Privacy Policy

warmstudio · contact hello@warmstudio.co. We are the data controller for personal data submitted via warmstudio.co.

• Brief submissions: email, selected service, urgency, free-text brief. Stored in our Postgres database. Used to reply and deliver the engagement.
• Payment: processed by Stripe. We never see or store full card numbers. Stripe stores billing data per its own privacy policy.
• Analytics: aggregate page views via Plausible (cookieless, EU-hosted). No cross-site tracking, no fingerprinting.
• Transactional emails: we send order confirmations and delivery notices. Delivery via Lovable Emails / Mailgun.

No advertising cookies. No third-party trackers. No data sold or shared with marketing partners. Ever.

• Contract performance — processing your brief and delivering the project.
• Legitimate interest — fraud prevention, basic site analytics.
• Consent — only if you opt in to optional analytics via our cookie banner.

• Lead submissions: 24 months from receipt, then deleted unless you become a client.
• Client orders and invoices: 7 years (statutory accounting requirement).
• Email logs: 90 days for deliverability diagnostics.

You may request access, rectification, deletion, restriction, portability, and objection at any time by emailing hello@warmstudio.co. We respond within 30 days. You also have the right to lodge a complaint with your national data-protection authority.

Our infrastructure runs on EU-region servers. Some sub-processors (Stripe, Cloudflare) may transfer data to the US under SCCs and the EU–US Data Privacy Framework.

• Supabase — database & auth (EU region)
• Cloudflare — hosting, CDN, edge runtime
• Stripe — payments
• Mailgun / Lovable Emails — transactional email delivery
• Plausible — analytics (EU, cookieless)