Privacy Policy

Last updated: 12 June 2025Effective date: 12 June 2025

1. Introduction

Welcome to Inforce.digital (the "Site"). We—Inforce, sole proprietorship of Illia Kovtun (referred to as "Inforce," "we," "us" or "our")—respect your privacy and protect your personal data in accordance with:

the EU General Data Protection Regulation (GDPR);
the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA); and
applicable Ukrainian data‑protection law.

This Policy describes what data we collect, why, how we process it, with whom we share it, how long we keep it and what rights you have. If anything remains unclear after reading, please get in touch.

Quick contact: info@inforce.digitalPostal address: 31 Yablonska St., Lviv 79000, Ukraine

2. Who we are

The data controller is Illia Kovtun, FOP (sole proprietor), Ukraine. Because our data processing is limited in scope, we have not appointed a Data Protection Officer (DPO). Should we appoint a DPO or an EU representative under Art. 27 GDPR, we will update this section.

3. Data we collect

3.1. Data you give us directly

Category	Examples	Source
Contact data	Name, surname, email, phone, company, job title	Contact forms, emails, calls
Communication data	Messages, files, briefs, contracts	Free‑text fields, uploads
Recruitment data	CV, LinkedIn profile, portfolio	"Join the team" form, email

3.2. Data we collect automatically

Category	Examples	Source
Technical data	IP address, browser type/version, OS, screen resolution, language, time‑zone	Cookies, server logs
Usage data	Pages viewed, time on page, clicks, referrers	Analytics cookies, GA4, Microsoft Clarity

Sensitive data. We do not intentionally collect special‑category data (race, health, etc.). Please do not provide such information. If we inadvertently receive it, we will delete it.

CCPA categories. The above map to CCPA "Identifiers," "Internet Activity," "Professional Information," and similar categories under §1798.140 CCPA.

4. Our legal bases (GDPR Art. 6)

Purpose	Data categories	Legal basis
Responding to enquiries & consultations	Contact, Communication	Legitimate interest (business development) or Contract performance (pre‑contractual steps)
Provision & administration of services	Contact, Communication	Contract performance
Recruitment	Recruitment, Contact	Consent + Legitimate interest (candidate assessment)
Marketing emails	Contact	Consent (you may withdraw at any time)
Analytics & UX improvement	Technical, Usage	Consent (non‑essential cookies) + Legitimate interest (improving UX)
Security & fraud prevention	Technical, Usage	Legitimate interest (protecting systems)
Compliance with legal obligations	All listed	Legal obligation (tax, accounting, defence of rights)

5. How we use your data

respond to your enquiries and send quotations;
conclude and perform contracts;
send newsletters if you've opted‑in;
analyse traffic to improve the Site;
secure our systems and prevent fraud;
process job applications;
meet accounting and legal requirements.

6. Sharing your data

We do not sell or "share" your personal data with third parties for their own benefit or for cross‑context behavioural advertising.

Recipient category	Examples	Purpose
Cloud hosting	Hetzner Cloud, AWS	Hosting, backups
Analytics	Google Analytics 4, Microsoft Clarity	Site analytics (cookie‑based, consent)
CRM & email marketing	Pipedrive, Zoho Mail	Customer relationship management, newsletters
Advertising networks	Google Ads, LinkedIn Ads	Marketing (only if you accept marketing cookies)
Professional advisers	Lawyers, auditors	Legal / accounting services
Public authorities	Courts, tax offices	Where required by law

All processors act under written contracts, process data solely on our instructions and apply appropriate security controls.

7. International data transfers

We operate from Ukraine, while some servers are located in the EU and USA. When transferring personal data from the European Economic Area we rely on:

Standard Contractual Clauses (SCC) approved by the European Commission;
an Adequacy Decision where applicable; or
your explicit consent / contract necessity where relevant.

8. Cookies & similar technologies

8.1. What are cookies?

Cookies are small text files stored in your browser. They enable core functionality, remember preferences and help us analyse traffic.

8.2. Types we use

Category	Purpose	Examples
Strictly necessary	Core functions (e.g. forms)	PHP Session, Cloudflare Security
Analytics	Understand site usage	GA4 (_ga), Clarity (_clck)
Functional	Remember your choices	LangPref, ThemePref
Marketing / targeting	Measure ad performance	Google Ads Conversion, LinkedIn Insight

8.3. Your choices

On first visit, a cookie banner lets you accept all, reject non‑essential, or customise categories.
You can later revisit your choice via "Cookie Settings" in the footer.
You can also delete/block cookies in your browser settings.
We honour the Global Privacy Control (GPC) signal as an opt‑out for marketing cookies for California residents.

9. Security & retention

9.1. Security measures

TLS 1.3 encryption (HTTPS)
Role‑based access control & 2‑factor authentication
Regular patch management
Encrypted backups
Staff privacy & security training

9.2. Retention periods

Data category	Typical period	Rationale
Contact enquiries	Up to 1 year after last contact	Legitimate interest
Contracts & invoices	5–7 years	Accounting law
Newsletter list	Until you unsubscribe	Consent
Analytics logs	14 months (GA4 default)	Consent / legitimate interest
CVs	Up to 6 months post‑hiring cycle (unless you consent to longer)	Legitimate interest

After expiry, data are securely deleted or anonymised. Backup copies are purged within 30 days via our backup rotation.

10. Your rights

10.1. EU/EEA residents (GDPR)

Access your data
Rectification of inaccuracies
Erasure ("right to be forgotten")
Restriction of processing
Data portability
Objection to processing based on legitimate interest or marketing
Withdraw consent at any time
Complain to your supervisory authority (e.g. UODO, CNIL, ICO, or the Ukrainian Ombudsman)

We do not conduct automated decision‑making that produces legal or similarly significant effects.

10.2. California residents (CCPA/CPRA)

Right to know the categories, sources, purposes, third‑party disclosures and retention periods.
Right to delete your personal information.
Right to correct inaccurate information.
Right to opt‑out of "sale" or "sharing." We do not sell/share data, but we treat your GPC signal or the link "Do Not Sell or Share My Personal Information" as an opt‑out.
Right to non‑discrimination.
Right to designate an authorised agent to act on your behalf.

How to exercise your rights: Email info@inforce.digital with subject "Privacy Request" and state which right you wish to exercise. We may verify your identity. We respond within 30 days.

11. Children's privacy

The Site and services are not intended for individuals under 16. We do not knowingly collect data from children. If we learn we have received personal data from a child without parental consent, we will delete it promptly.

12. Changes to this Policy

We may update this Policy from time to time. For material changes we will give an explicit notice on the Site or via email. The latest version is always available at this URL; the update date appears at the top.

13. Contact us

Controller: Illia Kovtun, FOPAddress: 31 Yablonska St., Lviv 79000, UkraineEmail: info@inforce.digitalWebsite: https://inforce.digital/

reviews

Our Clients Say

We are proud to help innovative businesses thrive. Don’t take our word for it—check out how companies describe our collaboration.

Got Ideas? We've
Got The Skills.
Let's Team Up

Please select your type of request and submit the form to get more information on our team's services, tech stack, and capabilities.

ServicesProcessCasesAbout UsBlog

Privacy PolicyDo Not Sell My Info

info@inforce.digital