Privacy Policy & Data Rights

Introduction

Tariq Khan ("we", "us", or "our") operates the website tariqkhan.co.uk. This Privacy Policy explains how we collect, use, disclose and safeguard your information when you visit our website or use our services. It also explains your rights under the UK General Data Protection Regulation (UK GDPR) and how you can exercise them.

Information We Collect

We collect information that you provide directly to us when you create an account or use our services:

• Name and email address (provided via OAuth authentication)
• Email address for account identification and communication
• Profile information from your OAuth provider (Google, Apple, or LinkedIn)
• Usage data and preferences to improve your experience

How We Use Your Information

We use the information we collect to:

• Create and manage your user account
• Provide, maintain and improve our services
• Send you important updates about our services
• Protect against fraud and unauthorised access

Legal Basis for Processing

We only process your personal data when we have a lawful basis to do so. The legal bases we rely on include:

• Consent - Where you have given clear consent for us to process your personal data for a specific purpose.
• Contract - Where processing is necessary to fulfil our contract with you or to take steps before entering into a contract.
• Legitimate Interests - Where processing is necessary for our legitimate interests (e.g., improving our services) and your rights do not override those interests.
• Legal Obligation - Where processing is necessary to comply with a legal obligation, such as tax or regulatory requirements.

Third-Party Services & Data Transfers

We use the following third-party services to operate our platform:

• Clerk - Authentication and user management
• Convex - Database and real-time data synchronisation
• Vercel - Website hosting and deployment

Your personal data may be transferred to and processed in countries outside the UK, including the United States where these service providers are located. When we transfer data internationally, we ensure appropriate safeguards are in place, including reliance on adequacy decisions, standard contractual clauses, or other approved mechanisms under UK GDPR.

Cookies and Tracking

We only use strictly necessary and functional cookies. We do not use tracking cookies or third-party analytics that monitor your behaviour across websites.

• Authentication session cookies (managed by Clerk) to keep you signed in
• Theme preference cookie to remember your light/dark mode choice
• Accent colour cookie to remember your chosen accent colour

These cookies are exempt from consent requirements under GDPR/ePrivacy as they are either strictly necessary for the service to function or store user-requested preferences.

Your Rights Under GDPR

Under the UK GDPR, you have the following rights regarding your personal data:

• Right of Access - You can request a copy of all personal data we hold about you. We will provide this information free of charge within 30 days.
• Right to Rectification - If your personal data is inaccurate or incomplete, you have the right to have it corrected. You can update most information directly in your account settings.
• Right to Erasure - Also known as the 'right to be forgotten', you can request deletion of your personal data when it is no longer necessary for the purpose it was collected.
• Right to Restriction - You can request that we limit how we use your data while a complaint is being resolved or if processing is unlawful but you do not want the data deleted.
• Right to Data Portability - You can request your personal data in a structured, commonly used, machine-readable format to transfer to another service provider.
• Right to Object - You can object to processing of your personal data at any time, particularly where we process data based on legitimate interests or for direct marketing.
• Rights Related to Automated Decisions - You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently make such automated decisions.

Deleting Your Data

You have the right to request deletion of your personal data at any time. We are committed to honouring these requests promptly and in accordance with UK GDPR and CCPA requirements.

What We Delete

When you request data deletion, we will permanently remove:

• Your user account and profile information
• Your email address and name
• Your preferences and settings (theme, accent colour, locale)
• Any usage data and activity logs associated with your account

How to Request Deletion

Self-Service (Recommended): You can delete your account instantly. This will immediately and permanently remove all your data from our systems.

Via Email: Send an email to [email protected] with the subject line "Data Deletion Request". Please include the email address associated with your account so we can verify your identity and locate your data.

Deletion Timeline

Self-service deletions are processed immediately. Email requests are processed within 30 days of receipt, in compliance with GDPR requirements. You will receive confirmation once your data has been deleted.

Retention Exceptions

In limited circumstances, we may be required to retain certain data to comply with legal obligations (such as tax records), resolve disputes, or enforce our agreements. Any retained data will be minimised and securely protected, and we will inform you of any such retention.

Data Retention

We retain your personal data only for as long as necessary to provide our services and fulfil the purposes outlined in this policy. When you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. All data is encrypted in transit using TLS and at rest using industry-standard encryption.

Right to Lodge a Complaint

If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. You can contact them at ico.org.uk or by phone on 0303 123 1113.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Contact Us

If you have any questions about this Privacy Policy, your data rights, or wish to exercise any of your rights, please contact us at [email protected]. We will respond to your request within 30 days.