Privacy Policy

Effective Date: January 13, 2026

1. Introduction

This Privacy Policy explains how George (@georgedevz) ("we", "us", or "our") collects, uses, stores, and protects personal data when you visit our website or subscribe to our launch waitlist for the "Django SaaS Boilerplate" product. We are based in Hong Kong and comply with the Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO") and, where applicable, the EU General Data Protection Regulation ("GDPR") for EU residents.

We collect minimal data (primarily email addresses) only to notify visitors about the product launch. We do not sell personal data to third parties, use it for marketing beyond launch notifications, or engage in unrelated processing.

2. Personal Data We Collect

We collect only what is necessary (data minimization principle under GDPR Article 5 and PDPO DPP1):

• Email address: Provided voluntarily when you subscribe to our waitlist via the form on this site.
• Technical data: Automatically collected (e.g., IP address, browser type, access times) for site security and analytics (limited and anonymized where possible).

We do not collect sensitive data (e.g., name, payment info). For purchases, Stripe handles all payment-related personal data directly — we do not store card details or full billing info.

3. How We Collect Personal Data

Data is collected lawfully and fairly (PDPO DPP1, GDPR Article 5):

• Directly from you via the email subscription form (explicit consent).
• Automatically via cookies/server logs (see our Cookie Policy if applicable).

Providing your email is voluntary. Refusal means you won't receive launch notifications.

4. Purpose and Lawful Basis for Processing

We process your email address solely to send launch notifications (one-time or limited updates about the Django SaaS Boilerplate). This is our primary purpose (purpose limitation under PDPO DPP3 and GDPR Article 5).

Lawful basis:

• Consent (GDPR Article 6(1)(a), PDPO): You give explicit, informed consent by submitting the form (e.g., checking any required box or affirmative action).
• Legitimate interests (GDPR Article 6(1)(f)): For technical/security data, where interests do not override your rights.

We will not use your data for marketing, profiling, or any other purpose without new consent. No selling or sharing for third-party gain.

5. Sharing and Transfers of Personal Data

We do not sell, rent, or share your personal data with third parties for their own purposes. Limited sharing occurs only with:

• Service providers (e.g., hosting, email service like Mailchimp/Resend if used) as data processors under strict contracts ensuring security and PDPO/GDPR compliance.
• Stripe for payments (they act as independent controllers for payment data).
• Legal authorities if required by law.

If data transfers outside Hong Kong/EU occur (e.g., to US-based processors), we use safeguards like Standard Contractual Clauses (GDPR) or ensure adequacy.

6. Data Retention

We keep your email only as long as necessary for launch notifications (PDPO DPP2, GDPR Article 5(e)). After the product launches (or if you unsubscribe), we will delete it promptly unless legally required otherwise.

7. Data Security

We take all practicable steps to protect your data from unauthorized access, loss, or misuse (PDPO DPP4, GDPR Article 32), including encryption, access controls, and regular security reviews. However, no system is 100% secure.

8. Your Rights

Under PDPO (DPP6) and GDPR (Articles 15–22), you have the right to:

• Access your data.
• Correct inaccurate data.
• Request erasure ("right to be forgotten").
• Restrict processing.
• Object to processing (including withdraw consent).
• Data portability (where applicable).

Contact us at georgedjangodev@gmail.com to exercise these rights. We respond within statutory timeframes (e.g., 40 days under PDPO, 1 month under GDPR). No fee unless requests are excessive.

9. Children's Privacy

Our site is not directed at children under 16. We do not knowingly collect data from children.

10. Changes to This Privacy Policy

We may update this policy. Changes will be posted here with an updated effective date. Continued use constitutes acceptance.

11. Contact Us

For questions, rights requests, or complaints:

Email: georgedjangodev@gmail.com

You may also complain to the Office of the Privacy Commissioner for Personal Data (Hong Kong) or relevant EU supervisory authority.

Thank you for trusting us with your data. We prioritize your privacy!