Skip to main content
Adimis
Back to home

Legal

Privacy Policy

Effective: 2026-05-05 · Last updated: 2026-05-05

This Privacy Policy explains how Aditya Mishra (operating as "Adimis", "we", "us", or "I") collects, uses, discloses and protects personal information when you visit adimis.in (the "Site"), contact me through it, or engage me for professional services.

Read carefully. By using the Site or submitting information through it, you confirm you have read and understood this policy.

1. Who is the data controller

The data controller for personal information collected through the Site is Aditya Mishra, an independent engineering practice operating under the trade name "Adimis" based in India. For all privacy questions, requests, or complaints, contact: aditya.mishra@adimis.in.

2. Information I collect

2.1 Information you submit through the contact form

When you fill out the contact form on the Site, I collect:

  • Your name (or company name)
  • Your email address
  • The message body you write
  • Any additional information you choose to include (project details, timeline, links)

2.2 Information collected automatically

Like most websites, the Site automatically collects technical data required to deliver the page and protect the service:

  • IP address (used for rate-limiting and abuse prevention)
  • User-agent string, referrer URL, and basic device information
  • Aggregated, anonymized usage data via Microsoft Clarity (see Section 4)
  • Application logs and error traces (no message content stored)
  • AI Interaction Data: As of 2026, per the EU AI Act (Art. 52), I disclose that AI-driven processes may be used to assist in categorizing inbound enquiries or providing automated site functionality.

2.3 Information collected during a client engagement

If you engage me for professional services, additional information is exchanged under a separate written agreement (NDA / MSA / SOW): your business contact details, code access, infrastructure credentials, and anything reasonably required to deliver the work. That information is governed by the engagement contract first and this policy as a fallback.

2.4 What I do not collect

  • I do not collect payment card information on the Site.
  • I do not knowingly collect information from anyone under 16 years of age, aligning with 2026 US state protections (CA, OR).
  • I do not collect sensitive neural data or biometric identifiers via this Site (per California 2026 updates).
  • I do not buy, sell, rent, or trade contact lists from third parties.

3. Why I collect it (purposes & legal bases)

Personal information is collected and processed only for the purposes listed below, with the corresponding lawful basis under the EU GDPR / UK GDPR. Outside the EU/UK, equivalent local protections apply (including India's Digital Personal Data Protection Act, 2023):

  • To respond to your enquiry - basis: performance of a contract or steps prior to entering one (Art. 6(1)(b)).
  • To deliver and bill for engaged services - basis: contract performance (Art. 6(1)(b)).
  • To protect the Site from abuse (rate-limiting, spam filtering, honeypot detection) - basis: legitimate interest (Art. 6(1)(f)).
  • To improve the Site and content via aggregated analytics - basis: legitimate interest, with opt-out available.
  • To comply with legal obligations - basis: legal obligation (Art. 6(1)(c)).

4. Third-party processors I use

I keep the third-party footprint deliberately small. The following processors may receive limited personal data on my behalf, governed by their own privacy terms and a data-processing agreement where required:

  • Hosting / Edge - the Site is served from a managed hosting platform (e.g., Vercel) that processes IP addresses, request metadata and logs.
  • Microsoft Clarity - anonymized session analytics and heatmaps. Clarity may use cookies and similar technologies; data is aggregated and not used for advertising.
  • Email delivery - when I reply to your enquiry, the email is delivered through standard email providers (e.g., Google Workspace) acting as processors.
  • Database - contact form submissions are stored in a managed Postgres database for the retention period defined below.

I do not sell, rent, or share your personal information with third parties for advertising, profiling, or marketing purposes.

5. Cookies and Universal Opt-Out (GPC)

The Site uses a minimal set of cookies and local-storage entries: strictly-necessary items (e.g., theme preference, anti-CSRF tokens) and analytics cookies set by Microsoft Clarity.

Global Privacy Control (GPC): In compliance with 2026 laws in 12+ US states (including CA, CO, TX, and NJ), this Site is configured to recognise and honour "Global Privacy Control" signals sent by your browser. If you have GPC enabled, I will treat it as a valid request to opt-out of any non-essential tracking or "sale" of data (though I do not sell data regardless).

You can also block or clear analytics cookies via your browser settings; doing so will not affect your ability to contact me or use the Site.

6. How long I keep it

  • Contact form submissions: retained for up to 24 months from submission, unless an active client engagement requires a longer period for record-keeping.
  • Server / application logs: retained for 30 days, then rotated.
  • Analytics data (Clarity): retained per Microsoft's default retention policy.
  • Engagement records (contracts, invoices): retained for the duration required by applicable tax and accounting law in India (typically 7 years).

7. Your rights

Subject to applicable law, you have the right to:

  • Access the personal information I hold about you;
  • Request correction of inaccurate or incomplete data;
  • Request deletion of your data (the "right to be forgotten");
  • Restrict or object to certain processing;
  • Receive your data in a portable, machine-readable format;
  • Withdraw consent at any time where consent was the basis for processing;
  • Lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, your national DPA in the EU, or the Data Protection Board of India under the DPDP Act, 2023).

To exercise any of these rights, email aditya.mishra@adimis.in. I will respond within 30 days. Verification of your identity may be required before processing the request.

8. Security

I apply reasonable technical and organisational measures to protect personal information against unauthorised access, alteration, disclosure or destruction: TLS in transit, encrypted storage at rest, least-privilege access, secret rotation, server-side validation, rate limiting, and a honeypot on the contact form. No system is perfectly secure; if a breach materially affects you, I will notify you and the relevant authorities within the timelines required by law.

9. International data transfers

I operate from India and use service providers that may host data in the United States, the European Union, or other jurisdictions. Where personal data is transferred outside the EEA / UK, I rely on the European Commission's Standard Contractual Clauses or another lawful transfer mechanism offered by the processor.

10. Children

The Site and the services offered through it are intended for business contacts and adult professionals. The Site is not directed at children under 16 (the standard threshold across EU and US 2026 privacy frameworks), and I do not knowingly collect their data. If you believe a child has submitted information, contact me and I will delete it.

11. Changes to this policy

I may update this policy to reflect changes in law, technology, or business practice. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be announced on the Site at least 14 days before they take effect.

12. Contact

Questions, requests or complaints about this policy or my handling of your personal information:

Aditya Mishra · operating as Adimis
Email: aditya.mishra@adimis.in
Web: adimis.in