Privacy Policy

This Privacy Policy explains how Pavlov Yevhenii Andriiovych (sole proprietor / FOP), trading as Roxensoft ("Roxensoft", "we", "us", or "our"), collects, uses, stores, shares, and otherwise processes personal data in connection with roxensoft.com, our inquiry forms, project proposals, project communications, and related business operations.

By using our website or contacting us, you acknowledge that your personal data may be processed as described in this Privacy Policy. If you do not agree, please do not use the website or submit personal data to us.

Who we are

For personal data collected through the website, contact forms, and direct business communications about our own services, the data controller is:

Where we process personal data strictly on behalf of a client inside a client project, platform, CRM, analytics stack, or other client-controlled environment, we may act as a processor / service provider, and the client may act as the controller / business, unless the signed project documents state otherwise.

What personal data we collect

We may collect and process the following categories of personal data:

• Inquiry and contact data: name, email address, phone number, company name, job title, and any information you choose to include in a message, brief, or attachment.
• Proposal and project data: project requirements, feature requests, budgets, timelines, access credentials, approved materials, feedback, meeting notes, billing contacts, and implementation records.
• Communication data: records of communication through email, contact forms, messaging platforms, calls, or other channels you use to contact us.
• Technical data: IP address, browser type, device information, language, pages visited, timestamps, logs, diagnostic data, referral information, cookies, similar technologies, and security events, to the extent generated by website operations, hosting, analytics, and security tooling.
• Marketing preference data: whether you subscribed to receive news, updates, or offers.
• Compliance and payment data: invoicing details, tax details, transaction records, and legally required accounting/compliance information.

Please do not send us special-category data, highly sensitive personal data, secrets, passwords, financial account data, medical data, or other confidential material unless we specifically request it and an appropriate legal/project framework is in place. If you provide such data without our request, you do so at your own risk.

How we use personal data

We may process personal data for the following purposes:

• to respond to inquiries and discuss possible cooperation;
• to prepare proposals, estimates, and project documents;
• to enter into and perform contracts;
• to deliver, test, maintain, and support agreed services;
• to manage communications, approvals, timelines, and client accounts;
• to invoice, collect payment, keep records, and meet tax/accounting obligations;
• to secure, administer, monitor, debug, and improve the website and our internal operations;
• to prevent fraud, abuse, spam, unauthorized access, cyberattacks, misuse, or legal risk;
• to send service-related communications;
• to send marketing or promotional communications where permitted by law and/or where you opted in;
• to establish, exercise, or defend legal claims.

Legal bases

Depending on the context and applicable law, we may rely on one or more of the following legal bases:

• pre-contractual steps requested by you, such as discussing a project or preparing a proposal;
• performance of a contract with you or your organization;
• legal obligations, including accounting, tax, compliance, and record-keeping obligations;
• legitimate interests, such as operating and securing our business, documenting decisions, preventing abuse, preserving evidence, improving services, and responding to ordinary B2B inquiries;
• consent, where required, including for optional marketing communications or other consent-based processing.

If we rely on consent, you may withdraw that consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.

Marketing communications

If you choose to receive news, updates, or special offers, we may use your contact details for direct marketing where permitted by law. Marketing consent is optional and is not a condition of requesting a proposal or discussing a project. You may unsubscribe or object at any time by using the unsubscribe method in the message or by contacting us directly.

How we share personal data

We do not sell personal data and do not share personal data more broadly than reasonably necessary for our business operations, legal protection, and service delivery. We may share personal data with:

• our employees, contractors, and trusted subcontractors who need it to perform their role;
• hosting, infrastructure, email, communication, project-management, payment, analytics, or security providers;
• professional advisers such as lawyers, accountants, auditors, insurers, or compliance consultants;
• public authorities, courts, regulators, law-enforcement bodies, or counterparties where disclosure is required by law or reasonably necessary to protect our rights;
• a purchaser, investor, successor, or restructuring counterparty in connection with a merger, acquisition, financing, asset sale, or business transfer, subject to appropriate confidentiality measures.

If you contact us through third-party platforms such as WhatsApp, Telegram, Instagram, Facebook, LinkedIn, or similar services, those providers may process your data under their own terms and privacy policies. We are not responsible for the privacy practices, security, availability, or decisions of third-party platforms we do not control.

International transfers

Because our work, clients, contractors, vendors, infrastructure, and communication tools may be located in more than one country, personal data may be processed, stored, or accessed internationally, including in jurisdictions that may not provide the same level of data protection as your country. Where applicable law requires safeguards for international data transfers, we will use appropriate contractual, organizational, technical, or legal safeguards.

Retention

We retain personal data only for as long as reasonably necessary for the relevant purpose, including contract administration, record-keeping, support, legal defense, compliance, security, and dispute prevention. Typical retention logic may include:

• inquiry and proposal records: until the inquiry is closed and for a reasonable follow-up/archive period;
• project records: for the duration of the project and a reasonable period after closure;
• invoicing and accounting records: for as long as required by applicable law or good accounting practice;
• marketing data: until you unsubscribe, object, or the data is no longer needed;
• security logs and diagnostics: for as long as needed for security, troubleshooting, abuse prevention, and audit purposes;
• litigation/compliance holds: for longer if necessary to establish, exercise, or defend legal claims.

We may anonymize, archive, or securely delete personal data when it is no longer needed. Backup copies may remain for a limited period until overwritten or deleted in the ordinary course of backup rotation.

Security

We use reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. However, no website, infrastructure, communication channel, transmission method, or storage method is completely secure. We do not guarantee absolute security and are not responsible for security failures caused by third-party platforms, client-side systems, weak credentials, unauthorized client sharing, or factors outside our reasonable control.

Your rights

Subject to applicable law, you may have rights to:

• request access to your personal data;
• request correction of inaccurate data;
• request deletion of data in certain circumstances;
• request restriction of processing;
• object to certain processing, especially direct marketing;
• request data portability where applicable;
• withdraw consent where processing is based on consent;
• lodge a complaint with a competent supervisory authority.

We may request reasonable verification before acting on a request, and some rights may be limited by law, legal privilege, contractual necessity, fraud prevention, security needs, accounting obligations, backup retention, or our need to keep records and defend claims.

Client-provided third-party data

If a client or prospective client gives us personal data relating to staff, contractors, customers, leads, users, suppliers, or other third parties, that client is responsible for ensuring it has an appropriate legal basis, required notices, permissions, consents, and authority for sharing that data with us and instructing us to process it.

Children

Our services and website are intended for business users and are not directed to children. We do not knowingly collect personal data from children where doing so would require parental authorization under applicable law.

Changes to this Policy

We may update this Privacy Policy from time to time. The most current version should be published on this page together with the effective date. Continued use of the website or communication with us after publication of an updated version means the updated version applies from its effective date. Material changes may be highlighted where appropriate.

Contact

For privacy questions, requests, or complaints, contact:

If applicable law gives you the right to complain to a supervisory authority, you may also contact the authority in your country or region. If you do, we would appreciate the opportunity to address your concerns first.