← Back to Home

Privacy Policy

Effective Date: May 9, 2026  ·  Last Updated: May 9, 2026
Operator: Banjico, Fort Wayne, Indiana, United States
Contact: lake@banjico.com
Banjico is a cybersecurity company. We hold our own data practices to the same standard we hold our clients' systems: rigorous, transparent, and no more than necessary.

Overview

This Privacy Policy explains what personal data Banjico collects through this website and through the course of client engagements, how we use it, who we share it with, and what rights you have over it.

This policy applies to: visitors to banjico.com, people who submit project inquiries or contact forms, active and former clients, and third-party contacts whose information is shared with us in the course of a project.

1. Data We Collect

1.1 Website Visitor Data

We collect standard web analytics data when you visit this site:

  • Pages visited, time on page, browser type, device type, referring URL
  • IP address (anonymized where technically feasible)

We do not use invasive tracking, third-party advertising pixels, or persistent cross-site identifiers.

1.2 Project Inquiry & Contact Form Data

When you submit a form on this site, we collect:

  • Name (first and last)
  • Email address and/or phone number
  • Company name (if provided)
  • Project details you include in the form or message field

When you submit a form, the details are delivered to us by email through our email service provider. We do not retain your submission in a third-party form database. See Section 4 for processor details.

1.3 Client Engagement Data

When you become a client, we additionally collect and process:

  • Business contact information for your team members
  • Credentials necessary to access systems within the agreed project scope
  • Technical documentation, codebase access, and architecture details relevant to your project
  • Communications (email, meeting notes) related to project execution

We collect only what is necessary to complete the agreed scope of work.

1.4 Data We Do Not Collect

  • Personal data of your customers or end users (unless explicitly within scope)
  • Payment card numbers (payments handled by client-directed invoicing tools)
  • Social Security numbers or government-issued IDs

2. How We Use Your Data

Website Visitors

To understand how our site is used and improve it; to respond to inquiries submitted through contact forms.

Project Inquiries

To prepare and deliver project estimates, respond to project inquiries, and follow up on submitted requests. We do not add you to marketing lists, sell your contact information, or share it with third parties for marketing purposes.

Active Clients

To deliver the agreed services, communicate project status and deliverables, and fulfill legal and contractual obligations.

Legal Basis (GDPR — EEA & UK Residents)

  • Contract performance: processing necessary to fulfill agreed services
  • Legitimate interests: responding to inquiries, improving our service, maintaining security of our systems
  • Legal obligation: retaining records as required by applicable law
  • Consent: where explicitly requested (and you may withdraw at any time)

3. Client Project Data

3.1 Access Scope

During a project, Banjico personnel and automated tools may access source code repositories, staging and production environments (as scoped in the project agreement), system logs, and configuration files. Access is strictly limited to what is necessary for the agreed scope.

3.2 Client Customer Data

If your project involves systems that process personal data belonging to your customers:

  • We do not store, copy, or retain client customer data beyond what is technically required to complete testing or review
  • We do not use client customer data for any purpose other than the agreed project scope
  • Healthcare clients (HIPAA): if a project requires access to environments containing Protected Health Information, Banjico will execute a Business Associate Agreement (BAA) prior to any access
  • Payment processing clients (PCI-DSS): cardholder data is never stored on Banjico-controlled systems

3.3 Confidentiality Default

All client engagements are treated as confidential by default. We do not reference, discuss, or disclose client identity, project details, or findings to any third party without explicit written consent, except as required by law.

4. Third-Party Tools & Processors

4.1 Resend (Email Delivery) & Hosting

Form submissions and account-related transactional emails are delivered through Resend (resend.com). When you submit a form on this site, the contents are transmitted to us as an email via Resend, which processes the message on our behalf in accordance with their privacy policy at resend.com/legal/privacy-policy. Resend is located in the United States.

This website and its application services are hosted by Vercel Inc. (vercel.com) in the United States. Vercel processes server logs and request metadata (such as IP address and request headers) as necessary to serve the site, in accordance with their privacy policy at vercel.com/legal/privacy-policy.

4.2 Aikido Security (Automated Security Scanning)

For applicable projects, Banjico uses Aikido Security (aikido.dev), a third-party automated application security platform, to perform static code analysis (SAST), dependency scanning (SCA), container image scanning, infrastructure-as-code security analysis, and exposed secret detection.

What Aikido accesses: Code repositories and infrastructure configuration files within the agreed project scope.

What Aikido does NOT access: Personal data of your customers; live production databases; payment data; Protected Health Information.

Aikido Security maintains SOC 2 Type II compliance. Their security documentation is available at aikido.dev/security. We contractually limit their use of client data to the purposes of scanning and reporting.

4.3 AI-Assisted Development Tools

Banjico uses AI-assisted development tools to accelerate code development and review. All AI-generated code is reviewed, tested, and validated by Banjico before delivery. AI tools used during development do not have access to your production data, customer records, or credentials. We do not use AI tools that train on client code submissions.

4.4 Email & Communication

Client communications are handled via standard email. We do not use automated marketing platforms to communicate with clients or prospects unless you have explicitly opted in.

5. Data Sharing

We do not sell, rent, or trade personal data. We share data only in these circumstances:

  • Service delivery: with sub-processors in Section 4, strictly for delivering services
  • Legal requirement: if required by law, regulation, or court order
  • Business transfer: in the event of a merger or acquisition, subject to the same protections
  • Your consent: with your explicit, written authorization

6. Your Rights

All Users

You may contact us at lake@banjico.com to request a copy of your data, correction of inaccurate data, or deletion of your data (subject to legal retention obligations).

EEA & UK Residents (GDPR)

  • Access: receive a copy of your personal data
  • Rectification: correct inaccurate or incomplete data
  • Erasure ("right to be forgotten"): request deletion where no lawful basis for continued processing exists
  • Restriction: limit how we process your data in certain circumstances
  • Portability: receive your data in a machine-readable format
  • Objection: object to processing based on legitimate interests
  • Withdraw consent: at any time, where processing is based on consent

We respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.

California Residents (CCPA / CPRA)

  • Know what personal data is collected and how it is used
  • Request deletion of personal data
  • Opt out of the sale of personal data (we do not sell personal data)
  • Non-discrimination for exercising privacy rights

To submit a CCPA request, email lake@banjico.com with the subject line "CCPA Data Request."

7. Data Retention

Data TypeRetention Period
Contact form submissions2 years or until deletion request
Client project records (contracts, deliverables)7 years (legal/tax requirement)
Credentials provided for project accessRevoked and deleted within 7 days of project close
Source code accessTerminated at project close; no copies retained
Communication records (email)3 years
Web analytics90 days

8. Security of Your Data

  • All data in transit is encrypted via TLS 1.2 or higher
  • Access to client data is restricted to personnel working on that specific project
  • Development environments are isolated — client projects are not co-mingled
  • Credentials are stored using access-controlled password management tools, never in plaintext
  • Post-engagement, all client access credentials and environment tokens are revoked within 7 days

9. Children's Privacy

This website and our services are directed at businesses and professionals. We do not knowingly collect personal data from individuals under the age of 18.

10. Changes to This Policy

We may update this policy as our practices or legal requirements change. When we do, we update the "Last Updated" date at the top of this page. Material changes will be communicated to active clients via email.

Contact & Data Requests

Banjico · Fort Wayne, Indiana

Email: lake@banjico.com

Phone: (260) 255-6668

For GDPR, CCPA, or general data requests, include "Data Request" in your subject line. We respond within 5 business days.