1. Who we are
CIA Development, LLC ("CIA Development," "we," "us") is a software studio based in Missouri, United States. This policy explains how we handle personal data collected through cia.dev and in the course of our client work. For data we process on behalf of a client as part of an engagement, the client is the data controller and our handling is governed by our agreement and Data Processing Addendum.
2. Information we collect
Information you provide
When you submit our contact form, we collect your name, email address, your project description, and an optional budget range. We use this solely to respond to and evaluate your inquiry.
Information collected automatically
- Privacy-respecting analytics. We use self-hosted, cookieless analytics that records aggregate usage (e.g., page views, referrer, approximate region, device type) without cross-site tracking and without storing cookies on your device.
- Server logs. Our servers record standard technical data (IP address, timestamp, request path, user agent) for security, abuse prevention, and troubleshooting.
3. Cookies
cia.dev does not use tracking or advertising cookies, and we do not run third-party ad networks. Because our analytics are cookieless, no cookie-consent banner is required for them.
4. How we use information
- To respond to inquiries and assess potential engagements;
- To operate, maintain, secure, and improve our website;
- To detect, prevent, and investigate security incidents and abuse;
- To comply with legal obligations.
We do not sell personal data, and we do not use it for advertising or share it with advertisers.
5. Legal bases (EEA/UK)
Where the GDPR/UK GDPR applies, we rely on: your consent and/or steps taken at your request prior to a contract (for inquiries you submit); and our legitimate interests in securing and improving our site (balanced against your rights).
6. Sharing & subprocessors
We share personal data only with the service providers that help us operate, listed on our Subprocessors page (currently Google Cloud for hosting, Postmark for email delivery, and Google Fonts for web-font delivery). Each processes data on our instructions. We may also disclose data where required by law.
7. Data retention
- Contact-form inquiries: retained for up to 24 months, then deleted, unless they become part of an active client relationship.
- Server logs: retained for a limited period for security and operations.
- Backups: rotated on a short retention cycle.
8. Your rights
Depending on where you live, you may have the right to access, correct, delete, or port your personal data, and to object to or restrict certain processing. Under U.S. state laws such as the CCPA/CPRA, you may request to know, delete, or correct your data and to opt out of "sale"/"sharing" (we do neither). We will not discriminate against you for exercising these rights.
To make a request, email security@cia.dev. We will verify and respond within the time required by applicable law.
9. International transfers
We are based in, and process data in, the United States. If you contact us from outside the U.S., your data will be transferred to and processed in the U.S.
10. Children's privacy
cia.dev is not directed to children, and we do not knowingly collect personal data from children under 16.
11. Changes
We may update this policy from time to time. Material changes will be reflected by a new effective date above.
12. Contact
Questions or privacy requests: security@cia.dev.