Last Updated: April 15, 2026. This policy outlines our rigorous standards for data collection, global transfers, and your statutory rights.
Language of Governance
This Privacy Policy is executed and maintained exclusively in the English language. To ensure legal precision and prevent ambiguity, the English-language text of this document shall be the sole controlling version for all international subdirectories of this domain. In the event of any conflict, discrepancy, or inconsistency between this English version and any translation thereof—whether provided by a third-party tool or otherwise—the English version shall prevail and be the definitive record of the Company’s data practices and obligations.
1. Comprehensive Scope of Information Collection
Sociable Studio (“the Company”) collects information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device ("Personal Information"). In the past twelve (12) months, we have collected the following categories of Personal Information:
A. Identifiers and Contact Information
Source: Provided directly by you via web forms, email, or service inquiries.
This includes your real name, professional alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, or other similar identifiers. This information is required for the initiation of any professional engagement.
B. Professional and Employment-Related Information
Source: Provided directly by you.
We collect information regarding your current business entity, job title, industry, and professional qualifications to tailor our studio services to your specific commercial needs.
C. Internet or Other Similar Network Activity
Source: Collected automatically via cookies and tracking headers.
Including, but not limited to, browsing history, search history, and information regarding your interaction with our website. This includes "User-Agent" strings (browser type/version) and referring URLs, which are processed to maintain the integrity and security of our digital infrastructure.
D. Geolocation Data
Source: Derived from IP address metadata.
We may process coarse geolocation data (e.g., city and country) to ensure compliance with regional legal jurisdictions and to optimize content delivery speeds.
Note: We do not knowingly collect "Sensitive Personal Information" (as defined by the CPRA), such as government identifiers, precise geolocation, or racial/ethnic origin. Users are advised not to submit such data through our open contact channels.
2. Legal Basis for Processing Personal Data
Under the General Data Protection Regulation (GDPR) and similar global frameworks, Sociable Studio must establish a specific legal "ground" for every data processing activity. We process your information under the following four pillars:
Contractual Necessity
Article 6(1)(b) GDPRThis applies when processing is essential to fulfill our obligations under a contract with you (e.g., delivering creative services) or to take specific steps at your request before entering into a contract (e.g., providing a formal quote or proposal).
Legitimate Interests
Article 6(1)(f) GDPRWe process data for our legitimate business interests, provided they do not override your fundamental rights. This includes: (i) securing our website against cyber-attacks; (ii) internal business analytics; and (iii) maintaining professional correspondence records.
Legal Compliance
Article 6(1)(c) GDPRWe may process or disclose your data where we are legally mandated to do so by applicable law, such as responding to a court order, complying with tax regulations, or assisting law enforcement in criminal investigations.
Explicit Consent
Article 6(1)(a) GDPRFor activities not covered by the above—such as sending marketing newsletters or using non-essential tracking cookies—we will ask for your clear, affirmative consent. You have the right to withdraw this consent at any time.
3. Detailed Use and Disclosure of Information
A. Specific Business Purposes
Sociable Studio utilizes the Personal Information collected only for the purposes disclosed at the time of collection or as otherwise set forth in this Policy. These include:
- Facilitating the delivery of creative and consulting services.
- Verifying your identity and business credentials.
- Process billing, payments, and financial accounting.
- Debugging to identify and repair website errors.
- Undertaking internal research for technological development.
- Enforcing our Terms of Service and protecting against legal liability.
B. Disclosure to Third-Party Service Providers
We do not sell, rent, or trade your Personal Information. However, we share data with "Service Providers" (Data Processors) who perform operational functions on our behalf. These parties are contractually prohibited from using your data for any independent purpose.
| Category of Provider | Purpose of Disclosure |
|---|---|
| Infrastructure Providers | Website hosting, CDN services, and cloud storage (e.g., AWS, Vercel). |
| Communication Tools | Email delivery systems and contact form processing (e.g., Postmark, HubSpot). |
| Analytics Partners | Non-identifiable usage tracking to improve site performance. |
| Payment Processors | Secure transaction handling for service deposits and invoices. |
C. Mandatory Legal Disclosures
We may disclose your Personal Information if required to do so by law or in the good faith belief that such action is necessary to: (i) comply with a legal obligation or court order; (ii) protect and defend the rights or property of Sociable Studio; (iii) act in urgent circumstances to protect the personal safety of users of the website or the public.
