Privacy Policy

1. Who we are

Trident Quality Assurance ("Trident QA", "we", "us") is the brand of an individual entrepreneur (FOP) registered in Ukraine on the simplified taxation system. Operational location: Kyiv, Ukraine. Full legal-entity details (registration number, IBAN, banking) are provided in the commercial invoice issued after engagement scope is agreed. For privacy matters, use the contact form and select the "Privacy" topic.

We act as a data controller for personal data submitted through this website and as a data processor for any personal data Client provides to us within a paid engagement (e.g., test data containing PII), processed under a separate Data Processing Agreement.

2. What data we collect

We collect only what we need to respond to inquiries, provide services, and operate the website:

• Contact form submissions: name, work email, company name (optional), service of interest, project description you provide.
• Email correspondence: email address, name, and content of messages you send to us.
• Server logs: IP address, browser user agent, referring URL, timestamp — collected by our hosting provider for security and debugging (retained 30 days).
• Analytics: aggregated, anonymous page-view counts via GoatCounter — no cookies, no personal identifiers, no cross-site tracking.

We do not knowingly collect data from individuals under 16. We do not collect special categories of personal data (race, religion, health, biometric data, sexual orientation).

3. Why we use it (lawful basis)

• To respond to your inquiry — legal basis: pre-contractual measures at your request (Article 6(1)(b) GDPR).
• To send you a proposal or follow-up — legal basis: legitimate interest in pursuing legitimate business and your prior expression of interest (Article 6(1)(f) GDPR).
• To fulfil engagements — legal basis: performance of contract (Article 6(1)(b) GDPR).
• To comply with law — legal basis: legal obligation (Article 6(1)(c) GDPR), including Ukrainian tax retention rules.
• To secure and improve our website — legal basis: legitimate interest in operating a safe website (Article 6(1)(f) GDPR).

We do not sell personal data, do not use it for advertising profiling, and do not transfer it to any party outside our sub-processor list below.

4. How long we keep it

• Contact inquiries — 24 months from last contact (then deleted automatically).
• Active engagement records — for the duration of the engagement plus 3 years (for warranty, dispute, and IP traceability).
• Tax and accounting records — minimum 3 years per Ukrainian Tax Code, or longer if required by law of Client's jurisdiction.
• Server logs — 30 days.
• Aggregated analytics — indefinitely (no personal data).

5. Sub-processors

We rely on a small set of vetted vendors to operate this website and our business. Each is bound by appropriate data processing terms.

• Cloudflare, Inc. — DNS, CDN, and DDoS protection. Region: global edge. Privacy policy.
• Vercel, Inc. — static site hosting and edge delivery. Region: USA / EU. Privacy policy.
• Formspree — relays submissions from the contact form to our internal mailbox. Region: USA. Privacy policy.
• Formspree — contact form submission delivery. Region: USA. Privacy policy.
• GoatCounter — privacy-friendly, cookie-free analytics. Region: EU. GDPR statement.

Online card-payment acquirer: an authorized Ukrainian or international payment acquirer may be added to this list after the corresponding acquiring agreement is activated. The current list above reflects the active sub-processors as of the last-updated date. Any change will be published here with at least 30 days notice before activation.

Where personal data leaves the European Economic Area, we rely on Standard Contractual Clauses approved by the European Commission. We do not transfer personal data to any jurisdiction outside this list without prior notice.

6. Your rights

Under GDPR and Ukrainian Law on Protection of Personal Data, you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase your data ("right to be forgotten"), subject to legal retention requirements.
• Restrict processing in specific circumstances.
• Object to processing based on legitimate interest.
• Data portability — receive your data in a structured, commonly used format.
• Lodge a complaint with a supervisory authority (e.g., the Ukrainian Parliament Commissioner for Human Rights, or your local EU Data Protection Authority).

7. Security

We protect personal data using industry-standard measures: TLS encryption in transit, encrypted storage, access controls, principle of least privilege for our team, and signed NDAs with every contractor. Our website is hosted on infrastructure that complies with SOC 2 / ISO 27001.

No system is 100% secure. If a breach affecting your data ever occurs, we will notify you and the relevant supervisory authority without undue delay, in accordance with Article 33–34 GDPR.

8. Cookies and tracking

This website does not use tracking cookies or third-party advertising pixels. Our analytics provider (GoatCounter) is cookie-free by design. Bootstrap CSS/JS, Inter font, and bootstrap-icons are loaded from public CDNs (jsdelivr, Google Fonts); those providers may log requests in accordance with their own privacy policies, but we do not pass any user identifiers to them.

9. Changes to this policy

We may update this policy to reflect changes in law, technology, or our operations. The "Last updated" date at the top of the page indicates the latest revision. Material changes affecting active engagements will be communicated by email.

10. Contact

Privacy questions or rights requests: use the contact form and select the "Privacy" topic.

General inquiries: use the contact form.