Legal

Privacy
policy.

How Silquetech collects, uses, and protects your information. Plain English, no surprises — what we store, who we share it with, and how to reach us.

At a glance

Silquetech is a senior-only digital studio. We collect the minimum information needed to do good work for you: your contact details when you reach out, project details when you brief us, account info when you use the client portal, and basic technical data (hashed IP, user-agent) for security and abuse prevention. We don't sell your data, we don't use it for ad targeting, and we don't share it with anyone you wouldn't expect.

Our payment processing runs through Stripe, our chatbot uses Google's Gemini API, and we relay transactional email through Hostinger. Beyond those operational vendors, your data stays inside Silquetech.

Who we are

Silquetech Ltd operates this site and the underlying client portal. We have offices in London, Karachi, Sheridan (Wyoming, US), and Ajman (UAE). Our US and UAE offices operate in partnership with Ample Solutions LLC; data shared with them is governed by an inter-company data-processing agreement.

For questions about this policy or to exercise any of your rights, email us at privacy@silquetech.com.

What we collect

Information you give us

When you submit a project brief, book a call, create an account, or open a support ticket, we store what you provide:

  • Contact briefs — name, work email, phone number, company, role, project type, budget range, timeline, message, and whether you've requested an NDA.
  • Call bookings — name, email, phone number, company, role, project type, topic, your timezone, and the time slot you picked.
  • Client / staff accounts — name, email, company, an Argon2id-hashed password (we never see your plain-text password), and optional 2FA TOTP secret + recovery codes (also hashed). When you sign in, we record a coarse device fingerprint (browser family + IP /24 prefix) so we can email you when an unrecognized device accesses your account.
  • Support tickets & project messages — subject, body, attachments, and any files you upload.
  • Invoices & payments — invoice line items, billing address you provide, and payment method metadata returned by Stripe (last-4 of card, country, brand). We never store full card numbers — they live on Stripe's servers.
  • Chatbot conversations — the messages you exchange with our site assistant (Silque), so admins can review past conversations and our assistant has context across turns.

Information collected automatically

  • IP address (hashed) — we apply a one-way hash before storage, used for rate-limiting and abuse detection.
  • User-agent string — your browser + OS, used for compatibility logging and the "new sign-in" security email.
  • Session cookie — a single HTTP-only cookie issued by Auth.js when you sign in, scoped to our domain. Required to keep you logged in.
  • Audit log — sensitive admin actions (user create / edit / delete, password reset, 2FA enable/disable, invoice paid, dispute opened, email send failures) are logged for accountability.

Information from third parties

When you pay an invoice, Stripe tells us the payment status, amount, currency, and a reference id. When the chatbot is enabled, we send your conversation messages to Google's Gemini API to generate replies. That's the extent of third-party data ingress.

How we use it

  • Respond to inquiries — read your brief, reply within one business day, schedule discovery calls.
  • Deliver our services — design, engineer, ship, and bill the project we agreed to.
  • Send transactional email — call confirmations, invoice receipts, project updates, ticket replies, security alerts. We don't send marketing email without your explicit opt-in.
  • Operate the client portal — show you projects, invoices, tickets, files, and timelines.
  • Security & fraud prevention — hashed IPs for rate-limiting, device fingerprints for sign-in alerts, audit logs for accountability.
  • Improve the product — anonymized aggregate metrics (e.g. how many bookings per week, which call types are popular). No personally identifying information is used for analytics.

We rely on your consent when you submit a brief, on contractual necessity when we deliver a project we've been engaged for, and on our legitimate interest in operating a secure, abuse-resistant service for the technical data above.

Who we share it with

We share your data with a small set of operational vendors, and only the data necessary for them to do their job:

VendorWhat they seeWhy
StripeCard details (entered directly into Stripe's elements), payment amount, invoice metadata.Process payments, handle refunds + disputes.
Google (Gemini API)The text of chatbot conversations.Generate AI replies in our site assistant.
HostingerOutbound email content + recipient addresses.SMTP relay for transactional email.
Ample Solutions LLCProject + client data for projects routed through US / UAE.Operational partner for our US + UAE offices.

