Privacy Policy

1) Who we are and scope

TosinLitics LLC (“TosinLitics”, “we”, “us”) provides data analytics and AI consulting services. This policy explains how we handle personal data when you visit tosinlitics.com (including our development environment) and when you use our contact form.

Controller & contact:

We are the data controller for processing described in this policy. For any privacy request, email us at the address above.

We provide the information in this policy before processing and limit processing to stated, lawful purposes. Qatar’s Personal Data Privacy Protection Law (PDPPL) requires consent unless processing is necessary for a lawful purpose. We align with that requirement here.

2) What we collect

Contact form

If you submit our contact form, we receive the details you provide, such as name, work email, role, company, industry, service interest, budget range, and your message. You may optionally add a phone number.

Analytics

We use PostHog to understand how visitors use our site. Typical analytics data can include IP address, device and browser information, pages viewed, and time on page. We configure analytics to avoid collecting more than is necessary and we regularly review retention settings. PostHog supports EU data residency and cookieless tracking options, which we may enable depending on our compliance posture.

We do not create user profiles from this data for advertising, and we do not buy personal data from brokers.

3) Why we process your data and our legal bases

• Responding to enquiries and pre-contract steps. We process contact-form submissions to reply to you, share information about our services, and manage potential or existing engagements. Under PDPPL, this is processing for a lawful purpose necessary to respond to your request. If you are in a GDPR jurisdiction, our parallel legal basis is contractual necessity or legitimate interests (responding to inbound B2B enquiries).
• Analytics and site reliability. We process limited analytics to operate, secure, and improve the site. Where required by law, we will rely on your consent before setting analytics that store identifiers. PostHog offers consent-first and cookieless configurations, which we can use to respect your choice.

5) Sharing your data (processors)

We do not sell your personal data. We share data only with service providers that help us run the website and respond to enquiries, under contracts that require confidentiality, security, and deletion on request or termination. Typical processors include website hosting/CDN, email, and PostHog for analytics. PostHog documents GDPR-aligned controls and an EU-hosted option.

6) International transfers

Our site is operated from Qatar. Some processors may handle data in the EU or other jurisdictions. Where data leaves your jurisdiction, we use appropriate safeguards and collect the minimum needed. If you are QFC-regulated or if a QFC engagement applies, we follow the QFC Data Protection Regulations and Rules on disclosures and transfers, including adequacy or permit mechanisms where required.

7) How long we keep data

We keep personal data only as long as needed for the stated purposes and legal requirements. As guidance, we aim to retain:

• Contact-form data: up to 24 months from last contact, then delete.
• Analytics events: 12–18 months by default at the analytics platform, then delete or aggregate.

PDPPL requires that personal data is not kept longer than necessary for the lawful purpose.

8) Security

We apply technical and organizational measures including TLS in transit, role-based access, least-privilege, periodic access reviews, and logging. We assess processors for security and data minimization. If we identify a breach that could cause serious harm, we will notify affected individuals and the competent authority as required by law. PDPPL requires appropriate precautions and notification where serious damage may result.

9) Your rights

Under Qatar’s PDPPL you can withdraw consent, object where processing is unnecessary or excessive, request deletion or omission when the purpose ends, request correction, and access your data. Contact ta@tosinlitics.com to exercise these rights. We will respond within a reasonable period. See PDPPL Articles 4–6 for consent, objection, erasure, correction, and access.

Region-specific information

• EU/UK visitors. You may have additional rights including data portability and restriction. Where we rely on consent, you can withdraw it at any time. Where we rely on legitimate interests, you can object, and we will assess your request.
• QFC engagements. For processing conducted under the Qatar Financial Centre regime, we provide the transparency information required by the QFC Data Protection Regulations and Rules, including controller identity, purposes, lawful basis, transfer safeguards, retention period, and available rights.

10) Children’s data

We do not target children and we do not knowingly process children’s personal data. Under PDPPL, children’s data is considered special-nature data that requires guardian consent and specific disclosures for websites addressing children. If we learn we have collected children’s data, we will delete it and take appropriate steps.

11) Automated decision-making

We do not use automated decision-making that produces legal or similarly significant effects about you.

12) Changes to this policy

If we make changes, we will post the updated version here and update the “Last updated” date. For material changes, we will provide a more prominent notice.

13) How to contact us

Questions or requests about this policy or your data can be sent to ta@tosinlitics.com or by post to: