Privacy

Rovepin (Rovepin Inc., to be incorporated) is a web design and local-SEO agency operating in Canada and Cyprus. This policy describes how we handle personal information.

When you contact us or engage our services, we collect information you provide directly, plus minimal server logs:

• Name and business name
• Email and phone
• City and industry
• Message content and any files you share
• Standard server logs (IP address, user-agent, pages viewed — via Plausible's cookie-less analytics)

• To respond to your enquiries
• To deliver and support the services you've hired us for
• To send transactional emails about your project
• To comply with our legal obligations (tax, accounting, record-keeping)

Where the EU General Data Protection Regulation applies, we process personal data on the following bases:

• Consent — when you submit a form or tick an opt-in box.
• Legitimate interest — to respond to enquiries, improve our site, and protect against abuse.
• Legal obligation — for tax, accounting, and record-keeping.
• Contract performance — to deliver services you've engaged us for.

For clients and visitors in Canada, we handle personal information in line with the Personal Information Protection and Electronic Documents Act (PIPEDA). We collect only what's necessary, use it for the purposes stated above, and take reasonable measures to keep it secure.

We use a small set of trusted processors to run our business. Each handles only what's needed for their function:

• Cal.com — booking and scheduling.
• Resend — transactional email delivery.
• Cloudflare Turnstile — anti-spam / bot detection on forms.
• Vercel — website hosting and edge delivery.
• Plausible Analytics — aggregated, cookie-less analytics.
• Upstash — rate-limit storage for our APIs.

• Cal.com privacy
• Resend privacy
• Cloudflare privacy
• Vercel privacy
• Plausible data policy
• Upstash privacy

Some of our processors are based outside the EU/EEA — for example, Vercel and Resend are US-headquartered. Where such transfers happen, we rely on Standard Contractual Clauses or equivalent safeguards offered by the provider.

We retain contact-form data for up to 24 months to service the enquiry and refer back to it. Active-client records are retained for the duration of the engagement plus 7 years for legal and tax purposes. You can ask us to delete earlier, subject to our legal obligations.

Depending on where you live, you have some or all of the following rights over your personal information. To exercise any of them, email hello@rovepin.com and we'll respond within 30 days.

• Access — ask what we hold about you.
• Rectification — correct inaccurate information.
• Erasure — ask us to delete your data, subject to legal obligations (GDPR).
• Restriction — pause processing while we verify something (GDPR).
• Portability — receive your data in a portable format (GDPR).
• Objection — object to processing based on legitimate interest (GDPR).
• Withdraw consent — at any time, where consent was the basis.

If you believe we have mishandled your personal data, you can lodge a complaint with the Cypriot Commissioner for Personal Data Protection (dataprotection.gov.cy), or your local EU/EEA supervisory authority.

We use a single consent cookie (rovepin-consent) that records your choice after you interact with our cookie banner. Plausible Analytics does not use cookies. See our Cookies page for full details.

Privacy questions: hello@rovepin.com.

We'll update this page as our practices evolve. Material changes are noted by bumping the date at the top of this page.