data retention

  • Inbound inquiries — retained for up to 24 months from the last contact, unless you ask us to delete them earlier.
  • Engagement records — retained for the duration of the engagement plus a reasonable tail for warranty, tax and audit (typically 7 years where required).
  • Analytics — pseudonymous and aggregated, retained for no longer than 26 months.

8. Your rights

Under GDPR, UK GDPR, CCPA, KSA PDPL and comparable regimes, you may have the right to access, correct, delete, export, restrict or object to processing of your personal data, and to withdraw consent at any time. To exercise any of these rights, email hello@cuibit.com. We reply within 30 days, usually faster.

9. Security

We apply SOC 2-aligned controls: encrypted data at rest and in transit, MFA on admin accounts, least-privilege access, audit logging, managed secrets and regular dependency review. We do not store client credentials in plain text and do not share access between unrelated engagements.

10. Children

Cuibit's services are directed at businesses. We do not knowingly collect personal data from children under 16. If you believe a child has submitted personal data, email us and we will delete it.

11. Changes to this policy

We update this page as our processes evolve. Material changes are flagged in the "Last updated" banner above and, for active clients, communicated by email.

12. Contact

Questions, requests or complaints can be sent to hello@cuibit.com. You also have the right to lodge a complaint with the data protection authority in your country of residence.

Accepting projects
Book a call →