Legal

Privacy Policy

Last updated: 2026-06-08

1. Who we are

i10Studios(“we”, “us”, “our”) is a software engineering studio with operating teams in Lahore, Pakistan and London, United Kingdom. We build custom web, mobile, cloud, and AI products for clients globally, with a primary focus on the United States, United Kingdom, and Pakistan markets.

Our main contact for any privacy-related question is info@i10studios.com.

2. What this policy covers

This policy describes the information we collect through the public website at i10studios.com, how we use it, who we share it with, and the rights you have over it.

Information processed under a client services contract (e.g. production access to your systems while we are building software for you) is governed by that contract, not this website policy.

3. Information we collect

Information you give us directly

  • Contact form data: name, email address, company, and the message you submit. Used only to respond to your enquiry and to follow up about a possible engagement.
  • Email correspondence: any information you choose to send us at info@i10studios.com.

Information collected automatically

  • Analytics: we use Google Analytics 4 to measure aggregate traffic patterns (pages viewed, country, device type, referrer). IP addresses are anonymised before storage as required by GA4 defaults.
  • Server logs: standard web server logs (IP address, user agent, request path, timestamp) retained for security and abuse prevention for up to 30 days.
  • Spam protection: Cloudflare Turnstile runs on the contact form to block automated submissions. Turnstile does not use third-party cookies for tracking.

Information we do NOT collect

  • We do not sell personal data.
  • We do not run advertising-network trackers (no Facebook Pixel, no Google Ads remarketing, no TikTok pixel).
  • We do not store payment information on this website. Any engagement billing happens through invoicing channels agreed with you directly.

4. Legal bases (GDPR / UK GDPR)

For visitors in the United Kingdom and European Economic Area we rely on the following lawful bases under UK GDPR / EU GDPR:

  • Legitimate interests — for analytics, server logs, and responding to your enquiries. Our interest is running and improving a professional services website; you can object at any time.
  • Consent — for any non-essential cookie or tracker we deploy in future. None currently require consent.
  • Contract — when we process your information to prepare or perform a services engagement with your organisation.

5. How we use your information

  • Respond to enquiries and prepare proposals.
  • Measure aggregate website performance and improve content.
  • Detect and block abusive traffic and security threats.
  • Comply with legal obligations.

6. Who we share information with

We share information only with the service providers necessary to operate the website and respond to enquiries:

  • Google (Analytics 4): aggregate website analytics. Data may be processed in the United States and other Google data centres.
  • Cloudflare: Turnstile bot protection on the contact form.
  • Email/SMTP provider: delivery of contact-form messages to our inbox.
  • Hosting infrastructure: our cPanel hosting provider for the production server.

We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.

7. International data transfers

Because our team operates from Pakistan and the United Kingdom and our analytics provider operates globally, your information may be processed in countries outside your home jurisdiction. For transfers from the UK / EEA we rely on the UK International Data Transfer Addendum and the EU Standard Contractual Clauses where applicable.

8. How long we keep information

  • Contact-form enquiries: retained while the opportunity is active and for up to 24 months afterwards for follow-up, then deleted on request.
  • Analytics data: retained per Google Analytics 4 defaults (currently 14 months for event-level data).
  • Server logs: up to 30 days.

9. Your rights

Depending on your jurisdiction (UK GDPR, EU GDPR, California CCPA / CPRA, Pakistan PDPA proposals) you have some or all of the following rights:

  • Access — request a copy of the personal data we hold.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data.
  • Restriction — ask us to limit processing.
  • Objection — object to processing based on legitimate interests.
  • Portability — receive your data in a portable format.
  • Withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting prior processing.
  • Complain — lodge a complaint with your local supervisory authority (ICO in the UK, your local DPA in the EEA).

To exercise any of these rights, email info@i10studios.com. We respond within 30 days.

10. Cookies

We use only the minimum cookies required to operate the site (theme preference, security tokens) and the Google Analytics cookie for aggregate usage. We do not use third-party advertising or cross-site tracking cookies.

You can block all cookies in your browser settings without losing access to any feature of this website.

11. Children

Our services are intended for businesses. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with information, contact us at info@i10studios.com and we will delete it.

12. Changes to this policy

We may update this policy as our services or legal obligations change. The “Last updated” date at the top reflects the most recent revision. Material changes will be flagged on this page for at least 30 days.

13. Contact

Questions, requests, or complaints about this policy:

  • Email: info@i10studios.com
  • Primary studio: Floor-11, Al-Hafeez Heights, 3 Ghalib Rd, Block D1 Gulberg, Lahore, Pakistan
  • UK presence: London, United Kingdom