Legal · privacy

Privacy policy.

Last updated · TBD
Effective · TBD
Contact · office@malisic.dev
Placeholder content. This page is the production shell for the final privacy policy. Real legal copy will be substituted before launch. Section structure follows the GDPR / UK GDPR / CCPA template most B2B sites use; cut or expand sections to match the final scope.

01 /Summary

Malisic Dev ("we", "us") is a small product studio. This policy explains what personal data we collect when you visit malisic.dev or contact us, why we collect it, and what your rights are.

The short version: we collect only what we need to reply to you and run a privacy-respecting site. We do not sell personal data. We do not track you across sites. We do not use Google Analytics.

02 /Data we collect

We collect personal data in two ways:

  • When you contact us. If you submit the brief form or email office@malisic.dev, we receive your name, email address, optionally your company and project scope, and whatever you choose to write in the message field.
  • When you load the site. Our privacy-respecting analytics tool records aggregate, anonymised usage data: page views, referrer, country at country level, device type, anonymised session duration. No cookies. No cross-site identifiers. No personal profiles.

We do not collect special-category data (e.g. health, biometric, political opinions). Please don't include any in your message.

03 /How we use it

We use the data above to:

  • Reply to your enquiry and continue the conversation.
  • Send transactional emails directly related to a project we are discussing with you (proposals, scheduling, contracts).
  • Understand which parts of the site work, at an aggregate level, so we can improve them.
  • Comply with our legal obligations (e.g. responding to lawful requests).

Our legal bases (UK / EU GDPR) are legitimate interest (replying to inbound enquiries, running an analytics pipeline that does not identify you) and contract (where you become a client).

04 /Who we share data with

We share personal data only with a small number of processors that help us run the studio:

  • Our email provider, to host office@malisic.dev.
  • Our website host, to serve this site.
  • Our privacy-respecting analytics provider, to receive anonymised usage events.
  • Tools we use to run an engagement once you become a client (e.g. Slack, Linear), only where strictly necessary for the work.

We do not sell, rent, or trade personal data. We do not share it for advertising.

05 /Cookies & analytics

This site does not use marketing or advertising cookies. We do not load tracking pixels or third-party scripts beyond the privacy-respecting analytics tool described above.

You can use the site without consenting to cookies because there are no cookies to consent to. If we add any in the future, we will ask first.

06 /Retention

We keep enquiry data only as long as we need it:

  • Enquiries that do not progress. Kept for up to 12 months, then deleted.
  • Active engagements. Kept for the duration of the project plus the retention period required by tax law and our professional indemnity insurance (typically up to 6 years after the engagement ends).
  • Aggregate analytics data. Kept indefinitely in non-identifying form.

07 /Your rights

If GDPR, UK GDPR, or CCPA applies to you, you have the right to:

  • Ask what we hold about you and receive a copy.
  • Have inaccurate data corrected.
  • Have your data deleted, where we have no continuing reason to hold it.
  • Object to or restrict our processing.
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, write to office@malisic.dev. We aim to respond within 30 days.

08 /International data transfers

Malisic Dev is based in Belgrade, Serbia. Some of our processors operate from the EU, UK, or US. When personal data leaves the EEA / UK, we rely on adequacy decisions or standard contractual clauses, as applicable.

09 /Security

We take reasonable technical and organisational measures to protect personal data: encrypted transit, access controls, principle-of-least-privilege on internal tools, regular dependency updates. No system is perfectly secure; if a breach materially affects you, we will notify you and the relevant authority within the required timeframe.

10 /Changes to this policy

If we make material changes, we will update the Last updated date at the top and, where reasonable, notify you in writing. The current version is always available at this URL.