We do not sell your data, share it with advertisers, or use it for cross-site tracking. We will only disclose data to law enforcement when served with a valid legal process (subpoena, court order) and we'll notify you unless legally prohibited.

Cookies & similar technologies

We use one cookie: the authjs.session-token HTTP-only cookie set by Auth.js after you sign in. It's required for the portal and admin areas to work — there's no way to be logged in without it.

We do not use analytics cookies, ad cookies, fingerprinting pixels, or any third-party trackers on the marketing site. The chatbot widget stores a single anonymous visitor id in localStorage so conversations persist across page loads — this stays in your browser and is never sent to third parties beyond what's needed to render the chat.

How long we keep it

  • Contact briefs & bookings — kept for as long as we're considering or actively delivering a project for you, then archived for 24 months in case you come back.
  • Account data — retained while your account is active; we'll delete on request (see your rights) within 30 days, except where we're legally required to keep records (e.g. invoices for tax / accounting purposes).
  • Invoices & payment records — kept for the period required by applicable accounting and tax law (typically 6–10 years depending on jurisdiction).
  • Audit log entries — kept indefinitely for accountability; rows reference an actor id but no plaintext password / token.
  • Login device fingerprints — kept while your account is active so we can recognize known devices and only alert on new ones.
  • Email outbox log — recipient address and subject line only, kept for 12 months for deliverability troubleshooting.
  • Chatbot conversations — kept while we have a legitimate interest in supporting you; you can request deletion at any time.

Security

We take a small, focused set of measures because we run a small, focused operation:

  • Passwords are hashed with Argon2id before storage. Plain-text passwords never touch our database or our logs.
  • Two-factor authentication is available (and recommended) for all admin and staff accounts.
  • Recovery codes are stored as Argon2id hashes; we can't recover them if lost.
  • API keys and tokens are encrypted at rest with AES-256-GCM where applicable.
  • All public form endpoints have rate-limiting to deter scraping and abuse.
  • Sensitive admin actions are written to an audit log so we can investigate after the fact.
  • We use TLS for all traffic — both inbound to our servers and outbound to vendors.
  • Code changes ship through review; production deploys are tracked.

If you discover a security vulnerability, please email security@silquetech.com. We'll acknowledge within 48 hours and won't pursue legal action against researchers acting in good faith under standard responsible-disclosure norms.

Your rights

You can ask us to do any of the following at any time, and we'll respond within 30 days:

  • Access — get a copy of the personal data we hold about you.
  • Correct — fix anything that's wrong.
  • Delete — erase your account and associated data, subject to the legal-retention exceptions noted above.
  • Export — receive your data in a portable, machine-readable format.
  • Object / restrict — limit how we use your data, or object to specific uses.
  • Withdraw consent — for anything we're doing on a consent basis.
  • Lodge a complaint — with your local data-protection authority (e.g. the UK ICO if you're in the UK). We'd rather you talk to us first, but it's your right.

Email privacy@silquetech.com from the address associated with your account to make any of these requests. We may ask you to verify your identity before acting on a request, especially for export or deletion.

International transfers

Because we operate across four countries, your data may be processed in the United Kingdom, Pakistan, the United Arab Emirates, and the United States. Where data leaves the UK / EEA, transfers happen under Standard Contractual Clauses or equivalent safeguards, and our partner Ample Solutions LLC is bound by an inter-company data-processing agreement that mirrors UK GDPR protections.

Children

Our services aren't directed at children under 16, and we don't knowingly collect their personal data. If you believe a child has submitted information to us, email privacy@silquetech.com and we'll delete it.

Changes to this policy

We'll update this policy when our practices change. The "last updated" date at the top reflects the most recent change. For material changes (e.g. a new vendor with access to your data, or a new processing purpose), we'll notify you by email if you have an account, and post a notice at the top of this page for at least 30 days.

Contact us

Questions, requests, or concerns about this policy or how we handle your data:

privacy@silquetech.com

Or write to us at our London office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

See also: Contact us · About Silquetech