Desk FoxPrivacy Policy

Privacy Policy

DeskFox (Private) Limited · Effective 6 July 2026

This Privacy Policy explains how DeskFox (Private) Limited(“DeskFox”, “we”, “us”), a private limited company incorporated under the Companies Act, 2017 and operating from the Province of Sindh, Pakistan, collects, uses, and protects information in the course of providing design and development services and operating deskfox.dev. It applies alongside our Terms & Conditions and any executed non-disclosure agreement.

The short version

We collect the minimum needed to work with you and bill you. Your project data stays yours — we’re the caretaker, you’re the owner. deskfox.dev itself sets no cookies. Each section opens with a plain-terms summary; the full text below it governs.

01Who We Are & Scope

1.1 This Policy applies to (a) visitors of deskfox.dev, (b) clients and their representatives, and (c) project data and assets DeskFox handles while building, testing, or temporarily hosting client projects prior to handoff.

1.2 It does not apply to websites, applications, or services owned by clients after handoff, nor to third-party services linked from our work. Those are governed by their own privacy policies.

02Our Role: Client as Controller, DeskFox as Custodian

2.1 For all data within a client project — including content, databases, user accounts, and submissions — the Client is and remains the controller: the Client determines what is collected, why, and for how long. DeskFox acts solely as a custodian/processor, handling such data only as needed to design, build, test, support, and deliver the project.

2.2 At Handoff, all project data, credentials, and hosted assets are transferred to the Client, and DeskFox deletes residual copies within sixty (60) days, except as needed for support the Client has engaged, or as required by law.

03Information We Collect

Client contact information — names, email addresses, phone numbers, and company details of the people we work with, provided directly by you.

Billing information — invoicing details, payment records, and tax information needed to bill you and meet our accounting obligations. Card and bank processing is handled by payment providers; DeskFox does not store full card numbers.

Project data & assets — content, media, credentials, and data you supply or that the project generates while in our care (Section 2).

04Cookies & deskfox.dev

4.1 deskfox.dev stores no cookies whatsoever and uses no analytics trackers, advertising pixels, or fingerprinting. Visiting our site leaves no persistent identifier on your device.

4.2 Websites and applications we build for clients may use cookies or similar technologies where the Client requires them. Deciding on, disclosing, and obtaining consent for such cookies is the Client’s responsibility as controller; DeskFox will implement them as instructed and can advise on disclosure best practice.

05Contact Forms & Submissions on Client Projects

5.1 Where a project in our care includes contact forms or email submissions, the Client determines and approves, in advance, what submission data (if any) DeskFox may access — for example, for testing or debugging. DeskFox accesses only what is necessary and approved.

5.2 At Handoff, submission inboxes, integrations, and stored entries are transferred to the Client’s control. Where DeskFox provides sideline support afterwards, access is limited to what the Client authorises for the support task at hand.

06End-User Data on Apps We Host for Clients

6.1 Where DeskFox hosts a client application pending Handoff or under a support retainer, personal data of the application’s end users is processed exclusively on the Client’s behalf and instructions. DeskFox does not use end-user data for its own purposes, does not sell or share it, and accesses it only as necessary for operation, debugging, and security.

6.2 The Client is responsible for providing its end users with an appropriate privacy notice and lawful basis. On request, DeskFox will enter into a data-processing addendum reflecting these commitments.

07How We Use Information

We use information solely to: (a) deliver the services described in an accepted proposal; (b) communicate about the engagement; (c) invoice and collect payment, and maintain accounting and tax records required under Pakistani law; (d) secure and back up systems in our care; and (e) establish, exercise, or defend legal claims.

We do not sell personal information, do not use client or end-user data for advertising, and do not add contacts to marketing lists without express consent.

08Storage, Security & Retention

8.1 DeskFox applies reasonable technical and organisational safeguards: access limited to team members assigned to the engagement, credential management, encrypted transmission where supported, and segregated project environments. No method of storage is perfectly secure; we will notify affected clients without undue delay of any breach affecting their data.

8.2 Client contact and billing records are retained for the period required by applicable tax and corporate law. Project data is retained per Section 2.2. Correspondence is retained as long as reasonably necessary for the relationship and legal claims.

8.3 Infrastructure may include reputable international hosting and cloud providers; where data is stored outside Pakistan, we select providers with recognised security certifications and contractual safeguards.

09Sharing & Third Parties

We disclose information only: (a) to service providers necessary for the engagement — hosting, domain registrars, payment processors, communication tools — under their respective terms; (b) to subcontractors bound by confidentiality obligations no less protective than ours; (c) where required by law, regulation, or a competent court or authority in Pakistan, including lawful requests under the Prevention of Electronic Crimes Act, 2016; or (d) with your direction or consent.

10Legal Framework

10.1 This Policy is framed under the laws of the Islamic Republic of Pakistan. Data and information systems are protected against unauthorised access, interference, and disclosure under the Prevention of Electronic Crimes Act, 2016; electronic records and communications are recognised under the Electronic Transactions Ordinance, 2002; and confidentiality undertakings are enforceable under the Contract Act, 1872.

10.2 Pending enactment of a comprehensive data-protection statute (the draft Personal Data Protection Bill), DeskFox voluntarily follows its core principles: lawful and transparent processing, purpose limitation, data minimisation, accuracy, storage limitation, and security.

10.3 For clients subject to foreign regimes such as the EU GDPR or the UK GDPR, DeskFox will process client-controlled data in accordance with documented instructions and execute a data-processing addendum where required.

11Your Rights & Choices

You may request access to, correction of, or deletion of personal information DeskFox holds about you, or object to a particular use, by writing to us. We respond within thirty (30) days. Deletion requests are honoured except where retention is required by law (for example, tax records) or for the establishment or defence of legal claims. For data within a client-controlled project, we will refer or relay the request to the relevant Client.

12Changes & Contact

We may update this Policy from time to time; the effective date above reflects the latest revision. Material changes affecting active engagements are notified to clients in writing. Questions, requests, and complaints may be addressed to DeskFox (Private) Limited, Sindh, Pakistan, via the contact details at deskfox.dev.

Your data, your project, your call — we just build it well and keep it safe in the meantime. DeskFox (Private) Limited, Sindh, Pakistan · deskfox.dev