Privacy Policy
Last updated: 20 March 2026
InnovateBits ("we", "us", "our") operates the website at https://www.innovatebits.com. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and India's Digital Personal Data Protection Act 2023 (DPDP Act).
We take your privacy seriously. We collect only the minimum data necessary to operate this website and respond to enquiries. We do not sell your data to third parties.
1. Who We Are
2. Data We Collect and Why
We collect personal data only when you actively provide it or when it is technically necessary to serve the website.
Contact Form
Data collected: Name, email address, message content
Purpose: To respond to your enquiry
Legal basis: Legitimate interest (responding to a direct enquiry)
Retention: 12 months from the date of your enquiry, then deleted
Newsletter Subscription
Data collected: Email address
Purpose: To send you articles, tutorials, and updates about QA and AI testing
Legal basis: Consent (you opted in by submitting the form)
Retention: Until you unsubscribe. Every email includes a one-click unsubscribe link.
Third party: Your email is processed by our email service provider (ConvertKit, Beehiiv, or Mailchimp depending on current configuration). They act as data processors under a Data Processing Agreement.
Blog Comments (Giscus)
Data collected: GitHub username and profile information (public GitHub data)
Purpose: To display your comment on blog posts
Legal basis: Consent (you chose to authenticate with GitHub)
Third party: Comments are stored as GitHub Discussions in our public repository. GitHub's privacy policy applies: github.com/privacy
Withdrawal: You can delete your own comments at any time via GitHub Discussions.
Server / Hosting Logs (Vercel)
Data collected: IP address, browser type, pages visited, timestamp (standard web server logs)
Purpose: Security, performance monitoring, and error diagnosis
Legal basis: Legitimate interest (operating a secure website)
Retention: Retained by Vercel for up to 30 days per their data retention policy
Third party: Vercel Inc., USA. Data transfers to the US are covered under the EU-US Data Privacy Framework and Standard Contractual Clauses. Vercel's privacy policy: vercel.com/legal/privacy-policy
3. Cookies
This website uses only essential cookies — cookies that are strictly necessary for the website to function. We do not use advertising cookies, tracking cookies, or third-party analytics cookies.
| Cookie | Purpose | Expiry |
|---|---|---|
| __vercel_live_token | Vercel deployment infrastructure | Session |
| _gh_sess (Giscus) | GitHub authentication for comments (only set if you log in to comment) | Session |
Because we only use essential cookies, we are not required by UK PECR or EU ePrivacy Directive to show a cookie consent banner. If we add non-essential cookies in future, we will update this policy and add a consent mechanism.
4. Third-Party Services
We use a small number of third-party services to operate this website. Each acts as a data processor under a Data Processing Agreement where applicable.
Vercel
Website hosting and CDN · USA
GitHub (via Giscus)
Blog comment storage · USA
Email provider (ConvertKit / Beehiiv / Mailchimp)
Newsletter delivery · USA
5. International Data Transfers
Our hosting provider (Vercel) and some third-party services are based in the United States. When your data is transferred to the US, it is protected by one or more of the following mechanisms:
- EU-US Data Privacy Framework (for EU residents)
- UK-US Data Bridge (for UK residents)
- Standard Contractual Clauses (SCCs) approved by the European Commission
6. Your Rights
Depending on where you are located, you have the following rights regarding your personal data:
Right of access
Request a copy of the data we hold about you
Right to rectification
Ask us to correct inaccurate data
Right to erasure
Ask us to delete your data ("right to be forgotten")
Right to restrict processing
Ask us to limit how we use your data
Right to data portability
Receive your data in a machine-readable format
Right to object
Object to processing based on legitimate interests
Right to withdraw consent
Unsubscribe from newsletter at any time
Right to complain
Lodge a complaint with your supervisory authority
To exercise any of these rights, email us at privacy@innovatebits.com. We will respond within 30 days. We may need to verify your identity before processing your request.
7. Supervisory Authorities
If you believe we have not handled your data correctly, you have the right to complain to the relevant supervisory authority:
🇬🇧 UK: Information Commissioner's Office (ICO) — ico.org.uk
🇪🇺 EU: Your local Data Protection Authority (DPA) — edpb.europa.eu
🇮🇳 India: Data Protection Board of India (once operational under DPDP Act 2023)
8. Children's Privacy
This website is intended for professionals and is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@innovatebits.com and we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify newsletter subscribers by email. Continued use of the website after changes constitutes acceptance of the updated policy.
10. Contact Us
For any privacy-related questions, requests, or complaints, contact us at: