Legal

Privacy Policy

Effective date: June 1, 2026  ·  Last updated: June 8, 2026

1. Introduction

2-Bit Engineering (“Company”, “we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have in relation to it.

This Policy applies to all personal data we process through our website (2bitengineering.com), any accounts you create with us, and any communications you have with us in connection with our services.

By using our website or services you acknowledge that you have read and understood this Policy. If you do not agree, please discontinue use of our website and services.

2. Data Controller

For the purposes of applicable data protection laws (including, where applicable, the EU General Data Protection Regulation “GDPR”), the data controller is:

If you are located in the European Economic Area (EEA), we process your personal data under Article 6 of the GDPR as set out in Section 5 below.

3. Information We Collect

We collect and process the following categories of personal data:

3.1 Information You Provide Directly

  • Contact and inquiry data — your name, email address, phone number (if provided), company name (if applicable), and the content of any message you send via our contact form or direct email.
  • Account registration data — your name, email address, and a hashed password when you create an account on our platform.
  • Project and billing data — information you provide during a project engagement, including business details, project specifications, and payment-related information. Note: we do not directly process or store credit card numbers; all payment processing is handled by our payment providers.

3.2 Information Collected Automatically

  • Server logs — your IP address, browser type and version, operating system, referring URLs, pages visited, and timestamps. These are retained in server logs for up to 90 days for security and debugging purposes.
  • Session data — a single, strictly necessary session cookie is set when you log into your account to maintain your authenticated session. No tracking or advertising cookies are used.

3.3 Information We Do Not Collect

We do not collect sensitive personal data (such as health, racial or ethnic origin, political opinions, or biometric data). We do not collect data from children under 18. We do not run advertising networks or sell data to third parties.

4. How We Collect Information

  • Directly from you when you fill in our contact form, register an account, or communicate with us by email or phone.
  • Automatically through our web server and session infrastructure when you browse our website.
  • From third parties only to the extent you authorise a third-party authentication provider (e.g., OAuth/social login) in the future; any such integration will be described in an update to this Policy.

5. Legal Basis for Processing (GDPR)

Where the GDPR or equivalent data protection law applies, we rely on the following legal bases for processing your personal data:

  • Contractual necessity (Art. 6(1)(b) GDPR) — processing your name, email, and project data to fulfil our agreement with you, including managing your account and delivering our services.
  • Legitimate interests (Art. 6(1)(f) GDPR) — processing server logs for security monitoring, fraud prevention, and improving our website, where these interests are not overridden by your rights.
  • Consent (Art. 6(1)(a) GDPR) — where we ask for and you provide consent for optional processing, such as subscribing to updates or newsletters. You may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Legal obligation (Art. 6(1)(c) GDPR) — where we are required to retain or disclose data to comply with applicable law (e.g., tax records, court orders).

6. How We Use Your Information

We use the personal data we collect for the following purposes:

  • To respond to your inquiries and project requests in a timely manner.
  • To establish, manage, and deliver your project engagement, including communications, feedback rounds, and delivery.
  • To create and maintain your account and provide access to account-related features.
  • To issue invoices and process payments.
  • To send transactional communications (e.g., project updates, invoice notifications, password resets). These are not marketing emails and are required for the performance of our agreement.
  • To monitor and maintain the security and integrity of our systems.
  • To comply with legal and regulatory obligations.
  • To improve our website and services based on aggregated, anonymised usage data.

We will not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects without your explicit consent.

