Overview
This Privacy Policy describes how TintSol (Private) Limited, a software development company headquartered in Lahore, Pakistan, collects, uses, stores, shares, and protects information about the visitors, clients, and candidates who interact with us.
We have written this policy to mirror the standards followed by regulated software exporters in Pakistan — including alignment with the Pakistan Personal Data Protection Bill, the EU GDPR for clients in the European Economic Area, and the CCPA for residents of California. Where local laws extend further rights than what is described here, the local law prevails.
By using our website, contacting us, or engaging us for services, you confirm that you have read and understood this Privacy Policy.
Information We Collect
We collect only the information we need to deliver our services, communicate with you, and operate our business. The categories are:
- Contact information — name, email address, phone number, company, and role — submitted when you fill out a form, request a proposal, or correspond with us by email.
- Project information — briefs, design files, source code, credentials, and any other materials you share with us in the course of an engagement.
- Candidate information — your CV, references, assessment results, and interview notes, provided during a recruitment process.
- Usage data — IP address, device and browser type, referring URL, pages viewed, and time on page, collected automatically through cookies and similar technologies.
- Billing data — company tax identifiers, bank details, and invoice records, retained as required by Pakistani tax authorities.
How We Use Your Information
We use the information we collect to:
- Respond to inquiries, send proposals, and execute master service agreements.
- Deliver engineering, design, and consulting services in line with the scope of work agreed in writing.
- Evaluate candidates and communicate decisions during a recruitment process.
- Send transactional messages — project updates, invoices, policy notices.
- Analyse aggregated, non-identifying usage data to improve our website and content.
- Comply with our legal, accounting, and regulatory obligations in Pakistan and the markets we serve.
We do not sell your information to third parties, and we do not use your data to train any third-party AI model.
Data Security
We follow industry-standard controls for protecting information in transit and at rest:
- TLS encryption for all data in transit.
- Encryption at rest on managed cloud storage services wherever supported.
- Role-based access control with single sign-on, MFA on all administrative accounts, and the principle of least privilege.
- Regular security reviews of our infrastructure and third-party subprocessors.
- Incident-response procedures with notification to affected parties as required by applicable law.
No method of transmission or storage is fully secure. While we work to protect your information using commercially reasonable means, we cannot guarantee absolute security.
Data Retention
We retain personal data only as long as needed for the purpose it was collected:
- Inquiries that do not result in an engagement — 12 months from the last interaction.
- Active client records — for the duration of the engagement plus 7 years for tax and audit compliance.
- Candidate records — 24 months after the final decision, unless you ask us to delete sooner or consent to a longer talent-pool retention.
- Marketing subscribers — until you unsubscribe.
Your Rights
Depending on where you reside, you may have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate or incomplete data.
- Request deletion of your data, subject to legal retention requirements.
- Object to or restrict certain processing — for example, direct marketing.
- Receive a portable copy of the data you have provided to us.
- Withdraw consent at any time where processing is consent-based.
To exercise any of these rights, email privacy@tintsolltd.com. We will respond within 30 days and may ask you to verify identity before fulfilling the request.
International Data Transfers
Our primary operations are in Pakistan, and we engage clients in the United States, the European Economic Area, the United Kingdom, the Gulf, and beyond. Data may therefore be transferred to and processed in jurisdictions other than your country of residence.
For transfers from the EEA or UK, we rely on the European Commission’s Standard Contractual Clauses (or the UK International Data Transfer Addendum) and conduct transfer impact assessments where required.
Children's Privacy
Our services and website are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us information, please contact us and we will delete it.
Updates to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or applicable law. The “Last updated” date at the top of this page is always current. Material changes will be communicated by email to active clients and via a banner on this site.
Contact Us
For any questions about this Privacy Policy or to exercise your rights, contact our data-protection team:
- Email — privacy@tintsolltd.com
- Postal — TintSol (Private) Limited, Lahore, Pakistan
Questions about this document? Email legal@tintsolltd.com and we’ll route it to the right team.