Privacy Policy
Last updated: February 8, 2026
1. Data Controller
Rihan Consulting is operated by Sayem Abdullah Rihan, a sole proprietor based in Dhaka, Bangladesh. For all privacy-related inquiries, you can reach us at sayem.rihan13@gmail.com.
2. Data We Collect
We collect the following categories of personal information:
- Contact information: Name, email address, phone number, and company name submitted through our contact form.
- Account data: Email, name, and hashed password when you register for our client portal.
- Client portal usage: Project data, messages, documents, and invoices you create or interact with.
- Payment information: Processed securely by Stripe and PayPal — we do not store card numbers.
- Analytics data: Anonymized usage patterns collected via Google Analytics 4 and Vercel Analytics (only with your consent).
- Technical data: IP address (anonymized), browser type, device type, and referral source.
3. How We Use Your Data
- Service delivery: Managing projects, invoices, payments, and communications through the client portal.
- Communication: Responding to contact form submissions, project updates, and support tickets.
- Payment processing: Processing invoices and payments through Stripe, PayPal, and Payoneer.
- Site improvement: Analyzing anonymized usage data to improve our website and services.
- Security: Protecting your account and our infrastructure from unauthorized access.
4. Third-Party Services
We use the following third-party services to operate our platform. Each has its own privacy policy:
- Stripe — Payment processing (PCI DSS compliant)
- PayPal — Payment processing
- Pusher — Real-time messaging and notifications
- Resend — Transactional email delivery
- UploadThing — Secure file uploads
- Vercel — Website hosting and analytics
- Google Analytics 4 — Website analytics (with consent)
- Neon — Serverless PostgreSQL database hosting
6. Data Retention
- Active client data: Retained for the duration of our business relationship plus 7 years for tax and legal compliance.
- Contact form submissions: Retained for up to 3 years unless you request earlier deletion.
- Analytics data: Retained for up to 26 months (Google Analytics default retention period).
- Account data: Retained until you request account deletion, after which data is purged within 30 days.
7. Your Rights
Depending on your jurisdiction, you may have the following rights:
GDPR Rights (EU/EEA Residents)
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent at any time
CCPA/CPRA Rights (California Residents)
- Right to know what personal data is collected
- Right to request deletion of your data
- Right to opt out of the sale or sharing of personal data
- Right to non-discrimination for exercising your rights
We do not sell your personal data. To exercise any of these rights, contact us at sayem.rihan13@gmail.com. We will respond within 30 days.
8. International Data Transfers
Your data may be processed in multiple jurisdictions, including the United States, the European Union, and Bangladesh. Our third-party service providers (Vercel, Stripe, Neon, AWS) host data in US and EU data centers. We ensure appropriate safeguards are in place for all international transfers.
9. Children's Privacy
Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately and we will delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact:
Sayem Abdullah Rihan
Rihan Consulting
Email: sayem.rihan13@gmail.com
Website: rihan.cloud