Legal

Privacy Policy

Last updated: 4 June 2026

This Privacy Policy explains how Starter.pt collects, uses and protects personal data in connection with this website, enquiries, client projects, technical support, AI integrations, managed infrastructure and related services. It is written for clarity and applies unless a signed agreement, statement of work or data processing agreement says otherwise.

1. Controller and contact details

The controller for the processing described in this policy is Starter.pt, Portugal.

Privacy requests should be sent to [email protected].

2. Personal data we may process

Depending on the context, we may process:

  • name, job title, company name and contact details;
  • messages, briefs, support tickets and project communications;
  • information received through an agency partner when Starter.pt works white-label or under the agency's client relationship;
  • billing details, tax details and payment records where applicable;
  • technical information needed to provide services, such as domains, IP addresses, temporary credentials, server access details, logs, diagnostics, backups, snapshots, repository details and deployment information;
  • data, prompts, outputs, context snippets or workflow records processed through AI integrations when this is part of an agreed project scope;
  • security findings, audit notes and remediation records;
  • website usage and security logs generated by hosting, server or CDN infrastructure;
  • any other personal data voluntarily provided through email, forms, meetings or agreed project tools.

3. Purposes, legal bases and retention

4. Service delivery and client data

During technical work, Starter.pt may access client systems, databases, repositories, logs, hosting panels, third-party tools or production data. Where Starter.pt processes personal data on behalf of a client, the client is normally the controller and Starter.pt acts as a processor. In that case, processing is carried out under the client's documented instructions and, when appropriate, a data processing agreement.

5. Sharing with third parties

Personal data may be shared with suppliers only where needed to operate the website, deliver services, manage communication, provide hosting, integrate agreed AI/API workflows or comply with legal duties. These suppliers may include hosting providers, email providers, accounting tools, project tools, infrastructure providers, AI/API providers and professional advisers. Starter.pt does not sell personal data.

Contact form messages are sent by email using SMTP infrastructure and may be processed by email and hosting providers involved in message delivery. Where Starter.pt works through an agency, relevant project data may also be shared with that agency for the purpose of delivering the agreed work.

The contact form uses Cloudflare Turnstile to reduce spam and automated abuse. Cloudflare may process technical request data needed to verify the challenge, such as browser, device, IP address and interaction signals. This is used for security and abuse prevention, not by Starter.pt for advertising profiling.

6. International transfers

Some suppliers or client-selected tools may process data outside the European Economic Area. Where this happens, Starter.pt relies on appropriate safeguards, such as adequacy decisions, Standard Contractual Clauses or other lawful transfer mechanisms where required.

7. Security measures

Starter.pt applies proportionate technical and organisational measures intended to protect personal data, including access control, secure communication, credential hygiene, least-privilege access, backups where agreed, patching and monitoring appropriate to the service. No system can be guaranteed to be fully secure, but reasonable measures are used to reduce risk.

8. Cookies and website technologies

This website may use Google Tag Manager and analytics tags only after the relevant optional consent category has been accepted. Technical cookies or similar storage may be used by hosting, CDN, form security or anti-abuse infrastructure where strictly necessary. More detail is available in the Cookie Policy.

9. Your rights

Subject to legal conditions, you may request access, rectification, erasure, restriction, portability and objection. Where processing is based on consent, you may withdraw that consent at any time without affecting processing already carried out lawfully.

To exercise rights, contact [email protected]. A response will be provided within the legally required timeframe. Identity verification may be requested where necessary.

10. Complaints

You may lodge a complaint with the Portuguese supervisory authority, the Comissão Nacional de Proteção de Dados (CNPD), at www.cnpd.pt.

11. Changes to this policy

This policy may be updated to reflect changes in services, legal requirements or operational practices. The latest version will be published on this page.