Privacy Policy

This Privacy Policy explains how LoneSock Consultancy ("LoneSock", "we", "our"), a unit of KaritKarma Limited, collects and uses personal data on the lonesock.pro website and during paid consulting engagements.

KaritKarma platform products (for example Wenme, Darwan, BitsPath) have their own product-level privacy policies that govern data processed inside those products. Where a LoneSock engagement uses one of those products, the product's policy applies to that processing in addition to this site policy.

We collect the minimum information needed to respond to enquiries and operate the website:

• Name, email address, phone number, and company name when you submit a contact form or email us directly.
• A free-text description of your project or enquiry.
• Standard server access logs (IP address, user-agent, request timestamps, referrer) retained for security and abuse-prevention purposes.
• Cookies that are strictly required for the site to function. We do not run third-party advertising trackers on lonesock.pro.

We use the information we collect to:

• Reply to your enquiry and schedule a discovery call.
• Prepare proposals, contracts, and statements of work for the engagement.
• Operate, maintain, and secure the lonesock.pro website and our own data center.
• Comply with legal obligations under Bangladesh law and the laws of the client's jurisdiction where applicable.

We do not sell personal data. We share it only with the recipients required to deliver the service:

• KaritKarma Limited as our parent company, for platform components used during an engagement.
• Sub-processors strictly necessary for email delivery, telephony, payment processing, and security monitoring, all bound by written contracts.
• Government bodies and law-enforcement agencies where required by law in Bangladesh or in the client's jurisdiction.

Enquiry data is retained for up to 24 months from the last contact with you, after which it is deleted or anonymized unless retention is required for legal, tax, or accounting purposes. Server access logs are retained for up to 90 days.

We operate our own Tier-3 data center as an APNIC member with ASN 64005. Data on lonesock.pro is encrypted in transit (TLS) and at rest. Access to enquiry data is limited to LoneSock staff who require it, controlled through OAuth-based identity and centralized RBAC. No security model is perfect, but our standards are equivalent to those we apply for our bank and ISP clients.

You may at any time request access to, correction of, or deletion of personal data we hold about you. Where the GDPR or comparable law applies, you also have rights to data portability and to restrict or object to processing.

To exercise any of these rights, email [email protected]. We will respond within 30 days.

We may update this Privacy Policy from time to time. Material changes will be highlighted on this page with a revised "last updated" date.

Questions about this policy should be sent to [email protected]. Postal: LoneSock Consultancy, c/o KaritKarma Limited, Dhaka, Bangladesh.