Last Updated: 12/8/2025

Global Privacy Policy

Compliance with GDPR, CCPA, LGPD, and PIPEDA. Transparent data handling for a connected world.

1. Preamble & Identity

I, Usama Idrees ("Consultant", "I", "me", or "my"), operating as an independent Principal Consultant and Infrastructure Specialist, am committed to protecting the privacy and security of your personal data. This Privacy Policy explains how I collect, use, disclose, and safeguard your information when you visit my website https://www.prousama.com, engage my consulting services, or communicate with me.

Scalable Engagement Model

While I operate primarily as an independent consultant, for large-scale enterprise projects, I may assemble and lead dedicated teams of trusted subcontractors or vetted specialists. In such cases, I remain the primary Data Controller, and all team members act as Data Processors bound by strict confidentiality agreements identical to the standards outlined herein.

This policy complies with:

GDPR (EU & UK)
CCPA/CPRA (California, USA)
PIPEDA (Canada)
LGPD (Brazil)

2. Data Controller Contact

For the purposes of GDPR and other relevant laws, I am the Data Controller of your personal information.

Principal

Usama Idrees

Contact Email

Headquarters

Global / Remote

3. Information I Collect

3.1 Personal Data

Data provided directly by you during engagement:

Identity Data: First name, last name, username, title.
Contact Data: Billing address, email address, telephone numbers.
Corporate Data: Company infrastructure details, cloud provider IDs.
Sensitive Access Data: SSH Keys, API Tokens, and Access Credentials (collected via secure, encrypted channels only).

3.2 Technical Usage Data

Data collected automatically when accessing my services:

IP address, browser type, version, time zone setting.
Operating system and platform.
Usage paths and interaction data.

4. Legal Basis for Processing

Contractual Necessity

To deliver the consulting services, audits, and infrastructure work you requested.

Legitimate Interests

Fraud prevention, network security, and B2B marketing of relevant services.

Legal Obligation

Compliance with tax authorities, regulators, and audit trails.

Consent

Specific opt-in for newsletters or non-essential cookies.

5. International Transfers

Your information may be transferred to computers located outside of your state, province, country, or other governmental jurisdiction.

Use of Sub-Processors: To deliver high-velocity results, I may engage vetted sub-processors. I ensure that all such transfers are covered by strict Data Processing Agreements (DPAs) and, where applicable, Standard Contractual Clauses (SCCs) approved by the European Commission.

I act as the single point of contact and liability for all data handling, regardless of the team composition.

6. Your Global Rights

Right to Access: Request copies of your personal data.

Right to Rectification: Correct inaccurate information.

Right to Erasure: "Right to be Forgotten".

Right to Portability: Transfer data to another organization.

CCPA (California) Note

I do not sell your personal data. I am in the business of consulting, not data brokering. You have the right to request disclosure of categories collected and deletion of data.

7. Data Retention

I retain Personal Data only for as long as necessary for the purposes set out in this policy or legal obligations.

Project Credentials Policy

Any access credentials (SSH keys, API tokens) shared for the purpose of a project are purged from my systems within 7 days of project offboarding/completion, unless a maintenance agreement is in place.

8. Security Measures

I employ enterprise-grade security measures to protect your data, including AES-256 encryption, Multi-Factor Authentication (MFA) with hardware keys, and Zero Trust architecture.

View detailed Security Practices