Privacy Policy

Plain-language summary of what we collect, why, how long we keep it, and the rights you have over it under US, Canadian, EU/UK, and Australian privacy law.

Last updated: 23 April 2026

This Privacy Policy explains how Misaka Networks, LLC, operating under the trading name Railgun Dev (“we”, “us”, “our”), collects, uses, and protects information when you visit railgun.dev or engage us as a client. We aim to keep this short and readable.

If anything here is unclear, email hello@railgun.dev and we’ll explain.

1. Who we are

Railgun Dev is the trading name of Misaka Networks, LLC, a limited liability company registered in the State of Delaware, United States (registered office: 131 Continental Dr, Suite 305, Newark, DE 19713). We are a web growth studio that designs and builds high-performance websites for small businesses, and we serve clients across the United States, Canada, the European Union / United Kingdom, and Australia.

Depending on your location, we act as a data controller (UK / EU GDPR), business (CCPA / CPRA), organization (PIPEDA), or APP entity (Australian Privacy Act 1988) over personal data submitted directly to us through our website or during a client engagement.

2. What we collect

We only collect information we actually need.

  • Information you submit: name, email address, phone number (optional), business name, website URL, and any project details you share via our contact form, email, scheduling tool, or proposal documents.
  • Technical / analytics data: anonymised information about how visitors use our website — pages viewed, approximate location (city / country level), referrer, device type, browser. Collected through privacy-respecting analytics and used in aggregate.
  • Cookies: essential cookies needed for the site to function and (optionally) analytics cookies. See our Cookie Policy for details.

We do not sell or “share” personal information for cross-context behavioral advertising as those terms are defined under the CCPA / CPRA. We do not use your data to train AI models. We do not rent or trade personal data.

3. Why we collect it

  • To respond to inquiries and provide quotes.
  • To deliver, support, and invoice for client projects we agree to take on.
  • To improve our website and understand which content is useful.
  • To meet legal, tax, and accounting obligations.

4. Legal bases (UK / EU GDPR)

Where UK / EU GDPR applies, we rely on the following legal bases:

  • Consent — for optional analytics cookies.
  • Contract — to deliver services to clients we work with.
  • Legitimate interests — to respond to inquiries, prevent fraud, and improve our website.
  • Legal obligation — to keep records required by law.

5. Sharing your information

We share data only with service providers who help us run the studio. Each is bound by a data processing or service agreement.

  • Hosting & infrastructure: Cloudflare (Workers + edge CDN)
  • Email: our email provider for sending replies and proposals
  • Scheduling: scheduling / calendar tools when you book a call
  • Analytics: privacy-respecting web analytics
  • Accounting & payments: invoicing, bookkeeping, and payment processing software

We will only disclose information to other third parties if we are legally required to (e.g. lawful court order, subpoena, or government request).

6. Data retention

  • Inquiries that don’t become projects: kept for up to 12 months, then deleted.
  • Active client records: kept for the duration of the engagement.
  • Closed client records: kept for up to 7 years after project completion to meet US tax, accounting, and contract retention rules.
  • Anonymised analytics: retained indefinitely in aggregate form only.

7. International data transfers

Railgun Dev is based in the United States and works with clients globally. Some service providers (e.g. Cloudflare) operate in multiple regions. Where personal data is transferred from the EU / UK or other jurisdictions with data-export rules:

  • For EU / UK transfers, we rely on the Standard Contractual Clauses (SCCs) or, where applicable, our service providers’ participation in the EU–US Data Privacy Framework.
  • For Australian transfers, we take reasonable steps to ensure overseas recipients comply with the Australian Privacy Principles.

By using our website or engaging us, you understand that your information may be processed in the United States and other countries.

8. Your rights

EU / UK residents (GDPR)

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data (“right to be forgotten”)
  • Object to or restrict processing
  • Withdraw consent at any time
  • Data portability
  • Lodge a complaint with a supervisory authority (e.g. the UK ICO, your national DPA)

California residents (CCPA / CPRA)

You have the right to:

  • Know what personal information we collect, the sources, the purposes, and the categories of recipients
  • Access a copy of the personal information we hold about you
  • Correct inaccurate personal information
  • Delete personal information we hold about you (subject to legal exceptions)
  • Opt out of the “sale” or “sharing” of personal information — we do not sell or share, but you can confirm this status
  • Limit use of sensitive personal information — we do not collect sensitive personal information for purposes that would trigger this right
  • Be free from retaliation for exercising any of these rights

You may also designate an authorized agent to make a request on your behalf.

Canada residents (PIPEDA, Quebec Law 25)

You have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Withdraw consent (subject to legal and contractual restrictions)
  • File a complaint with the Office of the Privacy Commissioner of Canada or, in Quebec, the Commission d’accès à l’information

Australia residents (Privacy Act 1988)

You have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or out-of-date information
  • Make a complaint to the Office of the Australian Information Commissioner (OAIC)

How to exercise any right

Email hello@railgun.dev with the request and enough information for us to verify your identity. We respond within 30 days (or the shorter period required by your jurisdiction). There is no charge for reasonable requests.

9. Security

We use TLS encryption in transit, restrict access to client data on a need-to-know basis, and store credentials in a password manager — not in plain text. No system is perfectly secure, but we follow current best practices and review them regularly. If a breach affecting your personal information occurs, we will notify you and the relevant authorities as required by law.

10. Children

Our website and services are not directed at children under 16 (or under 13 for US visitors under COPPA). We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it.

11. Do Not Track and Global Privacy Control

We honour the Global Privacy Control (GPC) signal where transmitted by your browser as an opt-out of optional analytics and any sale/share status. There is no industry standard for “Do Not Track” headers, so we do not rely on them.

12. Changes to this policy

We may update this policy as our services evolve. Material changes will be reflected in the “Last updated” date above. For active clients, we will notify you of material changes by email.

13. Contact

Questions, requests, or complaints: Email: hello@railgun.dev

Misaka Networks, LLC (DBA Railgun Dev) 131 Continental Dr, Suite 305 Newark, DE 19713, United States