Privacy Policy
Effective date:
Your Ops is a small consulting practice, and we treat your personal data the way we treat our clients' operations: with care and without waste. This policy explains what we collect through yourops.co and in the course of our work, why we collect it, who processes it on our behalf, and the rights you have over it. It applies from the effective date above.
1. Who We Are
Your Ops ("we", "us", "our") is a business operations consulting practice founded and operated by Sara Heggy, Business Operations Consultant, operating remotely from Dubai, United Arab Emirates and serving clients worldwide. We provide fractional COO services to wellness and sport industry brands and startups. For the purposes of the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021, the "PDPL"), the EU/UK General Data Protection Regulation ("GDPR"), and the California Consumer Privacy Act as amended by the CPRA ("CCPA"), Your Ops is the controller of the personal data described in this policy.
You can reach us at hello@yourops.co, at admin@yourops.co for administrative matters, or by phone at +971 52 945 5502.
2. Scope of This Policy
This policy covers personal data we process when you visit yourops.co, submit our contact form, correspond with us by email or phone, or engage us for consulting services. It does not cover the privacy practices of third-party websites we link to, or the internal data practices of client organizations we advise, where the client remains the controller of its own records.
3. Data We Collect
We deliberately collect very little. The website has no analytics, no advertising cookies, no trackers, and no visitor accounts. The categories of personal data we process are:
- Contact form submissions: your name, email address, company or brand name, and the message you write. These are delivered to our inboxes by email and are not stored in any website database.
- Server and hosting logs: our hosting provider, Vercel Inc., automatically records technical data such as your IP address, browser user agent, and request timestamps as part of operating and securing the site.
- Email and phone correspondence: whatever you choose to share when you write to hello@yourops.co or admin@yourops.co or call +971 52 945 5502, together with our replies.
- Client engagement data: if you become a client, we process business contact details, contract and engagement records, invoices and payment records for our month-to-month retainers (Quarter-Time at $2,200 USD per month and Part-Time at $4,000 USD per month), and the operational materials you share with us to deliver the work. Invoicing and payment are arranged directly with you through third-party payment providers; the website itself takes no payments and holds no payment card data.
A private /admin content-management area exists for authorized Your Ops staff only. It uses one strictly necessary session cookie, and images and article documents uploaded there are stored on Vercel Blob storage. Site visitors never interact with this area.
4. How We Use Your Data
We use personal data only for the purposes below, and we never sell it or share it for advertising:
- To respond to enquiries submitted through the contact form or sent by email or phone.
- To deliver, administer, and invoice consulting engagements, including scheduling, correspondence, and record-keeping.
- To operate, secure, and troubleshoot the website, including detecting abuse through server logs.
- To comply with legal obligations, such as tax, accounting, and record-retention requirements, and to establish, exercise, or defend legal claims.
5. Legal Bases for Processing
Where the GDPR applies to you, we rely on the following legal bases. Equivalent grounds under the UAE PDPL apply to processing within its scope.
- Consent (Art. 6(1)(a) GDPR): when you voluntarily submit the contact form or otherwise reach out to us. You may withdraw consent at any time without affecting prior processing.
- Performance of a contract (Art. 6(1)(b) GDPR): processing needed to prepare for or deliver a consulting engagement you have entered into or requested.
- Legitimate interests (Art. 6(1)(f) GDPR): keeping the website secure and available, maintaining business records, and communicating with professional contacts, balanced against your rights and expectations.
- Legal obligation (Art. 6(1)(c) GDPR): retaining records where tax, accounting, or other laws require it.
6. Cookies
The public website sets no analytics, advertising, or tracking cookies. The only cookie in use is a single strictly necessary session cookie within the private /admin content-management area, used solely to keep authorized staff signed in. Because it is strictly necessary, it does not require consent. For full details, see our Cookie Policy at /cookie-policy.
7. Processors and Recipients
We share personal data only with service providers who process it on our instructions under contractual safeguards:
- Vercel Inc. (vercel.com): hosts the website and generates server logs (IP address, user agent, timestamps), and provides Vercel Blob storage for images and article documents uploaded by staff through /admin.
- Resend (resend.com): transmits contact form submissions as email to Your Ops inboxes.
