Privacy policy
Last updated: May 2026
We keep this short and plain: we collect only what's necessary to run our business, we don't sell your data, and we use trusted third parties (Stripe, PayPal, Formspree) to handle payments and form submissions.
1. Who we are
marpal.dev ("we", "us", "our") is a freelance PHP and web development consulting service. This Privacy Policy describes how we collect, use, and protect personal information when you visit our website or use our services.
2. Information we collect
We collect personal information in the following situations:
- Contact form submissions: name, email address, and the message you send us
- Payment transactions: name, email, billing address, and payment details — collected and processed directly by Stripe or PayPal, not stored on our servers
- Email correspondence: any information you choose to include in emails to us
- Project work: access credentials (FTP, server, database) you provide for the purpose of completing agreed work
- Basic website analytics: anonymous aggregate data such as page views, browser type, and country, collected by our hosting provider
3. How we use information
We use the information we collect to:
- Respond to your inquiries and provide the services you've requested
- Process payments and issue receipts
- Communicate about ongoing projects, deliverables, and follow-ups
- Comply with legal obligations such as accounting and tax requirements
- Improve our services and website
We do not use your information for advertising, profiling, or any purpose unrelated to delivering the service you requested.
4. Third-party services
We rely on the following trusted third parties to operate our business:
- Stripe — payment processing
- PayPal — payment processing
- Formspree — contact form delivery
- Our hosting provider — website delivery and analytics
Each operates under its own privacy policy, linked above. We do not share your information with any other parties.
5. Cookies
Our website uses minimal cookies. We store a theme preference (light/dark/auto) in your browser's local storage — this stays on your device and is not transmitted to us. Our hosting provider may set basic analytics cookies. Payment pages opened through Stripe or PayPal use their own cookies, governed by their privacy policies.
6. Data retention
We retain personal information only as long as necessary:
- Contact form submissions and email correspondence: up to 2 years
- Payment and invoice records: 7 years (for tax and accounting compliance)
- Access credentials provided for project work: deleted within 30 days of project completion
- Source code and deliverables: retained as required for warranty and support periods
7. Security
We take reasonable precautions to protect your information:
- All web traffic is encrypted via HTTPS
- Payment data never touches our servers — handled directly by Stripe and PayPal
- Access credentials are stored securely and deleted when no longer needed
- We use strong, unique passwords and two-factor authentication on all accounts that handle Client data
No system is 100% secure, but we work to follow industry best practices and respond quickly to any incident affecting Client data.
8. Your rights
Depending on your jurisdiction (including the EU under GDPR and California under CCPA), you have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your information (subject to legal retention requirements)
- Object to or restrict certain processing
- Request a copy of your information in a portable format
- Withdraw consent at any time where processing is based on consent
To exercise any of these rights, contact us through the form on our homepage. We aim to respond to all requests within 30 days.
9. International transfers
Our third-party providers (Stripe, PayPal, Formspree, our hosting provider) may process data outside your country of residence. These providers offer their own safeguards, including standard contractual clauses and adequacy decisions, to ensure data transfers comply with applicable law.
10. Children's privacy
Our services are not directed at children under 16. We do not knowingly collect information from children. If you believe a child has provided information to us, please contact us and we will delete it.
11. Changes to this policy
We may update this Privacy Policy occasionally. The "Last updated" date at the top reflects the most recent revision. Significant changes will be highlighted on our homepage when possible.
12. Contact
Questions, concerns, or requests related to this Privacy Policy can be sent through the contact form on our homepage.