4. International Data Transfers & Retention Schedule
A. Trans-Border Data Flows
Sociable Studio is headquartered in Canada. Because our services are accessed globally, your Personal Information may be transferred to, and maintained on, servers located outside of your state, province, or country where data protection laws may differ from your jurisdiction.
Safeguards for EEA/UK Users: For transfers of data outside the European Economic Area (EEA), we utilize Standard Contractual Clauses (SCCs) as approved by the European Commission. These clauses contractually require the recipient to protect your data to the same high standard required within the EU/UK.
B. Data Retention and Disposal Schedule
In accordance with the principle of "Storage Limitation," we retain Personal Information only for the duration necessary to fulfill the purposes outlined in this Policy. Our retention schedule is as follows:
12-Month Purge
If you contact us via our website or email but do not enter into a formal service agreement, all identifiable Personal Information (including email logs and contact form data) is permanently deleted or anonymized within 12 months of the last communication.
7-Year Statutory Retention
For clients who engage our services, we retain project files, contracts, and financial records for seven (7) years following the termination of the professional relationship. This period is strictly mandated by global tax laws, financial auditing requirements, and legal statutes of limitation.
C. Secure Disposal Protocols
Once the relevant retention period expires, Sociable Studio employs industry-standard "Secure Erasure" protocols. Digital data is overwritten or cryptographically shredded, and any physical documentation is cross-cut shredded, ensuring that information cannot be reconstructed or read by unauthorized parties.
5. Global Data Subject Rights
Regardless of your geographic location, Sociable Studio provides a baseline of privacy rights. Depending on your residency (notably the EU, UK, Switzerland, California, Virginia, and Brazil), these rights may be legally enforceable via your local Data Protection Authority.
Right to Access & Portability
You have the right to request a copy of the Personal Information we hold about you. We will provide this in a structured, commonly used, and machine-readable format.
Right to Rectification
You may request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
Right to Erasure (“Right to be Forgotten”)
You may request that we erase your personal data. Legal Limitation: This right is not absolute. We may decline a deletion request if the data is required to comply with our 7-year statutory tax retention or to defend legal claims.
Right to Restrict or Object to Processing
You have the right to object to our processing of your data based on "Legitimate Interests" or for direct marketing purposes.
How to Exercise Your Rights
- To submit a "Data Subject Access Request" (DSAR), please email info@sociablestudio.com with the subject line "Privacy Rights Request."
- We will verify your identity before processing any request (to prevent unauthorized data disclosure).
- We respond to all valid requests within 30 days (as required by GDPR).
- No fee is typically required to access your data.
6. Technical and Organizational Security Measures
Sociable Studio implements a "Security-First" architecture to protect Personal Information from unauthorized access, alteration, disclosure, or destruction. Our protective framework includes:
- Data in Transit All data transmitted between your browser and our servers is encrypted using 256-bit TLS (Transport Layer Security) protocols.
- Access Governance Internal access to client data is governed by "Least Privilege" protocols and secured via Multi-Factor Authentication (MFA).
- Vendor Auditing We only utilize "Sub-processors" who maintain industry-standard certifications such as SOC 2 Type II or ISO 27001.
8. Children’s Privacy (COPPA & GDPR-K)
Sociable Studio provides business-to-business (B2B) services and our website is not directed to individuals under the age of 16. In accordance with the Children’s Online Privacy Protection Act (COPPA) and Article 8 of the GDPR, we do not knowingly collect personal information from children.
If we discover that a person under 16 has provided us with personal data, we will immediately initiate a "Secure Deletion Protocol" to purge that information from our servers. If you are a parent or guardian and believe your child has provided us with data, please contact us immediately.
9. Modifications to This Policy
We reserve the right to update or change our Privacy Policy at any time to reflect changes in the law or our data practices. We will notify you of any significant changes by:
- Posting the new Privacy Policy on this page with an updated "Effective Date."
- Displaying a prominent notice on our website homepage for 30 days following a major update.
- Sending an email notification to our current client base if the change significantly impacts their data rights.
Privacy Compliance Department
For all Data Subject Access Requests (DSAR), "Right to be Forgotten" inquiries, or general privacy questions, please reach out to our designated Privacy Lead.