Skip to content

Legal

Privacy policy.

Last updated 11 July 2026

This work depends on you telling me things you may not have told anyone. So it matters that you know exactly what happens to what you write.

This policy explains what I collect through kritsharma.com, why, who else touches it, how long I keep it, and how to have it deleted.

Who I am

I am Krit Sharma, a sole trader (ABN 28 295 172 030) based in New South Wales, Australia. I am the person responsible for the information described here — the data controller, in the language of the GDPR.

You can reach me at krit@kritsharma.com about anything in this policy.

What I collect

Information you give me. When you complete the application for a private diagnostic call, I collect your name, email address, business or company name, website or social profile, a description of what your business does, its stage, the pattern you want to look at, where that pattern shows up, what you have already tried, what would make the work worth it, whether you are open to a paid engagement, anything else you choose to tell me, and your consent to this policy.

Information collected automatically. When you submit the application, your IP address is processed briefly to prevent the form being flooded or abused. It is held only in memory, for no more than one hour, and is never written to a database or included in the email I receive. My hosting provider also keeps standard server logs.

Email. If you email me, I hold that correspondence in my inbox.

No cookies, and no tracking that can identify you. This website sets no cookies and carries no advertising or tracking pixels. Nothing follows you after you leave, and nothing you do here is linked to you as an individual or shared with an advertiser.

Anonymous measurement. I use Vercel Web Analytics and Vercel Speed Insights to count page views and to see how quickly pages load. Both are cookieless. They record aggregate figures — how many people read a page, how fast it rendered — not who read it. I cannot use them to identify you, follow you across websites, or connect a visit to an application. I use them only to tell whether the site works and whether anything on it is broken or confusing.

Sensitive information, and why I ask for your consent

The application asks about patterns in how you lead, decide, and respond under pressure. Your answers may reveal information about your emotional or psychological state. Under the Australian Privacy Act this is sensitive information. Under the GDPR it may be special category data.

Both require your consent, which is why the application asks for it explicitly rather than assuming it. You can withdraw that consent at any time by emailing me. Withdrawing consent does not undo processing that already happened lawfully, but it does mean I will delete what I hold.

Why I collect it

  • To read your application and decide whether to offer you a free diagnostic call.
  • To contact you about that call, and to reply to you either way.
  • To prevent the form being abused, flooded, or used to send spam.

I do not sell, rent, or trade your information. There is no mailing list. I will not add you to one.

My legal basis (for applicants in the EU and UK)

  • Article 6(1)(b) — processing necessary to take steps at your request before entering a contract.
  • Article 6(1)(f) — my legitimate interest in keeping the form secure and usable.
  • Article 9(2)(a) — your explicit consent, for any special category data your answers contain.

Who else touches it

I use a small number of service providers to run the site and deliver email. They process your information on my instructions, and for no other purpose.

  • Vercel — hosts this website, runs the code that receives your application, and provides the cookieless analytics described above. Served from Sydney; the company is based in the United States.
  • Resend — delivers the application to my inbox and sends your confirmation. Based in the United States.
  • Google Workspace — the inbox your application arrives in.
  • Cloudflare — manages the domain name.

This means your information is disclosed to recipients in the United States. Where the GDPR applies, those transfers rely on standard contractual clauses. I will otherwise only disclose your information if the law requires it, or in the circumstances described in the Terms of Service.

How long I keep it

If we do not go on to work together, I delete your application and our related correspondence within 12 months of your submission.

If we do work together, I keep records for as long as the engagement requires and for as long as the law obliges me to, then delete them.

You can ask me to delete it sooner, at any time, and I will.

How it is protected

The site is served only over HTTPS. Your application travels encrypted, is never written to a database, and lives in my email inbox, which is protected by a strong password and two-factor authentication. I am the only person who reads it.

No system is perfectly secure. If a breach ever affected your information, I would tell you and the OAIC as the law requires.

Your rights

Wherever you live, you can ask me to show you what I hold, correct it, or delete it. Email me and I will do it.

In Australia, you have rights of access and correction under the Australian Privacy Principles. If you are unhappy with how I have handled your information, tell me first and I will try to fix it. If that does not resolve it, you can complain to the Office of the Australian Information Commissioner at oaic.gov.au.

In the EU or UK, you also have rights to restrict or object to processing, to data portability, and to withdraw consent. You can complain to your local supervisory authority, or to the ICO in the United Kingdom.

Children

This work is for founders. The site is not intended for anyone under 18, and I do not knowingly collect information from them.

Changes to this policy

If I change how any of this works, I will update this page and the date at the top of it before the change takes effect.