The Short VersionWe collect only what we need to run our business and serve our clients. We do not sell your data. We do not use it for advertising. We store it securely and delete it when it is no longer needed. If you have questions, email hello@50fsecurity.com and you will get a real reply.

1. Who We Are

50fsecurity is a digital engineering agency that designs and builds web platforms, SaaS products, mobile applications, and cybersecurity solutions for businesses globally, with a primary focus on GCC and international markets.

Controller: 50fsecurity
Contact: hello@50fsecurity.com
WhatsApp: +212 622 337 533

This Privacy Policy applies to our website 50fsecurity.com, all sub-pages, and any service we provide directly to you.

2. Data We Collect

We collect information in three ways: directly from you, automatically when you use our website, and through the client engagement process.

2.1 Information You Provide Directly

Data Type
Why We Collect It
Name & email address
To respond to your inquiry and manage project communication
Phone / WhatsApp
Optional. Only if you provide it for preferred contact
Company / project brief
To scope and propose the right solution for your needs
Budget range
To determine whether we are a practical fit for your project

2.2 Information Collected Automatically

When you visit our website, standard web server logs capture your IP address, browser type, operating system, referring URL, and pages visited. This data is used solely for security monitoring and aggregate analytics (total visitor count, popular pages). It is not linked to your identity.

We do not use Google Analytics, Facebook Pixel, or any third-party behavioral tracking scripts on our website.

2.3 Client Engagement Data

Once we begin working with you as a client, we may process additional data necessary to deliver the project: access credentials (stored in an encrypted password manager, never in plain text), project specifications, design assets, and payment information processed through our secure payment providers.

3. How We Use Your Data

We use the information we collect strictly for the following purposes:

01
Responding to inquiries

To reply to project requests submitted via our contact form or email within 24 hours.

02
Delivering contracted services

To plan, build, test, and deploy the digital products you have commissioned.

03
Billing and invoicing

To process payments, issue invoices, and maintain financial records as required by law.

04
Website security

To detect and prevent malicious traffic, brute-force attacks, and abuse of our contact endpoints.

05
Legal compliance

To meet obligations under applicable law, including financial record retention requirements.

We do not use your data for advertising, profiling, or selling to third parties — ever.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area or a jurisdiction with equivalent data protection law, we process your personal data on the following legal bases:

  • Legitimate Interest Responding to your inquiry, website security, server log analysis
  • Contract Performance Processing data necessary to deliver the services you have contracted us to provide
  • Legal Obligation Retention of financial and billing records as required by applicable tax and commercial law

5. Data Sharing

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

Sub-processors and tools: We use a small set of professional tools to run our business — email (Gmail), project management, and invoicing software. These providers are contractually bound to process your data only on our instructions and in accordance with GDPR or equivalent standards.

Legal requirements: If required by law, court order, or governmental authority, we may disclose data. We will notify you where legally permitted to do so.

Business transfers: In the unlikely event of a merger or acquisition, personal data would be transferred only under terms at least as protective as this policy, and you would be notified in advance.

6. Data Retention

Data Category
Retention Period
Inquiry / contact form data
2 years from last contact, or until you request deletion
Client project data
5 years from project completion (contractual obligations)
Billing and invoices
10 years (statutory financial record requirement)
Server access logs
90 days, then automatically purged

7. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data. To exercise any of them, contact hello@50fsecurity.com. We respond within 30 days.

Access

Request a copy of all personal data we hold about you

Rectification

Request correction of inaccurate or incomplete data

Erasure

Request deletion of your data where no legal obligation requires retention

Portability

Receive your data in a structured, machine-readable format

Restriction

Request that we limit processing of your data under certain conditions

Objection

Object to processing based on legitimate interest where your interests override ours

8. Cookies

Our website uses only essential technical cookies — specifically the session cookie required for CSRF protection on our contact form. We do not set advertising cookies, analytics cookies, or any persistent tracking cookies.

No cookie banner is shown because no consent-dependent cookies are used.

9. Security

We take security seriously — it is, after all, the foundation of our practice. Measures we apply include:

  • HTTPS with TLS 1.3 across all pages and form submissions
  • Cloudflare WAF and DDoS protection at the network edge
  • Encrypted password management — no credentials stored in plain text
  • Access limited to personnel who require it to perform their function
  • Regular security reviews conducted in accordance with OWASP guidelines

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify relevant authorities and affected individuals as required by applicable law, without undue delay.

10. International Transfers

Our primary operations and hosting infrastructure are based in the EU/EEA region. Where data is processed by sub-processors located outside the EEA (for example, certain cloud collaboration tools), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

11. Third-Party Links

Our website may contain links to third-party websites — client case studies, GitHub repositories, LinkedIn profiles. We are not responsible for the privacy practices of those sites. We recommend reviewing the privacy policy of any external site you visit.

12. Children's Privacy

Our services are directed exclusively at businesses and professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has submitted data through our site, contact us immediately and we will delete it.

13. Changes to This Policy

We update this policy when our practices change or when required by law. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be announced via a notice on our homepage for at least 30 days before taking effect.

Continued use of our website after policy changes constitutes acceptance of the revised terms.

14. Contact & Complaints

For any privacy-related questions, requests, or complaints, contact us directly:

We aim to respond to all privacy requests within 30 calendar days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.