FORGEXCIVIC AUDITINSIGHTSENGAGE ARCHITECT

Legal — Privacy & Data Handling

PRIVACY POLICY.

This policy explains how Santosh Sabnis collects, uses, stores, and protects your personal information when you visit this website or submit an inquiry.

Last Updated: April 2026

01

Who We Are

This website is operated by Santosh Sabnis, Principal Architect and strategic advisor operating under the practice of Santosh Sabnis. References to "we," "us," or "our" throughout this policy refer to Santosh Sabnis. For all privacy-related inquiries, contact: privacy@santoshsabnis.com.

02

Information We Collect

  • Identity data: full name and professional title submitted via the Engage inquiry form.
  • Contact data: email address provided in the inquiry form.
  • Inquiry data: jurisdiction category, strategic requirement description, and impact scale you select.
  • Technical data: IP address, browser type and version, time zone, device type, pages visited, and time spent on pages — collected automatically via server logs and analytics.
  • Cookie data: session identifiers and preference cookies set during your visit (see Cookie Policy).

We do not collect sensitive personal data such as health information, financial account numbers, or government identification numbers.

03

How We Use Your Information

  • To respond to your strategic inquiry and assess whether an engagement is appropriate.
  • To send you a confirmation of receipt of your inquiry.
  • To improve the content and performance of this website.
  • To comply with legal obligations.

We do not sell, rent, or commercialize personal data. Information submitted through this website is used strictly for direct response, evaluation, and operational improvement.

04

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, our legal basis for processing your personal data is:

  • Contractual necessity — to respond to your pre-contractual inquiry.
  • Legitimate interests — to operate and improve this website.
  • Consent — where you have opted in to any communications.
  • Legal obligation — where required by applicable law.
05

Data Retention

Inquiry data is retained for up to 24 months unless an active engagement requires longer retention. Technical analytics data is retained for up to 12 months.

06

Data Sharing & Third Parties

We use a limited number of trusted service providers to operate this website:

  • Supabase — cloud database and authentication infrastructure (EU and US regions). Data is stored securely with row-level security enabled.
  • Email service providers — used solely to deliver inquiry confirmation emails.
  • Analytics tools — used for aggregated, anonymized traffic analysis (e.g., page views, session duration). No personal profiling or behavioral targeting is performed.

All third-party processors are bound by data processing agreements and are prohibited from using your data for their own purposes.

07

International Transfers

Your data may be transferred to and processed in countries outside your home country, including the United States. Where such transfers occur, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses under GDPR).

08

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure — request deletion of your personal data ("right to be forgotten").
  • Restriction — request that we restrict processing of your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, you may withdraw at any time.

To exercise any of these rights, contact us via the Engage page. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

09

Security

We implement technical and organizational measures to protect your personal data against unauthorized access, loss, or disclosure. These include encrypted database storage, row-level access controls, and HTTPS encryption for all data in transit. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10

Children's Privacy

This website is not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has submitted data to us, contact us immediately and we will delete it.

11

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of this website after changes constitutes acceptance of the revised policy.

12

Contact

For all privacy-related inquiries, requests, or complaints, please contact us through the Engage page on this website. We are committed to resolving concerns promptly and transparently.

Terms of Service →Cookie Policy →Contact Us →