Privacy Policy
What personal data Mellocity collects, why, how it is used, and your rights under the EU GDPR.
Last updated: June 4, 2026
Privacy Questions?1. Who We Are (Data Controller)
Mellocity is a software development agency registered with the Pakistan Software Export Board (PSEB), providing web development, mobile application development, and automation services to clients worldwide.
- Company: Mellocity
- Data contact: [email protected]
For purposes of the EU GDPR, Mellocity acts as a data controller for personal data submitted through this website (e.g. contact forms), and as a data processor when handling client data on behalf of European clients under a separate Data Processing Agreement (DPA).
2. Personal Data We Collect
Contact Form Data
When you submit our contact form, we collect your name, email address, subject, and message content. You also provide explicit consent to processing at the time of submission.
Cookie Consent Preferences
If you use our cookie consent banner, your choices may be stored by that service (for example in cookies or browser storage) so we can respect your preferences on future visits.
Technical / Server Log Data
Our hosting provider automatically collects standard server logs including IP address, browser type, referring URL, and pages visited. This data is used solely for security and infrastructure purposes and is not linked to individual identities.
Analytics Data (with consent only)
If you accept analytics cookies, we may collect anonymised usage statistics (pages viewed, session duration, traffic source). No analytics tracking fires before you give consent.
3. Legal Basis for Processing (GDPR Article 6)
| Purpose | Data | Legal Basis |
|---|---|---|
| Responding to your enquiry | Name, email, message | Consent (Art. 6(1)(a)) |
| Site security & fraud prevention | Server logs, IP address | Legitimate interest (Art. 6(1)(f)) |
| Essential cookies | Session & consent cookies | Legitimate interest (Art. 6(1)(f)) |
| Analytics & site improvement | Anonymised usage data | Consent (Art. 6(1)(a)) |
4. Cookies We Use
WordPress session cookies
Standard WordPress session and security cookies (e.g. wordpress_logged_in_*, wp-settings-*). Session-scoped or short-lived.
Analytics cookies (if accepted)
Collect anonymised data about page usage and traffic sources. Only active after you give consent via our cookie banner.
Marketing cookies (if accepted)
Used to show relevant advertising. Only active if you explicitly opt in.
You can update your cookie preferences at any time using the settings in our cookie consent banner, or by clearing cookies in your browser.
5. How We Use Your Data
- To respond to your enquiry and provide requested services.
- To maintain website security and prevent abuse or spam.
- To improve our website based on anonymised analytics (only with consent).
- We do not sell, rent, or share your personal data with third parties for their own marketing purposes.
- We do not use your data for automated decision-making or profiling.
6. How Long We Keep Your Data
- Contact form submissions: Retained for up to 12 months in email inboxes and form logs, then deleted unless an ongoing business relationship exists.
- Cookie consent preferences: Retained according to the expiry set by our cookie consent tool (typically up to 12 months), or until you clear cookies in your browser.
- Server logs: Retained for up to 30 days by our hosting provider for security and abuse prevention, then automatically purged.
You may request deletion at any time — see Section 8.
7. International Data Transfers
When EU/EEA residents submit data through this website, we apply appropriate safeguards for international data transfers.
We safeguard this transfer by:
- Collecting your explicit consent via the contact form checkbox before processing any personal data.
- Signing Standard Contractual Clauses (EU SCCs 2021) with any EU client or partner that engages us on a project basis.
- Applying technical and organisational security measures as described in our GDPR & Data Safety page.
8. Your Rights Under GDPR
If you are in the EU/EEA or UK, you have the following rights over your personal data:
Right of Access
Request a copy of all personal data we hold about you (Art. 15).
Right to Rectification
Ask us to correct inaccurate or incomplete data (Art. 16).
Right to Erasure
Request deletion of your personal data ("right to be forgotten") where no legal basis remains (Art. 17).
Right to Restrict Processing
Ask us to limit how we use your data while a dispute is resolved (Art. 18).
Right to Data Portability
Receive your data in a structured, machine-readable format (Art. 20).
Right to Object
Object to processing based on legitimate interest at any time (Art. 21).
Right to Withdraw Consent
Withdraw consent at any time without affecting prior lawful processing (Art. 7(3)).
Right to Lodge a Complaint
File a complaint with your national data protection authority (e.g. ICO in the UK, UODO in Poland).
To exercise any of these rights, email us at [email protected]. We will respond within 30 days. Requests are free of charge.
9. Third-Party Sub-Processors
We use the following service providers who may process personal data on our behalf. Each is subject to appropriate data protection agreements:
| Provider | Purpose | Location |
|---|---|---|
| wholesaleinternet.net | Website hosting & email delivery | USA |
| WordPress (self-hosted) | Content management system | Hosted on above server |
We do not use Google Analytics, Facebook Pixel, or other third-party tracking scripts without your explicit prior consent.
10. Security Measures
We take the security of your data seriously and apply the following technical and organisational measures:
- HTTPS/TLS encryption on all pages (SSL certificate enforced).
- Contact form submissions protected by WordPress nonce (CSRF token).
- Full-disk encryption and 2FA on developer workstations.
- Anonymised or dummy data used in all development/testing environments.
- Access to personal data restricted to authorised team members only.
See our full GDPR & Data Safety page for more detail.
11. Children's Privacy
Our services are directed at businesses and professionals. We do not knowingly collect personal data from individuals under the age of 16. If you believe a child has submitted data to us, please contact us at [email protected] and we will delete it promptly.
12. Changes to This Policy
We may update this policy from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page will always reflect the most recent revision. We encourage you to review this page periodically. Continued use of our website after changes constitutes acceptance of the updated policy.
13. Contact Us About Privacy
For any questions about this policy or to exercise your rights, contact our data privacy contact:
Mellocity — Privacy
Email: [email protected]
Response time: within 30 days of receiving your request.