NovaStack Systems
Legal

Privacy Policy

How we collect, use, and protect your personal information.

Last updated: May 2026

1. Who we are

NovaStack Systems ("we", "us", "our") is a software engineering studio based in Pakistan, providing services to clients worldwide. This Privacy Policy explains how we collect, use, and protect information when you visit www.novastacksystems.com or engage our services.

2. Information we collect

We collect only the information needed to communicate with you and deliver our services. This includes:

  • Contact details you provide (name, email, phone, company) via our contact form or other channels.
  • Project information you share to help us scope and quote your work.
  • Anonymous usage data (pages visited, device/browser type, referral source) collected via analytics.
  • Cookies and similar technologies, as described in our Cookie Policy section below.

3. How we use your information

We use the information we collect to:

  • Respond to your enquiries and provide quotes.
  • Deliver, maintain, and improve the services you've requested.
  • Send project updates, invoices, and (with consent) marketing communications.
  • Improve our website performance and user experience.
  • Comply with legal obligations and protect against fraud.

4. Legal basis (GDPR)

If you are in the European Economic Area, United Kingdom, or another jurisdiction with similar laws, we rely on the following legal bases: contract performance (delivering services), legitimate interests (running our business and protecting clients), consent (for marketing communications), and legal obligation.

5. Sharing your data

We do not sell or rent your personal data. We share information only with trusted service providers strictly necessary to operate our business — such as email providers, cloud infrastructure, payment processors, and analytics tools. All providers are bound by data-protection agreements.

6. Data security

We implement industry-standard technical and organisational measures to protect your data, including encryption in transit (TLS/HTTPS), encrypted backups, restricted access controls, and regular security reviews. No method of transmission is 100% secure, but we strive to use commercially acceptable means to protect your data.

7. Data retention

We retain personal data only as long as necessary for the purposes described in this policy, to comply with legal obligations, resolve disputes, and enforce agreements. Contact-form submissions are retained for up to 24 months; project records are retained per contractual requirements.

8. Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data or complete incomplete data.
  • Request deletion of your data ("right to be forgotten").
  • Restrict or object to certain processing activities.
  • Receive a portable copy of your data.
  • Withdraw consent at any time (without affecting prior processing).
  • Lodge a complaint with your local data-protection authority.

9. Cookies

We use cookies and similar technologies to remember preferences, analyse traffic, and (with consent) deliver relevant content. You can control non-essential cookies via our cookie consent banner. Most browsers also let you block cookies entirely — note that essential cookies are required for the site to function properly.

10. International transfers

Our team and infrastructure operate from multiple jurisdictions including Pakistan, the European Union, and the United States. When we transfer personal data across borders, we use appropriate safeguards such as Standard Contractual Clauses or equivalent measures required by applicable law.

11. Third-party links

Our website may contain links to third-party sites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.

12. Children

Our services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us and we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the "Last updated" date. Material changes will be highlighted prominently.

14. Contact us

Questions or requests about this policy or your data? Reach out to hello@novastacksystems.com and we will respond within 30 days (often much faster).

Questions about this document?

We're happy to clarify anything. Reach out and we'll respond within 24 hours.

Email us