FAHA.STUDIO
Regulatory Dossier

Privacy Policy

Data-use and retention rules for business inquiries, custom software engagements, and contract administration from Bangladesh to global clients.

We collect and use only the data reasonably needed to evaluate, contract, deliver, support, secure, and enforce our B2B services. We do not sell personal data, and we retain project and billing records only as long as needed for delivery, legal compliance, dispute defense, and protection of our contractual rights.

Contract administration recordsCollections and fraud defenseTighter retention windowsCross-border safeguards
Document ControlActive
Doc ID
FS-PRIV-001
Version
2.0
Effective
March 22, 2026
Updated
March 22, 2026
Jurisdiction
Bangladesh (primary) with global coverage
Primary contact: hello@faha.studio

Scope and principles

This policy applies to our website, inquiries, discovery calls, proposals, statements of work, signed service agreements, project delivery, support work, billing operations, and related business communications. We follow core privacy principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, security, and accountability.

We do not sell personal data. We do not intentionally request sensitive personal data unless it is reasonably necessary for a project and lawfully shared with appropriate safeguards.

Data we collect

  • Identity and business contact data such as names, company names, roles, email addresses, phone numbers, billing contacts, and preferred language.
  • Commercial and project data such as briefs, PRDs, proposals, SOWs, assets, meeting notes, approvals, feedback, architecture notes, and release instructions.
  • Billing and contractual data such as invoice details, tax information, payment records, withholding records, contractual notices, and handover checklists.
  • Technical and security data such as IP addresses, device and browser information, access logs, environment activity, and basic service analytics.
  • Communications data such as emails, support tickets, call summaries, dispute correspondence, and records of approvals or rejection notices.

How we use data

  • Evaluate inquiries, prepare proposals, negotiate scope, and deliver contracted services.
  • Manage milestones, invoices, payments, handover conditions, and post-launch support requests.
  • Protect our systems, detect fraud or abuse, defend against chargebacks, and secure environments and credentials.
  • Create audit trails, maintain project history, enforce our contractual rights, and defend or resolve legal claims.
  • Comply with tax, accounting, regulatory, and other legal obligations.

Project, billing, and enforcement records

We process proposals, SOWs, approvals, milestone evidence, release records, access logs, billing records, payment confirmations, dispute correspondence, suspension records, recovery notices, and handover checklists to administer the lifecycle of a client engagement. This helps us document delivery status, acceptance, payment position, support history, and whether conditions for handover or IP transfer have been satisfied.

If an invoice is overdue or disputed, we may retain and use relevant communications, technical evidence, environment logs, billing records, and contractual notices to investigate the issue, defend against fraud or chargebacks, pursue recovery of unpaid amounts, and protect our legal rights.

Legal bases

Where a legal basis is required, we rely on one or more of the following:

  • Performance of a contract or steps taken before entering into a contract.
  • Legitimate interests in operating, securing, documenting, and enforcing our services and business relationships.
  • Consent for optional marketing or communications where consent is required.
  • Compliance with legal, accounting, tax, and regulatory obligations.

Sharing and processors

We share data only with service providers and professional advisers who help us operate our business, such as hosting, storage, analytics, communications, payments, legal, accounting, and security providers, and only on a need-to-know basis subject to confidentiality and appropriate contractual safeguards. We may also disclose information where required by law or reasonably necessary to establish, exercise, or defend legal claims.

Security and retention

  • Encrypted transport, access controls, least-privilege permissions, and environment access management.
  • Monitoring, logging, backup controls, and authentication protections for administrative systems where supported.
  • Retention rules designed to preserve only what is reasonably necessary for delivery, compliance, support history, and claim defense.

Inquiry and proposal records may be retained for up to 24 months. Signed contract, project, billing, payment, and dispute records may be retained for up to 7 years after closure, unless a longer period is required by law, reasonably needed for an active dispute, or required for a continuing support arrangement. Backup data is kept for limited rolling periods and then overwritten or deleted under our operational policies.

Your rights

Subject to applicable law and verification of identity, you may request access, correction, deletion, restriction, or portability of your data, and may withdraw consent for optional communications. We may retain information that we need for legal compliance, contract administration, fraud prevention, security, or defense of claims even if deletion is requested.

International transfers

Because we work with global clients and infrastructure providers, personal data may be processed outside your country. When cross-border transfers occur, we rely on contractual, organizational, and technical safeguards appropriate to the applicable laws and the nature of the data involved.

Bangladesh focus

Faha Studio operates from Bangladesh and applies Bangladesh legal and operational requirements alongside cross-border privacy expectations relevant to our client base. If local law in your jurisdiction grants stronger non-waivable privacy rights, those rights remain in effect.

Contact and changes

Email hello@faha.studio with privacy questions, verified requests, or concerns about billing or enforcement record handling. We may update this policy as our services, systems, or legal obligations evolve. The date above shows the current version.