- Third-party payment providers: for clients, invoicing and payment are arranged directly and processed by the provider agreed with you; the provider acts under its own terms and privacy policy for payment processing.
We may also disclose personal data where required by law, court order, or a competent authority, or where necessary to protect our legal rights. We do not sell personal data and have not done so in the preceding twelve months, and we do not "share" it for cross-context behavioral advertising within the meaning of the CCPA.
8. International Transfers
Your Ops operates from Dubai, United Arab Emirates, and our processors (Vercel and Resend) operate infrastructure in the United States and may use data centers in other regions, including the EEA. Your data may therefore be transferred outside the country where you live.
Where data of EEA or UK residents is transferred to countries without an adequacy decision, we rely on appropriate safeguards, principally the European Commission's Standard Contractual Clauses (and the UK Addendum where relevant) as incorporated in our processors' data processing agreements. Transfers out of the UAE are made consistent with the cross-border transfer provisions of the PDPL.
9. How Long We Keep Data
We keep personal data only as long as we need it for the purposes described above, then delete it:
- Enquiries that do not lead to an engagement: up to 24 months from our last exchange, so we can pick the conversation back up if you return.
- Client engagement records, contracts, and invoices: up to 5 years after the engagement ends, reflecting contract, tax, and accounting requirements.
- Server logs: retained by Vercel in accordance with its default log retention periods, which are short-lived and outside our direct control.
We may retain data longer where a legal obligation, dispute, or audit requires it, in which case it is kept only for that purpose.
10. Your Rights
Depending on where you live, the UAE PDPL, the GDPR, or the CCPA give you rights over your personal data. Subject to conditions and exemptions in those laws, you may:
- Request access to the personal data we hold about you and information about how we process it.
- Request correction of inaccurate or incomplete data.
- Request deletion of your data, for example when it is no longer needed for the purpose it was collected.
- Object to processing based on legitimate interests, or ask us to restrict processing while a dispute is resolved.
- Request portability of data you provided to us, in a structured, commonly used, machine-readable format.
- Withdraw consent at any time where processing is based on consent.
- Not be discriminated against for exercising your rights (CCPA), noting that we do not sell or share personal data.
- Lodge a complaint with a supervisory authority: the UAE Data Office under the PDPL, your local data protection authority in the EEA or the UK Information Commissioner's Office, or the California Attorney General and California Privacy Protection Agency.
To exercise any of these rights, email hello@yourops.co. We will verify your identity, respond within the timeframe the applicable law requires (generally one month under the GDPR and 45 days under the CCPA), and never charge a fee unless a request is manifestly unfounded or excessive.
11. Children
Our website and services are directed at businesses and business professionals, not at children. We do not knowingly collect personal data from anyone under 16 years of age. If you believe a child has provided us with personal data, contact hello@yourops.co and we will delete it promptly.
12. Security Measures
We apply technical and organizational measures proportionate to the small amount of data we hold: the website is served exclusively over HTTPS/TLS; contact form data is transmitted by email rather than stored in a website database; the /admin content-management area is restricted to authorized staff and protected by credentialed sign-in with a single strictly necessary session cookie; and access to our email and cloud accounts is limited and credential-protected. No system is perfectly secure, but if we become aware of a breach affecting your personal data we will notify you and the relevant authorities as applicable law requires.
13. Third-Party Links
The website and our blog may link to third-party websites, tools, or resources. We do not control those sites and are not responsible for their content or privacy practices. Any personal data you provide to a third party is governed by that party's own privacy policy, which we encourage you to read.
14. Changes to This Policy
We may update this policy from time to time to reflect changes in our practices, our processors, or applicable law. The effective date at the top of the page shows when the current version took effect. For material changes, we will post the updated policy here, and where we hold your email address and the change significantly affects you, we will make reasonable efforts to notify you directly. Continued use of the website after a change takes effect constitutes acceptance of the revised policy.
15. How to Contact Us
Questions, requests, or concerns about this policy or your personal data can be directed to Sara Heggy at Your Ops, Dubai, United Arab Emirates: email hello@yourops.co (general) or admin@yourops.co (administrative), or call +971 52 945 5502. We aim to respond to all privacy enquiries promptly, and in any event within the timeframes required by applicable law.