7. Disclosure of Information

We do not sell, rent, or trade your personal data. We may share your data only in the following limited circumstances:

  • Service providers — we may share data with trusted third-party service providers (e.g., email delivery, cloud hosting, payment processors) who process data solely on our behalf and under contractual obligations of confidentiality and security at least as protective as this Policy.
  • Legal requirements — we may disclose data if required to do so by law, regulation, legal process, or governmental authority, or where necessary to protect the rights, property, or safety of 2-Bit Engineering, our clients, or the public.
  • Business transfers — in the event of a merger, acquisition, or sale of all or substantially all of our assets, your data may be transferred to the successor entity. We will notify you of any such transfer and any choices you may have.
  • With your consent — in any other case, only with your explicit prior consent.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy:

  • Account data — retained for the lifetime of your account and deleted within 30 days of an account deletion request.
  • Contact and inquiry data — retained for up to 2 years from the date of your last interaction unless you request earlier deletion.
  • Project and billing data — retained for 7 years from the project completion date to comply with Lebanese accounting and tax record requirements.
  • Server logs — retained for up to 90 days, after which they are automatically purged.
  • Session cookies — expire at the end of your browser session or after 30 days, whichever is shorter.

After applicable retention periods expire, data is securely deleted or anonymised so it can no longer be associated with you.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, disclosure, or destruction, including:

  • All data is transmitted over TLS (HTTPS) — we do not transmit personal data over unencrypted connections.
  • Passwords are hashed using bcrypt with appropriate cost factors and are never stored in plain text.
  • Our database is hosted on a private server not exposed to the public internet.
  • Access to production data is restricted to authorised personnel only on a need-to-know basis.
  • We apply software security patches promptly and conduct periodic security reviews.

No method of transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and any applicable supervisory authorities as required by law, without undue delay.

10. International Data Transfers

Your data is primarily stored and processed in Lebanon. If we engage third-party service providers located outside Lebanon (e.g., cloud infrastructure providers), your data may be transferred to and processed in other countries, which may have different data protection laws than your country of residence.

Where we transfer personal data of EEA residents outside the EEA, we do so only when adequate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or other lawful transfer mechanisms under the GDPR.

11. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

  • Right of access — the right to request a copy of the personal data we hold about you.
  • Right to rectification — the right to request correction of inaccurate or incomplete data.
  • Right to erasure — the right to request deletion of your personal data where there is no compelling reason for us to continue processing it (“right to be forgotten”).
  • Right to restriction of processing — the right to request that we restrict how we use your data in certain circumstances.
  • Right to data portability — the right to receive your personal data in a structured, machine-readable format and to transmit it to another controller (where technically feasible).
  • Right to object — the right to object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent — where processing is based on consent, the right to withdraw that consent at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint — the right to lodge a complaint with your local data protection authority if you believe we have processed your data unlawfully.

To exercise any of these rights, contact us at [email protected]. We will respond to all verified requests within 30 calendar days. We may ask you to verify your identity before processing the request.

12. Cookies and Tracking Technologies

We use a minimal cookie policy:

  • Strictly necessary cookies — a single session cookie used to maintain your authenticated session when logged into your account. This cookie is required for the platform to function and cannot be disabled without losing access to your account. It is deleted automatically when you log out or when it expires (30 days of inactivity).

We do not use analytics cookies, advertising cookies, tracking pixels, or any third-party cookies. We do not use fingerprinting or similar tracking technologies.

If we introduce additional cookies in the future, we will update this Policy and, where required by law, obtain your consent before setting them.

13. Third-Party Links

Our website may contain links to third-party websites, social media platforms, or services (such as LinkedIn or Instagram). These third parties have their own privacy policies, and we have no control over and accept no responsibility for their content or practices. We encourage you to review the privacy policy of any third-party site you visit.

14. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at [email protected] and we will delete the data without delay.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will revise the “Last updated” date at the top of this page whenever changes are made.

If changes are material — such as a new use of your data, a new third-party sharing arrangement, or a change in our legal basis for processing — we will notify you by email (if we hold your email address) or by posting a prominent notice on our website at least 14 days before the changes take effect.

Your continued use of our website or services after the effective date of any updated Policy constitutes your acceptance of the changes.

16. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact our data privacy point of contact:

We aim to respond to all privacy-related enquiries within 5 business days.