Privacy

Privacy Policy

Last updated · 29 April 2026

This Privacy Policy explains how Localhost Labs ("we", "us", "our") collects, uses, stores, and shares personal data when you visit localhostlabs.tech or engage with our services. We process personal data in accordance with the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA) where applicable.

1. Who we are

Localhost Labs is a software & technology consultancy headquartered in Multan, Pakistan, operating globally. The data controller for this website and any project engagement is Localhost Labs. You can contact our data protection point at info@localhostlabs.tech.

2. What we collect

  • Contact form submissions — name, work email, company, project budget, timeline, service interest, and the brief you provide.
  • Email correspondence — any emails you send us and our replies.
  • Technical data — IP address, browser, operating system, referrer URL, and pages viewed (collected automatically by our hosting provider for security and performance).
  • Cookies & similar — essential session cookies only; we do not use third-party advertising or behavioural tracking cookies.

3. Why we use it (legal basis)

  • Contract / pre-contract (Art. 6(1)(b) GDPR) — to respond to your enquiry, scope a project, and deliver any work you engage us for.
  • Legitimate interest (Art. 6(1)(f) GDPR) — to keep our website secure, prevent fraud, and improve our services.
  • Legal obligation (Art. 6(1)(c) GDPR) — to comply with tax, accounting, and other applicable laws.

4. Who we share it with

We share data only with the processors strictly necessary to run our service:

  • Hostinger — VPS hosting and email infrastructure (Lithuania, EU).
  • Let's Encrypt / ISRG — TLS certificate authority (USA).
  • Google — Search Console verification only; we do not use Google Analytics on this site.

We never sell your data and never share it with advertisers, data brokers, or marketing networks.

5. International transfers

Some processors are based outside the EEA / UK. Where we transfer personal data internationally, we rely on Standard Contractual Clauses (SCCs) or the relevant adequacy framework.

6. How long we keep it

  • Contact form submissions: 24 months from your last interaction.
  • Project records (signed contracts, invoices): 7 years, as required by tax law.
  • Technical / server logs: 30 days.

7. Your rights

Under GDPR / UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Have inaccurate data corrected.
  • Request erasure (where there is no overriding legal basis).
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent at any time, where consent is the legal basis.
  • Lodge a complaint with your local supervisory authority (e.g. ICO in the UK, BfDI in Germany, CNIL in France).

To exercise any right, email info@localhostlabs.tech. We respond within 30 days.

8. Security

We host on encrypted infrastructure with TLS 1.2+ in transit, encrypted at rest, principle-of-least-privilege access for our team, and time-limited credentials. Security incidents notifiable under GDPR are reported to the relevant authority within 72 hours.

9. Children

This site and our services are not directed at people under 16 and we do not knowingly collect their data.

10. Changes

We will post any updates to this policy on this page with a new "Last updated" date. Material changes will be communicated to active clients directly.

Questions about this document? Email info@localhostlabs.tech.