Back to home
// Legal

Privacy Policy

Effective: 28 April 2026 · Last updated: 28 April 2026

This Privacy Policy explains how 10inch Labs Limited ("10Inch Labs", "we", "us" or "our") collects, uses, stores and shares personal data when you visit 10inchlabs.com, contact us, or use our services. We comply with the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO") and, where applicable, the EU General Data Protection Regulation ("GDPR") and the UK GDPR.

1. Who we are

10inch Labs Limited is a private company limited by shares, incorporated in the Hong Kong Special Administrative Region.

Registered office Unit 308, 3/F., Chevalier House, 45–51 Chatham Road South, Tsim Sha Tsui, Hong Kong
Email
General contact

We act as a data user under the PDPO and, where the GDPR applies, as a controller for personal data we collect directly from you.

2. Personal data we collect

We only collect what we need to run our business and deliver our services.

  • Contact details — name, work email, company, phone (if you provide it), the message you send via the contact form.
  • Commercial information — the services you ask about, contract and billing details, communications with our team.
  • Technical data — IP address, browser type, device type, operating system, referring URL, pages viewed and timestamps. Collected automatically through our hosting provider's standard logs.
  • Cookies & similar technologies — currently this site uses only strictly necessary cookies/local storage required to render the page. See section 7 below.

3. How we use your data

We use personal data for the following purposes only:

  • To respond to your enquiry and arrange a call.
  • To provide, operate and improve our services to clients.
  • To issue invoices, manage contracts and keep accounting records.
  • To send service-related communications (e.g. project updates).
  • To send marketing emails — only if you have opted in. You can unsubscribe at any time.
  • To prevent fraud, secure our systems and comply with legal obligations.

4. Legal basis (GDPR)

Where the GDPR applies, we rely on the following lawful bases:

  • Consent — for marketing communications and any non-essential cookies.
  • Contract — to take steps to enter into, or to perform, a contract with you.
  • Legitimate interests — to operate our website, secure it against abuse, and to respond to business enquiries. We balance these interests against your rights.
  • Legal obligation — to comply with tax, accounting, anti-money-laundering and other applicable laws.

5. Sharing your data

We do not sell personal data. We share it only with:

  • Service providers we use to run the business — for example our hosting provider (Fly.io), email/CRM, analytics, payment and accounting tools. They process data on our behalf under written agreements.
  • Professional advisers — lawyers, accountants and auditors, where necessary.
  • Authorities — where we are required to disclose data by law or court order.
  • Successors — in the event of a sale, merger or restructuring of our business, with appropriate safeguards.

6. International transfers

We are based in Hong Kong and our service providers may store or process data in other jurisdictions, including the United States and the European Economic Area. When we transfer personal data outside your jurisdiction, we use providers that offer appropriate safeguards such as Standard Contractual Clauses or equivalent protections required under applicable law.

7. Cookies

This website does not currently set tracking, advertising or analytics cookies. The site uses only strictly necessary technical storage required to deliver the page (e.g. browser caching). If we add analytics or marketing tools in the future, we will update this policy and, where required, ask for your consent via a cookie banner.

8. Data retention

  • Enquiry messages: up to 24 months from your last contact, then deleted or anonymised.
  • Client records: for the duration of the engagement plus up to 7 years to comply with Hong Kong tax and accounting requirements.
  • Server logs: typically 30 days.
  • Marketing lists: until you unsubscribe.

9. Your rights

Subject to the laws that apply to you, you may have the right to:

  • Request access to the personal data we hold about you (PDPO Data Access Request).
  • Ask us to correct inaccurate or incomplete data.
  • Ask us to erase or restrict the processing of your data.
  • Object to processing based on our legitimate interests.
  • Withdraw consent at any time, where processing is based on consent.
  • Receive a copy of your data in a portable format (GDPR only).
  • Lodge a complaint with the Privacy Commissioner for Personal Data, Hong Kong (pcpd.org.hk) or your local supervisory authority.

To exercise any of these rights, email . We may need to verify your identity before responding. We will reply within 30 days.

10. Security

We use reasonable technical and organisational measures to protect personal data, including encryption in transit (HTTPS), least-privilege access, secrets management and routine review of our suppliers. No system is perfectly secure, and we cannot guarantee absolute security.

11. Children

Our services are intended for businesses. We do not knowingly collect personal data from anyone under 16. If you believe a child has given us their data, please contact us and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of the page reflects the most recent version. Material changes will be highlighted on this page or notified to clients by email.

13. Contact us

For any privacy-related questions or requests, please contact us:

10inch Labs Limited Unit 308, 3/F., Chevalier House, 45–51 Chatham Road South, Tsim Sha Tsui, Hong Kong
Email