Privacy Policy
Effective 2026-05-23 · Version 2026-05-23 · Last updated 2026-05-23
This Privacy Policy explains how Sheikh M. Abdullah ("we", "us", "our") collects, uses, and protects personal information when you use this website (the "Site").
By using the Site, you acknowledge this policy. If you do not agree, please do not use the Site.
Data controller
- Controller: Sheikh M. Abdullah (individual)
- Contact: contact@sh3ikhmabz.com (subject line: Privacy Request)
- Governing law: England & Wales
For correspondence address details, contact us by email; a postal address is available on request.
Information we collect
Personal information
When you voluntarily provide it (contact forms, newsletter, booking, portal lead forms, chat, or account login), we may collect your name, email address, phone or messaging details, company, role, project information, and other details you choose to share.
Usage data
We may collect non-identifying information such as browser type, pages visited, time on site, and referring URLs. Google Analytics 4 is used only after you accept analytics cookies (see Cookie Policy).
Cookies and local storage
See our Cookie Policy for categories, retention, and how to withdraw consent.
How we use information
- Respond to enquiries and booking requests
- Deliver newsletters or updates where you have subscribed or consented
- Operate accounts and the dashboard (authenticated users)
- Improve site content, security, and performance
- Analyze usage patterns when analytics consent is granted
- Operate the AI chat assistant and optional text-to-speech features
We do not sell personal information.
Lawful bases (UK GDPR summary)
| Processing | Purpose | Legal basis |
|---|---|---|
| Contact / booking / portal forms | Respond, contract preparation | Contract / Legitimate interests |
| Newsletter / marketing | Updates and offers | Consent |
| GA4 (if accepted) | Site analytics | Consent |
| Auth / security logs | Account security | Legitimate interests |
| AI chat | Assist visitors; optional lead capture | Legitimate interests / Consent for lead data |
This table is a summary for transparency; counsel may refine wording.
Third-party processors
| Processor | Use |
|---|---|
| Supabase | Authentication, bookings, CMS data hosting |
| Stripe | Payment processing for paid engagements on /engagement |
| Calendly | Appointment scheduling (embed, popup, webhooks) |
| Google Analytics | Usage analytics (after consent) |
| Google Gemini | AI chat and optional TTS via our servers |
| Resend | Transactional and auth emails (when configured) |
| Twilio | SMS login step-up (when configured) |
| Google Sheets | Optional server copy of form submissions |
| Sentry | Error monitoring (when SENTRY_DSN is configured) |
Each processor has its own privacy policy. We are not responsible for third-party sites linked from the Site.
Data flows on this site
- Engagement booking (
/engagement): name, email, role, project stage, budget, service selection, Calendly URIs, Stripe payment metadata (no full card numbers on our servers). - Channel portals (
/go/*): tier selection, optional lead form (name, email, WhatsApp, company, message, attribution). - Contact / newsletter / speaking: form fields you submit via our API (stored in Supabase; optional Sheets copy).
- AI chat: message content; name/email when provided for lead follow-up. Note: some chat leads may be stored locally in your browser until routed to our API — we are improving this flow.
- Dashboard login: email, session cookies, optional SMS verification.
Retention
We retain data only as long as needed for the purposes above, legal obligations, or dispute resolution. Specific retention periods: [TODO — confirm with counsel, e.g. bookings, leads, analytics].
International transfers
Where processors store data outside the UK/EEA, we rely on appropriate safeguards (e.g. UK IDTA / SCCs) as applicable. Details available on request.
Your rights
Depending on your location, you may have rights to access, rectify, erase, restrict, object, or port your data, and to withdraw consent. UK residents may complain to the ICO (ico.org.uk).
Contact contact@sh3ikhmabz.com with subject Privacy Request. We aim to respond within one month.
Regional addenda
UK & EU {#uk-eu}
UK GDPR and EU GDPR rights apply as described above. Supervisory authority: ICO (UK).
United States {#united-states}
We do not sell personal information. California residents may have additional rights under CCPA/CPRA — contact us to exercise them.
Asia-Pacific {#asia-pacific}
Residents of Singapore, India, and other APAC jurisdictions may have local rights — contact contact@sh3ikhmabz.com for requests.
Children
The Site is not directed at children under 13. We do not knowingly collect children's personal information.
Changes
We may update this policy. The effective date at the top of the published page will change when we do.