Privacy Policy

Irozen (operating as Irozen Studio) is the data controller responsible for your personal data. We are a software services company registered in Dhaka, Bangladesh, providing web development, SaaS development, and UI/UX design services globally.

For all data protection enquiries, please contact us at: hello@irozen.com. We aim to respond within 48 business hours.

Identity & Contact Data: Full name, business name, email address, and phone number provided when you contact us, submit a project enquiry, or enter into a service agreement.

Transaction & Payment Data: When you engage our services and make payments — including payments via digital assets (cryptocurrency) — we collect transaction reference IDs, wallet addresses (where applicable), invoice details, and payment confirmation records. We do not store full card numbers or private cryptographic keys.

Project & Communication Data: Project briefs, specifications, feedback, correspondence, and files you share with us during the course of a project.

Technical Data: IP address, browser type and version, operating system, referring URLs, page views, and session duration collected automatically via server logs and privacy-respecting analytics tools.

Cookie Data: Data collected through essential cookies and analytics cookies as described in Section 7.

We process your personal data only where we have a valid legal basis under the General Data Protection Regulation (GDPR) and applicable data protection legislation:

Contractual Necessity: Processing required to perform a contract with you or to take steps at your request before entering into a contract (e.g. delivering your project, issuing invoices, processing payments).

Legitimate Interests: Processing necessary for our legitimate business interests, such as communicating with prospects, preventing fraud, maintaining the security of our systems, and improving our services — provided these interests are not overridden by your rights.

Legal Obligation: Processing required to comply with applicable laws, regulations, or court orders.

Consent: Where we rely on your consent (e.g. sending marketing communications), you may withdraw consent at any time without affecting the lawfulness of prior processing.

To deliver, manage, and invoice for our software development and design services.

To process payments, including payments made via digital assets through Binance Pay or other regulated cryptocurrency payment processors.

To communicate with you regarding project progress, proposals, and service updates.

To fulfil our legal and regulatory obligations, including anti-money laundering (AML) record-keeping where required.

To detect, investigate, and prevent fraudulent transactions, unauthorised access, and other illegal activities.

To analyse and improve our website, services, and internal processes.

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

When you make a payment using a digital asset (such as USDT, BNB, ETH, or other supported cryptocurrencies) via Binance Pay or a similar compliant payment gateway, the following applies:

Transaction records — including the amount, currency, transaction hash, and timestamp — are retained for accounting, tax, and regulatory compliance purposes for a minimum of 7 years in accordance with applicable financial regulations.

Blockchain transactions are inherently public and immutable. Any data recorded on a public blockchain is outside our control once submitted.

We do not store your private keys, seed phrases, or wallet credentials. Payment processing is handled securely by our regulated payment partner (Binance Pay), whose own privacy policy governs their data handling.

We may be required to share transaction data with tax authorities, financial regulators, or law enforcement agencies in accordance with applicable law.

We do not sell, trade, or rent your personal information to any third party for marketing purposes.

We may share data with trusted service providers acting as our data processors (e.g. hosting providers, payment processors, email delivery services, accounting software) under binding data processing agreements that require them to protect your data.

We may disclose information to comply with applicable law, enforce our Terms of Service, or protect the rights, property, or safety of Irozen, our clients, or others.

In the event of a business transfer (merger, acquisition, or sale of assets), personal data may be transferred to the acquiring entity, subject to the same privacy protections.

Our website uses cookies and similar technologies. We deploy only essential cookies (required for site functionality) and analytics cookies (to understand how visitors use our site).

We do not use advertising cookies, tracking pixels from ad networks, or third-party behavioural tracking technologies.

You may instruct your browser to refuse all cookies. Disabling essential cookies may affect the functionality of our website. Disabling analytics cookies will not affect your ability to use the site.

We retain personal data only as long as necessary for the purposes described in this policy or as required by law:

Client project data and correspondence: retained for the duration of the engagement plus 5 years.

Financial and transaction records (including cryptocurrency transaction records): retained for a minimum of 7 years to comply with tax and financial regulations.

Contact form submissions: retained for up to 2 years unless a project engagement follows.

Website analytics data: retained in aggregated, anonymised form.

You may request deletion of your personal data at any time (see Section 10). We will comply unless retention is required by law.

Irozen is based in Dhaka, Bangladesh. If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with data transfer restrictions, your data may be transferred to and processed in countries outside your jurisdiction.

Where transfers occur, we implement appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the relevant authority, or we rely on the adequacy decisions of the European Commission where applicable.

Depending on your jurisdiction, you have the following rights regarding your personal data:

Right of Access: Request a copy of the personal data we hold about you.

Right to Rectification: Request correction of inaccurate or incomplete data.

Right to Erasure ('Right to Be Forgotten'): Request deletion of your data, subject to legal retention obligations.

Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.

Right to Data Portability: Receive your data in a structured, machine-readable format.

Right to Object: Object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at hello@irozen.com. We will respond within 30 days. If you are in the EEA or UK, you have the right to lodge a complaint with your local supervisory authority.

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS/HTTPS), access controls, and regular security reviews.

Payment data is handled exclusively through regulated, PCI-DSS compliant payment processors. We do not store raw payment credentials on our servers.

No method of internet transmission is 100% secure. If you become aware of any security incident involving your data, please notify us immediately at hello@irozen.com.

Our services are directed exclusively at businesses and individuals aged 18 or over. We do not knowingly collect personal data from anyone under 16. If you believe we have collected data from a minor, please contact us immediately so we can delete it.

Our website may contain links to third-party websites or platforms. We are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policy of any site you visit.

We may update this Privacy Policy periodically to reflect changes in our practices, services, or applicable law. The 'Last updated' date at the top of this page indicates when the policy was last revised. Continued use of our website or services after updates constitutes acceptance of the revised policy.

For material changes, we will notify active clients via email.

For any questions, requests, or complaints regarding this Privacy Policy or our data practices, please contact us:

Email: hello@irozen.com

Address: Irozen Studio, Dhaka, Bangladesh

We are committed to resolving any concerns promptly and transparently.