BLACKFLOW.space

Privacy
Policy.

LAST UPDATED April 2026

JURISDICTION India · Canada · USA

CONTACT hello@blackflow.space

This document explains how Blackflow Design collects, uses, and protects information when you visit blackflow.space, submit a contact form, or book a call with us. We've written this in plain English because we believe you deserve to understand exactly what happens to your data — not wade through legal boilerplate designed to confuse you.

IN THIS DOCUMENT

Who We Are

Blackflow Design is a web design and development studio founded in Chandigarh, India. We build custom websites for service businesses — dentists, HVAC companies, contractors, caterers, and any established business that needs a site that actually reflects the quality of their work.

We operate under the following details:

Studio Name Blackflow Design

Website blackflow.space

Based In Chandigarh, India

Serving Canada, United States, and beyond

Email hello@blackflow.space

When this policy refers to "we", "us", or "our", it means Blackflow Design. When it refers to "you" or "your", it means you — the person visiting our website, submitting a form, or booking a call with us.

What We Collect

We only collect information that is genuinely necessary to serve you well. We do not collect information speculatively or build user profiles for any purpose beyond responding to your inquiry.

Information you give us directly

When you fill out our contact form, you provide:

Your name — so we know who we're talking to
Your email address — so we can respond to you
Your current website URL — so we can review your existing site before a call
Your message — whatever you choose to tell us about your situation

When you book a call through Calendly, you additionally provide:

Your name and email — for calendar invitation and reminders
Your time zone — for scheduling accuracy
Any pre-call questions Calendly asks — we configure minimal questions, typically just your website URL

Information collected automatically

When you visit blackflow.space, our analytics tools automatically collect:

Pages visited — which sections of the site you viewed
Time spent — how long you engaged with each page
Traffic source — how you found us (search, social, direct, referral)
Device and browser type — in aggregate, to ensure the site renders correctly
Approximate location — country and city level only, not your precise address
IP address — anonymized before storage

→

We never collect sensitive personal data including health information, financial account details, government identification numbers, passwords, or payment card information. All payments are handled by third-party processors — we never see or store your card data.

Information we do NOT collect

We do not collect your phone number unless you volunteer it in a message
We do not collect your physical address
We do not collect your social media profiles or activity
We do not use advertising trackers, Facebook Pixel, or retargeting scripts
We do not record website sessions or track mouse movements
We do not purchase data about you from third parties

How We Use It

Every piece of data we collect has one clear, specific purpose. We do not use your data for anything beyond what is described here.

Contact form submissions

We use your name, email, and message solely to respond to your inquiry. We reply within 24 hours on business days. We do not add you to any mailing list without your explicit consent.

Calendly bookings

We use your booking details to prepare for and conduct the call, send reminders before the call, and follow up afterwards with a quote or next steps. We do not use Calendly data for marketing purposes.

Analytics data

We use aggregated, anonymized analytics to understand which pages are useful, how visitors find us, and how to improve the site. This data never identifies you individually — we see traffic patterns, not personal profiles.

Client project data

When you become a client, we collect the additional information needed to complete your project — business details, branding assets, login credentials for your hosting. This data is used only for your project and stored securely. It is deleted or returned to you at project completion if you request it.

→

We will never sell your data, rent it, trade it, or use it to target you with advertising. If you contact us and we can't help you, we'll say so and refer you to someone who can — we won't follow up repeatedly or add you to a nurture sequence.

Cookies

Cookies are small text files stored in your browser when you visit a website. They allow the site to remember information between pages and visits.

blackflow.space uses the following types of cookies:

Strictly Necessary Required

WordPress requires session cookies to function — for example, to keep you logged in to the admin area. These are deleted when you close your browser and are not used for tracking.

Examples: wordpress_logged_in_*, wordpress_sec_*, wp-settings-*

Analytics Optional

Google Analytics 4 uses cookies to distinguish unique visitors and track sessions. These cookies do not contain personally identifiable information. We have configured GA4 to anonymize IP addresses before storage.

Examples: _ga, _ga_*, _gid

Calendly Third-party

When you interact with the Calendly booking widget, Calendly may set cookies to maintain your session state during the booking process. These are governed by Calendly's own cookie policy.

Set by: calendly.com

→

We do not use advertising cookies, retargeting pixels, or tracking scripts from social media platforms (Facebook, Instagram, LinkedIn, TikTok, etc.). We have never installed and will never install these without clearly notifying you.

How to control cookies

You can control and delete cookies through your browser settings. Most browsers allow you to refuse cookies entirely, delete existing cookies, or configure per-site cookie preferences. Disabling cookies may affect the functionality of some parts of the site — specifically the booking widget — but will not prevent you from reading our content or contacting us via email.

For guidance on managing cookies in your specific browser, visit allaboutcookies.org.

Third-Party Services

Our website loads resources from third-party servers to function correctly. Each of these transfers involves your browser making a direct connection to an external server, which may expose your IP address to that server.

Google Fonts / CDN

We self-host all fonts on our own server. Your browser makes no connection to Google Fonts. This was a deliberate decision to protect your privacy and improve load speed.

jsDelivr CDN

Some JavaScript libraries (GSAP, Lenis smooth scroll) are loaded from jsDelivr's CDN for performance. Your IP address may be logged by jsDelivr in accordance with their privacy policy.

