Privacy Policy

Welcome to Iiiana Studio ("we," "our," "us," or the "Company"). We are committed to protecting the privacy and security of our clients, website visitors, and partners. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (https://www.iiiana.com/), engage our services, or interact with our system integration tools.

By accessing or using our services, you agree to the terms of this Privacy Policy. If you do not agree with this policy, please do not use our services or website.

"Personal Data" means any information relating to an identified or identifiable natural person. "Services" refers to our full-stack software development, systems integration, DevOps consulting, data pipeline engineering, and SRE services.

We collect several categories of information to provide high-quality services and maintain system integrity:

Directly Provided Information: When you request a pilot, complete our pilot scoping tool, or contact us, we collect your name, corporate email address, company name, phone number, and any project objective details you provide.

Automated Usage Data: We collect standard analytical data when you visit our website, including your IP address, browser type, device operating system, pages viewed, time spent on pages, and referral sources. This data is collected using web servers and analytical tags.

Client Infrastructure Metadata: During active service engagements, we may access system metadata, configuration files (such as Terraform blueprints or Kubernetes manifests), and API schemas. We do not access or collect production database payloads unless explicitly authorized in writing via a Statement of Work (SOW).

Iiiana Studio uses the collected information for the following primary business objectives:

To deliver and operate our services: We use scoping details to estimate timelines, structure custom pilot applications, and allocate architectural resources.

To communicate technical solutions: We contact you regarding your scoping requests, send architectural drafts, and respond to support tickets.

To maintain site and system security: We monitor traffic patterns to detect and mitigate Distributed Denial of Service (DDoS) attempts, SQL injections, and unauthorized configuration changes.

To comply with legal obligations: We process details to fulfill corporate tax, accounting, and security audit regulations.

We hold a strict policy regarding your data. We do not sell, rent, or trade your Personal Data with third parties for marketing purposes.

Service Providers: We share contact and analytical data only with trusted infrastructure providers (such as hosting, email delivery systems, or database providers) who assist us in operating our site and are bound by strict confidentiality agreements.

Business Transitions: If the Company undergoes a merger, acquisition, or sale of assets, client contact information may be transferred as part of the business assets, subject to the same privacy commitments.

Legal Requirements: We may disclose information if required by law, subpoena, or government authority to protect our legal rights or prevent fraudulent activities.

We employ enterprise-grade security controls to protect the transmission and storage of client data. All database connections and client records are encrypted at rest using AES-256 and in transit using TLS 1.3 encryption protocols.

Access to scoping data is strictly limited to authorized solutions engineers and developers who require the information to formulate your technical roadmap.

While we implement rigorous security safeguards, no electronic transmission over the internet or storage technology can be guaranteed 100% secure. We maintain incident response runbooks to quickly mitigate and notify clients of any potential security breaches.

Depending on your jurisdiction (such as under the General Data Protection Regulation (GDPR) or California Consumer Privacy Act (CCPA)), you have specific rights regarding your Personal Data:

Right to Access: You can request a copy of the personal information we hold about you.

Right to Rectification: You can request that we correct inaccurate or incomplete data.

Right to Erasure (Right to be Forgotten): You can request that we delete your contact records from our systems, provided there are no active SLA or legal retention holds on the data.

To exercise any of these rights, please contact our privacy compliance officer at the email provided below.

We use cookies and similar tracking technologies to analyze site usage and remember user preferences.

Functional Cookies: These are required to operate specific parts of our site, such as maintaining state in our interactive pipeline simulators.

Analytical Cookies: We utilize Google Analytics or similar engines to monitor browser performance, load speed, and user flow, helping us optimize our Core Web Vitals.

You can configure your browser to reject cookies, though doing so might disable certain interactive features on our sub-pages.

We may update this Privacy Policy from time to time to reflect changes in our engineering operations, service offerings, or compliance requirements. When we post modifications, we will update the "Effective Date" at the top of this page.

We encourage you to review this policy periodically to stay informed about how we protect your information.

If you have questions, comments, or concerns about our privacy practices, please contact our legal team at privacy@iiiana.com.