Last updated: June 19, 2026
This Data Protection Policy describes how MTD Technologies approaches data protection during commercial technology projects, including web development, mobile app development, AI integration, automation, API development, web scraping, data workflows, and custom software development.
1. Purpose and Scope
This policy applies to personal data, client data, credentials, files, databases, API data, analytics data, and other confidential information processed as part of our website operations and service delivery.
2. Data Protection Principles
We aim to process data lawfully, fairly, transparently, and only for legitimate business and project purposes. We seek to limit data collection to what is necessary, protect data with reasonable safeguards, and retain it only as long as needed.
3. Client Data Handling
Client data is used to deliver agreed services, troubleshoot systems, build software, configure integrations, migrate websites, test workflows, and provide support. We do not use client data for unrelated purposes without permission.
4. Access Control
Access to client systems and data should be limited to authorized personnel and contractors who need access for service delivery. Clients should provide role-based access where possible and revoke access when work is complete.
5. Credentials and Secrets
API keys, passwords, tokens, SSH keys, database credentials, and similar secrets should be shared through secure methods where possible. We recommend rotating credentials after project completion or when team access changes.
6. AI and Data Processing
AI integrations and automation workflows should be designed to minimize unnecessary personal data exposure. For sensitive or regulated data, clients should confirm legal requirements, consent obligations, retention rules, and provider suitability before processing data through AI or third-party platforms.
7. Web Scraping and Data Workflows
Data extraction projects should be assessed for legality, proportionality, source permissions, privacy impact, and platform restrictions. Clients are responsible for confirming they have the right to collect, process, and use the requested data.
8. Security Measures
Reasonable measures may include secure access practices, least-privilege permissions, HTTPS, backups, software updates, environment separation, logging, input validation, secure coding practices, and use of reputable hosting or cloud providers.
9. Data Retention and Deletion
Project data may be retained for maintenance, support, accounting, legal, security, or operational reasons. Clients may request deletion of data where continued retention is not required by law, contract, legitimate business needs, or technical backup cycles.
10. Incident Response
If we become aware of a data incident involving client data under our control, we will take reasonable steps to investigate, contain, and notify affected clients where appropriate. Clients remain responsible for legal notifications relating to their own users, customers, or regulated data unless otherwise agreed.
11. International and Regulatory Considerations
Clients operating under GDPR, UK GDPR, CCPA/CPRA, HIPAA, PCI DSS, financial regulations, or other sector-specific requirements should tell us before work begins. Additional agreements, technical controls, or specialist legal review may be required.
12. Contact
Questions about this Data Protection Policy can be sent to malik@mtdtechnologies.com or through our Contact page.