Calendly

The booking popup loads Calendly's scripts and stylesheets. Calendly's servers process your booking, send confirmations, and manage calendar integration.

Google Analytics

Analytics data is sent to Google's servers in the United States. We have enabled IP anonymization and set data retention to 2 months. We do not use GA's remarketing or advertising features.

We are not responsible for the privacy practices of these third-party services. We encourage you to review their respective privacy policies, linked in Section 04 above.

Data Retention

We retain your data only for as long as necessary to serve the purpose for which it was collected. Here is our retention schedule:

Type of data

How long we keep it

Why

Contact form submissions

12 months

In case the conversation is referenced in a future project discussion

Calendly booking data

Per Calendly's policy (typically 2 years)

Controlled by Calendly, not us — request deletion directly from Calendly

Analytics data

2 months (GA4 minimum)

Long enough to identify trends, short enough to minimize data exposure

Client project files

Duration of engagement + 6 months

To support post-launch requests and warranty claims

Email correspondence

3 years

Standard business communication retention for reference and legal protection

Invoice and payment records

7 years

Required by Indian tax law (GST compliance) and standard accounting practice

After the retention period expires, data is permanently deleted. We do not archive data indefinitely. You can request early deletion of your data at any time — see Section 08 for your rights.

Your Rights

Depending on where you are located, you have specific legal rights regarding your personal data. We honour these rights regardless of jurisdiction — not because we are legally required to in every case, but because we believe it is the right way to operate.

Right to Access

You can ask us what personal data we hold about you. We will provide a complete list within 30 days of your request, free of charge.

Right to Rectification

If any data we hold about you is inaccurate or incomplete, you can ask us to correct it. We will update it within 10 business days.

Right to Erasure

You can ask us to permanently delete your data. We will do so within 48 hours for contact form data and analytics, and within 10 business days for project-related data. Exceptions apply where we are legally required to retain records (e.g. invoices).

Right to Portability

You can request a copy of your data in a machine-readable format (CSV or JSON). We will provide this within 30 days.

Right to Object

You can object to how we process your data at any time. If we cannot demonstrate a compelling legitimate reason for the processing, we will stop.

Right to Restrict Processing

You can ask us to temporarily stop processing your data while we verify a rectification or erasure request. We will acknowledge the restriction within 24 hours.

Right to Withdraw Consent

Where processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of processing based on consent before withdrawal.

Right to Lodge a Complaint

If you believe we have handled your data improperly, you have the right to lodge a complaint with your local data protection authority. For Canadian residents: the Office of the Privacy Commissioner (OPC). For EU/UK residents: your local Supervisory Authority.

→

To exercise any of these rights, email us at hello@blackflow.space with the subject line "Privacy Request". You will not need to explain why you are making the request. We will acknowledge within 24 hours and complete the request within the timelines stated above.

Security

We take reasonable technical and organizational measures to protect your data from unauthorized access, loss, misuse, or alteration. Specifically:

HTTPS everywhere — all data transmitted between your browser and blackflow.space is encrypted via TLS. The site will never serve insecure HTTP connections.
Limited access — only one person (the studio founder) has access to contact form submissions and client data. We do not use shared credentials.
Strong passwords and 2FA — all accounts connected to this site (hosting, WordPress, Google, Formspree, Calendly) use strong unique passwords and two-factor authentication where available.
Regular backups — the site and its database are backed up daily by Hostinger. Backups are retained for 30 days.
Minimal data collection — the best security for your data is not collecting it in the first place. We deliberately collect less than we could.

No security system is impenetrable. If we become aware of a data breach that affects your personal data, we will notify you within 72 hours via the email address you provided, and will take immediate steps to contain and remediate the breach.

If you discover a security vulnerability on blackflow.space, please report it responsibly to hello@blackflow.space before disclosing it publicly. We will acknowledge your report within 24 hours and work to resolve it promptly.

Children

Our services are designed for business owners and decision-makers at established companies. We do not knowingly collect personal data from anyone under the age of 16.

If you are under 16, please do not submit a contact form or book a call through this website. If you are a parent or guardian and believe your child has provided us with personal information, contact us at hello@blackflow.space and we will delete it immediately.

Changes to This Policy

We may update this privacy policy from time to time as our services evolve, as new laws come into effect, or as we change the tools we use to operate our business.

When we make material changes — changes that affect how we collect, use, or share your data in ways that were not previously described — we will:

Update the "Last Updated" date at the top of this page
If you are an active or recent client, email you a summary of the changes
Keep the previous version of this policy accessible on request

Minor changes — typo corrections, clarifications that don't affect how we operate, or updated links to third-party policies — will be made without specific notification.

Your continued use of blackflow.space after changes are published constitutes acceptance of the updated policy. If you disagree with a change, you are welcome to contact us to discuss it or to request deletion of your data.

Contact Us

Privacy questions deserve straight answers. If anything in this policy is unclear, if you want to exercise any of your rights, or if you simply want to know more about how we handle your data — reach out directly.