Privacy Policy

1) Roles & Scope

When we run our own website, billing, sales, and support, we act as a data controller.
When we manage a client website or process leads on your behalf (e.g., routing form submissions into your CRM), we act as your data processor and will sign a Data Processing Addendum (DPA) on request.
This Policy covers: instantprod.dev, client onboarding forms, and our delivery workflow tools (e.g., Trello). It does not cover third-party sites we don’t control; review those providers’ policies separately.

2) Data We Collect

2.1 You provide directly

Account/Billing: name, business email, company, role, billing email, VAT/GCT info.
Content for work: copy, images, design briefs, technical access (e.g., GitHub/Vercel invitations).
Support/Comms: messages, attachments, feedback.

2.2 Collected automatically (website/app telemetry)

Usage data: pages viewed, timestamps, referrers, device/browser, approximate location (city/region).
Identifiers: IP address, cookie IDs or equivalent.
Campaign/UTM data: utm_source, utm_medium, etc., if present on your visit.

2.3 From third parties (as allowed by you)

Payment status and identifiers from Stripe.
Workspace metadata from tools you connect (e.g., Vercel/Netlify, GitHub, Trello, your CRM).

3) Why We Use Data (Purposes)

Provide the Services and operate your work queue (Backlog → Active → Approval).
Account & Billing (subscriptions, invoicing, fraud prevention).
Support & Service notices (SLA updates, cancellations, security alerts).
Product improvement & analytics (aggregate usage trends).
Legal & compliance (tax, accounting, security, dispute handling).
Marketing to businesses who have expressed interest (you can opt out anytime).

4) Legal Bases (high-level)

We process data under one or more of the following:
Contract (to deliver the Services you subscribed to)
Legitimate interests (security, analytics, product improvement, B2B marketing)
Consent (where required—e.g., certain cookies/marketing in some regions)
Legal obligations (tax, fraud prevention, record-keeping)

5) Cookies & Analytics

5.1 Consent-based analytics. We use Google Analytics 4 (GA4) to understand how visitors use our site. GA4 scripts only load after you accept cookies via our consent banner. If you decline or close the banner, no tracking scripts are loaded.

5.2 What GA4 collects. When enabled, GA4 may collect: pages viewed, session duration, approximate location (city/country), device/browser type, referrer URL, and anonymized IP address. Google may process this data on servers outside Jamaica. See Google's Privacy Policy.

5.3 Essential cookies. We use minimal essential cookies for site functionality (e.g., storing your cookie consent preference in localStorage).

5.4 Managing preferences. You can withdraw consent anytime by clearing your browser's localStorage for our site, or by using browser settings to block cookies. Some features may not work without cookies.

We don't sell your personal data. We don't run interest-based ads on our site.
If you need a detailed cookie list for compliance, email support@instantprod.dev.

6) Sharing Your Data

We share personal data only with:
Service providers / processors that help us run Instantprod (e.g., Stripe for payments; Vercel/Netlify/Cloudflare for hosting; GitHub; Trello; email/CRM tools; analytics).
Professional advisors (legal, accounting) under confidentiality.
Authorities when required by law.
Business transfers (e.g., merger or acquisition).
We remain responsible for processors acting on our instructions. We do not sell personal data.

7) International Transfers

We may store or process data outside Jamaica (e.g., the USA/EU). When we transfer personal data internationally, we use appropriate safeguards (such as Standard Contractual Clauses or equivalent contractual protections).

8) Data Retention

We keep data only as long as needed for the purposes in this Policy, to perform a contract, or to meet legal obligations.
Operational logs/analytics are kept for a limited period and then aggregated or deleted.
You can ask us to delete data we control, subject to legal/operational exceptions.

9) Security

We use reasonable technical and organizational measures: least-privilege access, encrypted transport, access reviews, and recommended two-factor authentication for shared tools. No method is 100% secure; we can’t guarantee absolute security.

10) Your Rights

Depending on the law that applies to you (including Jamaica’s Data Protection Act), you may have rights to:
Access your personal data we control
Rectify inaccurate or incomplete data
Erase data (when no longer needed and not legally required to retain)
Restrict or object to certain processing
Portability (receive your data in a usable format)
Withdraw consent where processing relies on consent

To exercise any rights or make a complaint, email support@instantprod.dev. You may also contact the Information Commissioner (Jamaica). We’ll respond within a reasonable time.
If we act as your processor (for your site/lead data): Please direct requests to your organization; we’ll assist as required by our DPA.

11) Payments

We use Stripe for payments. We don’t store card numbers on our servers. Stripe processes payment data under its own terms and privacy notice. See https://stripe.com/privacy.

12) Links to Other Sites

Our website may link to third-party sites. We don’t control their content or privacy practices. Review their policies before sharing information.

13) Children

Our Services are for business use and not directed to children. We don’t knowingly collect personal data from children. If you believe a child provided personal data, contact us and we’ll delete it.

14) Changes to This Policy

We may update this Policy from time to time. If we make material changes, we’ll update the Effective date and, where appropriate, provide additional notice. Your continued use of the Services after changes means you accept the updated Policy.

15) Contact Us

Instantprod
Email: support@instantprod.dev
Address: 2 Upper Elleston Road, Kingston CSO