1. Who we are
Windmark is the trading name of ENV Design and Technology, a company based in Bengaluru, Karnataka, India ("Windmark", "we", "us", "our"). We provide strategy, brand, design, and Webflow development.
We work two ways: directly with companies, and as a white-label partner to other agencies and studios who bring us in under their own brand. For the personal data described in this policy, Windmark is the data controller, except where we act as a sub-processor for a partner or end client (see section 8).
For privacy questions you can reach our grievance contact at hello@windmark.co, or by post at ENV Design and Technology (Windmark), Bengaluru, Karnataka, India.
2. Scope of this policy
This policy covers personal data we handle through our website at windmark.co, our sales and onboarding process, and the delivery of client and partner engagements. It does not cover third-party websites we link to, or the privacy practices of the agencies and end clients who engage us, who run their own policies.
3. Information we collect
Information you give us: when you contact us through the website, an intro call, or email, we collect what you choose to share. That is usually your name, work email, company, role, and a short description of what you want to build. If you are an agency partner, it may also include details about your end client and the project.
Information we collect automatically: when you visit windmark.co, we collect standard usage data such as pages viewed, referring source, device and browser type, and approximate location derived from your IP address.
Information from others: we may receive your details from a partner agency that introduces you, or from public professional sources such as a company website or LinkedIn, when we research a prospective engagement.
We do not intentionally collect special category data (such as health, religion, or biometric data), and we ask that you do not send it to us.
4. Cookies and analytics
We use Google Analytics 4 to understand how the site is used so we can improve it. GA4 sets cookies and processes usage data on our behalf. Where the law requires it (for example in the EEA and UK), we ask for your consent through a cookie banner before any non-essential cookies load, and you can withdraw that consent at any time.
Strictly necessary cookies that keep the site working do not require consent. You can also block or delete cookies in your browser settings, though some parts of the site may then work less smoothly.
5. How we use your information
We use your information to respond to inquiries, schedule calls, prepare and send proposals, run the engagement, deliver the work, invoice and collect payment, provide support, keep our records, and meet our legal obligations.
We may also use a limited amount of contact information to send occasional updates about our work, which you can opt out of at any time. We do not sell or rent personal information to anyone, ever.
6. Legal bases for processing
Where the GDPR or UK GDPR applies, we rely on the following legal bases: performance of a contract, to scope and deliver an engagement; legitimate interests, to run and grow our business, respond to inquiries, and keep our services secure, balanced against your rights; consent, for non-essential cookies and marketing emails; and legal obligation, to meet tax, accounting, and other statutory duties.
Where the Digital Personal Data Protection Act, 2023 applies, we process personal data for the lawful purposes described above, on the basis of your consent or other legitimate uses permitted by the Act.
7. Sharing your information and sub-processors
To deliver the work we rely on a small set of trusted service providers (sub-processors), each with its own privacy terms: Google (Analytics), Webflow, Figma, Notion, Linear, and Slack. We share only what is strictly required, and only for the engagement.
We may also share information with our professional advisers (such as accountants and lawyers), with payment and banking providers to process invoices, and where we are required to do so by law, court order, or a valid request from an authority. If our business is ever restructured or acquired, information may transfer to the successor under this policy.
8. When we act as a sub-processor
When an agency or company engages us as a white-label partner, the personal data we touch belongs to you or your end client, who remains the controller. In that case we process it only on your documented instructions, we do not use it for our own purposes, we keep it confidential, and we sign your data processing agreement where you have one.
On those engagements, requests from individuals about their data (see section 12) are best directed to the controller. We will support our partners in responding promptly and within the legal timeframes.
9. International data transfers
We are based in India and work with clients and partners in the United States, United Kingdom, European Union, and elsewhere. Delivering an engagement can mean transferring personal data across borders, including to our sub-processors.
Where we transfer personal data out of the EEA or UK, we put appropriate safeguards in place, such as the European Commission’s Standard Contractual Clauses or the UK Addendum, so your data keeps an equivalent level of protection. A copy of the relevant safeguards is available on request.
10. How long we keep it
We keep personal data only as long as we need it. Project records (contracts, invoices, design files) are kept for seven years after the engagement ends, in line with Indian tax and accounting requirements. Marketing inquiries that do not become projects are deleted after twenty-four months of inactivity.
Where we hold data as a sub-processor, we return or delete it in line with our agreement with the controller, except for one copy retained in archived backups for compliance purposes.
11. How we protect it
We use reasonable technical and organisational measures to protect personal data, including encryption in transit, access controls and least-privilege access, vetted vendors, and limiting who on our team can see what. No method of transmission or storage is perfectly secure, but we work to keep your information safe and to notify you and any controller without undue delay if a breach affects your data.
12. Your rights
Subject to the law that applies to you, you can ask us to: confirm what personal data we hold and give you a copy; correct or update inaccurate data; delete data; restrict or object to certain processing; provide your data in a portable format; and withdraw consent where we relied on it. Withdrawing consent does not affect processing done before you withdrew it.
To exercise any of these, email hello@windmark.co and we will respond within the timeframe the law requires, and in any case within thirty days. We may need to verify your identity first. If you are in the EEA or UK you can also complain to your local data protection authority; in India you may raise a grievance with us and, if unresolved, with the Data Protection Board.
Where we hold your data as a sub-processor for a partner agency or end client, please send the request to that controller, and we will assist them.
13. Children’s privacy
Our website and services are intended for businesses and professionals, not children. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, contact us and we will delete it.
14. Third-party links
Our site and content may link to third-party websites and tools we do not control. Their privacy practices are their own, and we encourage you to read their policies before sharing information with them.
15. Changes to this policy
We may update this policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page, and for material changes we will take reasonable steps to let affected clients and partners know. Continuing to use the site or our services after an update means you accept the revised policy.
16. Contact us
Questions, requests, or complaints about this policy or your data? Email hello@windmark.co, or write to ENV Design and Technology (Windmark), Bengaluru, Karnataka, India. We aim to resolve every concern quickly and openly.
