Privacy Policy

TheSecureLancer is an independent cybersecurity consultancy operated by Tanveer Singh, operating from Punjab, India. The practice is registered under the Micro, Small and Medium Enterprises Development (MSMED) Act, 2006 (Udyam Registration: on file; available on request).

The website at thesecurelancer.com is the public-facing presence of this consultancy. When this policy refers to "we", "us", or "TheSecureLancer", it means the sole operator, Tanveer Singh.

Contact form submissions

When you use the contact form at /contact, we collect your name, email address, optionally your phone number, and the message or project details you provide. This information is submitted voluntarily by you.

Analytics data

We use PostHog (posthog-js) and Vercel Analytics to understand how visitors use the site. These tools collect device type, browser, approximate IP region (not precise location), pages viewed, referrer, and interaction events. PostHog assigns a persistent distinct_id stored in your browser. Vercel Analytics processes requests server-side and does not set persistent cookies.

Theme preference

If you switch the colour theme (light/dark), your preference is saved in localStorage under the key theme. This data never leaves your device.

• To respond to your enquiry and discuss a potential security engagement.
• To deliver contracted engagements, maintain correspondence, and fulfil obligations under a signed Scope of Work and NDA.
• To understand how visitors interact with the site so we can improve content, performance, and usability (analytics).
• To remember your display preference so the site renders correctly on your next visit (theme localStorage).

For visitors in the European Economic Area (EEA) and United Kingdom, we process personal data under the following bases from GDPR Article 6(1):

• Article 6(1)(b) — Performance of a contract: processing contact form submissions to take steps at your request before entering into, or to perform, an engagement agreement.
• Article 6(1)(f) — Legitimate interests: operating PostHog and Vercel Analytics to improve the website. We have assessed that this interest is not overridden by your interests or fundamental rights, given the limited nature of the data collected and the absence of advertising profiling.

For individuals in India, we process personal data in accordance with the Digital Personal Data Protection (DPDP) Act, 2023. Contact form submissions are processed on the basis of your consent (given by submitting the form) and, where an engagement follows, the legitimate use of data necessary to perform a contracted service.

We do not sell, rent, or trade your personal data. We share data only with the following sub-processors, each engaged solely to operate the website and deliver services:

No advertising networks or data brokers receive your personal data.

TheSecureLancer serves clients worldwide. Your data may be processed or stored outside the country where you are located — including in the United States and the European Union — by the sub-processors listed above. Where personal data originating in the EEA is transferred to a third country, we rely on the Standard Contractual Clauses approved by the European Commission, or on the adequacy decision applicable to the recipient country, as our transfer mechanism. By submitting the contact form or using this website, you acknowledge that your data may cross national borders as described.

• Contact form submissions and related correspondence are retained for 24 months from the date of submission, unless an active engagement is underway, in which case data is retained for the duration of the engagement plus 24 months to accommodate reasonable follow-up and warranty periods.
• PostHog analytics data is retained for 12 months from collection. Session recordings (if enabled) follow the same schedule.
• Vercel Analytics data is aggregated and does not personally identify you; it is subject to Vercel's own retention policies.
• Theme preference stored in localStorage persists until you clear your browser storage.

Depending on where you are located, you may have the following rights regarding your personal data:

To exercise any of these rights, contact us via the /contact form. We will respond within 30 days (GDPR) or within 7 business days (DPDP), whichever applies.

We take the security of your data seriously. The following measures are in place:

• All data in transit between your browser and our servers is encrypted using TLS 1.2 or higher. HTTPS is enforced at the edge via Vercel and Cloudflare.
• Application secrets, SMTP credentials, and API keys are stored as encrypted environment variables and never committed to source code.
• Engagement deliverables — including penetration test reports and findings — are shared only over encrypted channels and are subject to mutual NDA.
• Access to contact form submissions is limited to the sole operator.

No method of transmission or storage is 100% secure. If you believe there has been a data breach affecting your information, please contact us immediately.

Our services are directed exclusively at businesses and professional individuals. The website is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has submitted data through this site, please contact us via /contact and we will delete it promptly.

For any privacy-related request, question, or concern — including exercising your rights under GDPR or the DPDP Act — please reach out via the contact form. Email is available on request through the same form. We aim to acknowledge all privacy requests within 2 business days and resolve them within the statutory deadline.

In accordance with the Digital Personal Data Protection Act, 2023, and applicable rules thereunder, the following individual is designated as the Grievance Officer for residents of India:

Any complaint or grievance regarding the processing of your personal data will be acknowledged within 48 hours and resolved within 30 days of receipt.