Effective Date: January 24, 2026

1. Governance and Sovereignty Statement

At WebDesign.gy, we recognize that data is a critical asset for Guyanese businesses. Unlike standard agencies that treat privacy as an afterthought, we operate under a strict Data Sovereignty Framework. This policy outlines how we collect, secure, and legally protect the digital information of our corporate clients and their end-users.

We assert that the legal jurisdiction governing the data processed through our infrastructure is the Co-operative Republic of Guyana. We do not subject your critical business intelligence to foreign data harvesting practices common in free or low-cost web services.

2. Information Collection Protocols

We collect information in two distinct categories: Client Intelligence (business data) and End-User Telemetry (visitor data).

2.1 Client Intelligence

To facilitate the deployment of your digital infrastructure, we collect:

  • Entity Verification Data: Business registration numbers, TIN numbers, and official corporate addresses required for invoicing and Local Content validation.
  • Operational Credentials: Access keys to existing domains, hosting environments, or third-party APIs required for integration.
  • Staff Data: Names and contact details of designated project managers and stakeholders.

2.2 End-User Telemetry

For the websites we engineer, we may configure systems to collect:

  • Technical Footprints: IP addresses, browser types, and device specifications to optimize load times and security rendering.
  • Interaction Metrics: Click-stream data and session duration to feed into the “Performance Tracking” reports.
  • Voluntary Submissions: Data entered into contact forms, lead capture engines, or application portals.

3. Data Storage and Residency

We prioritize the concept of Data Sovereignty. This means we ensure you know exactly where your data resides.

  • Primary Storage: Unless otherwise requested for specific international latency reasons, our primary database clusters are hosted in enterprise-grade data centers compliant with GDPR and international ISO 27001 security standards.
  • Local Caching: We utilize advanced Content Delivery Networks (CDNs) to cache static assets locally, ensuring that Guyanese visitors experience sub-second load times while keeping heavy database queries secure.
  • No Unauthorized Transfers: We strictly prohibit the transfer of your confidential Client Intelligence to third-party marketing agencies or data brokers. Your data stays within the ecosystem we build for you.

4. Security Infrastructure

We employ “Defense-in-Depth” strategies to protect data integrity.

4.1 Encryption Standards

  • Transmission: All data in transit between your users and our servers is encrypted using 256-bit TLS/SSL encryption. This is the “Green Padlock” standard required by banking and government sectors.
  • Storage: Sensitive credentials (such as database passwords and API keys) are hashed and salted before being stored in our administrative vaults.

4.2 Threat Mitigation

For clients on our Market Leader tier, we deploy active Web Application Firewalls (WAF) to inspect incoming traffic for malicious patterns, SQL injection attempts, and brute-force attacks.

5. Disclosure and Third-Party Integration

We operate as a closed-loop development agency, but certain infrastructures require external connections.

  • Essential Service Providers: We may share minimum necessary data with critical infrastructure partners, specifically Payment Gateways (e.g., WiPay, Stripe) to process transactions and Domain Registrars to secure your digital identity.
  • Legal Compliance: We will only disclose Confidential Information if compelled by a valid court order issued by a court of competent jurisdiction within Guyana. We will make reasonable efforts to notify you of such an order before disclosure, provided we are legally permitted to do so.

6. Client Rights and Data Portability

Consistent with our “100% Asset Ownership” promise, you retain full rights to your data.

  • Right to Export: You may request a full export of your database in a standard format (SQL or CSV) at any time.
  • Right to Erasure: Upon the termination of our services, you may request the permanent deletion of all Client Intelligence stored on our staging or development servers.
  • Access Controls: You have the right to dictate which members of your internal team have administrative access to your data vault.

7. Policy Updates

We reserve the right to update this Data Sovereignty & Privacy Policy to reflect changes in Guyanese law (such as the Data Protection Act) or our operational technologies. Major changes will be communicated via the official corporate email address on file.