Privacy Policy

Sane Studio ("we", "us", "our") is the data controller for personal data collected through this website (sane-studio-two.vercel.app). Contact: atlasmcmanagement@gmail.com

We collect the following categories of personal data: • Account data: Email address, full name, password (hashed) when you register an account. • Order data: Services purchased, amount paid, payment status, Stripe session ID. • Authentication data: OAuth tokens when you sign in via Google or Discord. • Usage data: Pages visited, browser type, IP address, referring URL — collected via Vercel Analytics (anonymised). • Payment data: Stripe processes payment card details directly. We never store card numbers on our servers.

We process your data on the following legal bases: • Contract performance (Art. 6(1)(b) GDPR): Processing your order, managing your account. • Legitimate interests (Art. 6(1)(f) GDPR): Fraud prevention, service security, improving our offering. • Consent (Art. 6(1)(a) GDPR): Marketing communications (only if you opt in), non-essential cookies. • Legal obligation (Art. 6(1)(c) GDPR): Tax records, invoicing requirements.

We use your data to: • Process and fulfil your orders for graphic design services • Communicate order status updates and deliver final files • Provide customer support • Detect and prevent fraud or abuse • Comply with applicable laws and tax obligations • Send service-related notices (not marketing, unless you opt in)

We share data only with the following processors, each bound by data processing agreements: • Stripe (stripe.com) — payment processing. Data transferred to the US under Standard Contractual Clauses. • Supabase (supabase.com) — database and authentication hosting. Hosted in EU region (Frankfurt). • Vercel (vercel.com) — website hosting and deployment. Hosted in EU/US regions. • Discord (discord.com) — optional OAuth login. Subject to Discord's Privacy Policy. • Google (google.com) — optional OAuth login. Subject to Google's Privacy Policy. We do not sell your personal data to third parties.

• Account data: Retained while your account is active. Deleted within 30 days of account deletion request. • Order data: Retained for 7 years to comply with tax/accounting obligations (Italian D.Lgs. 127/1991). • Usage/analytics data: Retained in anonymised form for up to 12 months. • Payment data: Stripe retains payment records per their own retention policy and legal obligations.

If you are located in the European Economic Area, you have the right to: • Access: Request a copy of the personal data we hold about you. • Rectification: Request correction of inaccurate data. • Erasure ("right to be forgotten"): Request deletion of your data, subject to legal retention obligations. • Portability: Receive your data in a structured, machine-readable format. • Restriction: Request we restrict processing of your data. • Objection: Object to processing based on legitimate interests. • Withdraw consent: Withdraw consent at any time where processing is based on consent. To exercise any of these rights, contact us at atlasmcmanagement@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with your national Data Protection Authority.

Some of our processors (Stripe, Vercel) may transfer data outside the EEA. All such transfers are conducted under Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of protection.

We implement appropriate technical and organisational measures including: • HTTPS encryption for all data in transit • Hashed passwords (Supabase bcrypt) • Row-Level Security (RLS) on our database • API keys scoped to minimum necessary permissions • Regular dependency updates

Our services are not directed to children under 16. We do not knowingly collect data from minors. If you believe we have inadvertently collected such data, contact us immediately.

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify registered users by email of material changes. The "Last updated" date at the top reflects the most recent revision.

Data Controller: Sane Studio Email: atlasmcmanagement@gmail.com For GDPR requests, please include "Privacy Request" in the subject line.