Privacy

Data use should be limited, visible and connected to a clear purpose.

This notice describes the current public website. It does not silently claim legal details or processing arrangements that have not been configured.

01 / Operator

Who is responsible for the website.

02 / Project and career submissions

Public forms store the information you choose to submit.

The project and open-application forms send their visible fields to Sellbyx. The service stores the submission in its PostgreSQL database, records bounded source and campaign attribution, the browser user-agent and a one-way network fingerprint used for abuse limits. If external notification is configured, email or webhook delivery is queued to the Sellbyx team; retryable failures stop after a bounded number of attempts and remain visible in the private Lead Inbox. Database-only mode creates no external-delivery job. A prepared direct-email link remains available as a fallback. Sellbyx uses project inquiries to respond and assess a possible engagement, and career applications to evaluate potential collaboration. Do not include unnecessary sensitive information.

03 / First-party measurement

Operational events exclude form values and visitor IDs.

The first-party analytics collector is currently disabled. Normal hosting and security logs may still process network metadata needed to deliver and protect the site.

04 / Optional Google Analytics

Google Analytics is never loaded before consent.

Google Analytics is not configured. If it is enabled later, this page and the consent control must remain accurate before the script is made available.

05 / Cookies and browser storage

Public browsing does not require an analytics cookie.

The public site stores the optional analytics choice in local storage. Session storage remembers bounded first-landing attribution for the current browser tab so a submitted inquiry can retain its source; it contains no form values and expires with the tab session. GA cookies can be created only after consent when GA is configured. Authentication cookies are used on the private administrator and MCP authorization flows and are not required to read the public site.

06 / Retention, recipients and rights

Keep data only for the purpose that justified it.

Stored inquiries, applications and their delivery records have a configured maximum active-database retention of 730 days unless an earlier deletion request applies or continued storage is needed to establish a working relationship, satisfy a legal obligation or resolve a dispute. Access-controlled backup copies can retain the same records until the separately configured backup lifecycle expires; they are restored only for disaster recovery and age out rather than returning to ordinary use after a deletion request. Relevant hosting, email or webhook, authentication, analytics and infrastructure providers process data only for their configured service. Depending on applicable law, you may ask for access, correction, deletion, restriction, objection or portability, and may withdraw consent without affecting earlier lawful processing. Contact hello@sellbyx.com. Identity verification may be required before fulfilling a request.

07 / Changes

Material changes receive a new review date.

This notice must be updated when a new analytics or lead-delivery provider is enabled, the stored form fields or purposes change, retention changes, or the legal operator changes. A provider must not be enabled merely because this policy mentions the possibility.

Direct access to the delivery team

Need to ask how your information is handled?

Contact Sellbyx