Privacy Policy

Last updated: May 5, 2026

This Privacy Policy explains how I, Sarmad Mughal (operating sarmadmughal.com), collect, use, and protect your personal information when you visit my website or use my design subscription Services. I respect your privacy and aim to be transparent about what I do with your data.

Contact: hello@sarmadmughal.com

1. Who This Applies To

This policy applies to anyone who:

  • Visits sarmadmughal.com
  • Subscribes to my design service
  • Contacts me by email or form
  • Interacts with me on connected platforms

I serve clients globally, with most based in the US, UK, and EU, and I treat data accordingly under the GDPR, UK GDPR, and CCPA where applicable.

2. Information I Collect

Information you give me directly:

  • Name, email address, company name
  • Billing address and tax information (collected by Paddle)
  • Project briefs, brand assets, and any files you send me
  • Communications (emails, messages, feedback)

Information collected automatically:

  • IP address, browser type, device info, referring URL
  • Pages visited, time on site, and similar analytics data
  • Cookie data (see Section 7)

Information from third parties:

  • Payment confirmation and billing data from Paddle (my Merchant of Record)
  • Transaction info from Wise if used as a backup payment method

I do not collect or store full credit card numbers myself. All card data is handled directly by Paddle on PCI-compliant infrastructure.

3. How I Use Your Information

I use your data to:

  • Provide and deliver the design Service you subscribed to
  • Process payments and send invoices/receipts
  • Communicate about your projects, account, or support requests
  • Send service updates and important notices
  • Send marketing emails (only if you opt in — you can unsubscribe anytime)
  • Improve my website and services through analytics
  • Comply with legal obligations and prevent fraud or abuse

4. Legal Basis for Processing (GDPR)

If you’re in the EU/UK, I rely on the following legal bases:

  • Contract — to deliver the Service you signed up for
  • Legitimate interests — to run, secure, and improve my business
  • Consent — for marketing emails and non-essential cookies (you can withdraw anytime)
  • Legal obligation — to comply with tax, accounting, and other laws

5. How I Share Your Information

I don’t sell your personal data. I share it only with trusted parties who help me run the Service:

ProviderPurpose
PaddlePayment processing, tax handling (Merchant of Record)
WiseBackup payment processing
Email/CRM providerSending transactional and marketing emails
Hosting providerWebsite and database hosting
Analytics providerWebsite usage analytics
Cloud storageStoring client files and briefs

Each of these has their own privacy policy and data protection commitments. I may also disclose data when required by law, court order, or to protect my legal rights.

6. International Data Transfers

I am based in Pakistan, and my service providers operate globally. This means your data may be transferred to and processed in countries outside your own, including Pakistan, the US, and the EU.

For transfers from the EU/UK, I rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or work with providers who offer GDPR-compliant data protection terms.

7. Cookies and Tracking

My website uses cookies and similar technologies for:

  • Essential cookies — making the site work (always on)
  • Analytics cookies — understanding how visitors use the site
  • Functionality cookies — remembering preferences

You can control cookies through your browser settings or my cookie banner (where available). Disabling some cookies may affect site functionality.

8. How Long I Keep Your Data

I retain personal data only as long as necessary:

  • Account & subscription data — while your account is active, plus up to 7 years for tax/legal records after closure
  • Project files — for the duration of your subscription, plus a reasonable archival period
  • Marketing contacts — until you unsubscribe
  • Website analytics — typically 14–26 months

After these periods, data is deleted or anonymized.

9. Your Rights

Depending on where you live, you may have the right to:

  • Access the personal data I hold about you
  • Correct inaccurate information
  • Delete your data (“right to be forgotten”)
  • Restrict or object to processing
  • Port your data to another provider
  • Withdraw consent at any time
  • Lodge a complaint with a data protection authority

California residents (CCPA): You also have the right to know what personal information I collect and to request deletion. I do not sell your personal information.

To exercise any of these rights, email hello@sarmadmughal.com. I’ll respond within 30 days.

10. Data Security

I use reasonable technical and organizational measures to protect your data — encryption in transit, access controls, and trusted service providers. However, no system is 100% secure, and I cannot guarantee absolute security.

If a data breach affecting your information occurs, I will notify you and the relevant authorities as required by law.

11. Children’s Privacy

My Services are not directed at anyone under 16. I do not knowingly collect data from children. If you believe a child has provided me with personal data, contact me and I’ll delete it.

12. Third-Party Links

My website may link to external sites (e.g., portfolio platforms, social media). I’m not responsible for their privacy practices. Please review their policies separately.

13. Changes to This Policy

I may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent version. Material changes will be communicated via email or a website notice.

14. Contact Me

For privacy questions, requests, or complaints:

📧 hello@sarmadmughal.com

Scroll to Top