How we handle your information.

1. Information we collect

We collect only what we need to operate the website and deliver our services.

Website analytics. We use Plausible Analytics to understand how visitors interact with bluerun.studio. Plausible is a privacy-first service that does not use cookies and does not collect personal data. It records anonymous information such as page views, referring URL, browser type, and approximate country derived from IP address. No personally identifying information is stored or transmitted.

Booking and inquiries. When you schedule a call through Cal.com, you provide your name, email address, and any notes you choose to include. This information is used to confirm the call and prepare for our conversation.

Payments. When you engage our services, payment is processed by Stripe. Stripe collects and processes card details directly; Bluerun Studio does not see or store full card numbers. We retain transaction records (name, email, amount, date) for accounting and tax purposes.

Client materials. During an engagement, we receive materials you provide — brand assets, copy, domain credentials, and similar — through email and shared file links. These are used only to deliver your project.

Cookies. The bluerun.studio website uses a single first-party cookie, bluerun_consent, to remember your cookie preferences for twelve months. No tracking or marketing cookies are set unless you explicitly consent through our cookie banner.

2. How we use your information

We use your information to operate and improve the website, respond to inquiries, schedule calls, deliver services you have engaged us for, process payments, maintain financial records, send service-related communications, and comply with legal obligations.

We do not sell, rent, or trade personal information. We do not use your data for advertising or behavioral targeting.

3. Lawful basis for processing (EU/UK visitors)

Under the General Data Protection Regulation (GDPR), we process personal data on the following lawful bases:

• Consent — for any optional analytics or marketing cookies you accept through our cookie banner
• Contract — to deliver services you have engaged us for and process related payments
• Legitimate interest — to operate our website, respond to inquiries, prevent fraud, and protect our business

4. Sub-processors

We rely on the following service providers to operate our business. Each is bound by their own privacy commitments.

• Vercel — website hosting and infrastructure
• Sanity — content management
• Plausible — privacy-friendly analytics
• Cal.com — appointment scheduling
• Stripe — payment processing
• Google Workspace — email and document storage

5. Data retention

• Website analytics: retained by Plausible according to their service terms
• Cookie consent record: twelve months from the date of consent, then re-prompted
• Inquiry and booking data: twenty-four months after last contact, unless you request earlier deletion
• Active client records: for the duration of the engagement plus seven years for accounting and tax purposes
• Payment records: seven years, as required for tax compliance

6. Your rights

For visitors in the EU and UK (GDPR):

• Access — request a copy of the data we hold about you
• Rectification — correct inaccurate data
• Erasure — request deletion (subject to legal retention requirements)
• Restriction — limit how we process your data
• Portability — receive your data in a portable format
• Objection — object to processing based on legitimate interest
• Withdrawal of consent — withdraw any consent previously given

For California residents (CCPA/CPRA):

• The right to know what personal information we collect
• The right to delete personal information
• The right to opt out of the sale of personal information (we do not sell personal information)
• The right to non-discrimination for exercising these rights

To exercise any of these rights, email sabine@bluerun.studio. We will respond within thirty days.

7. International data transfers

Bluerun Studio is based in the United States. If you contact us from outside the US, your data will be transferred to and processed in the US, and our sub-processors may store data in other jurisdictions. By using our services, you consent to this transfer.

8. Security

We take reasonable technical and organizational measures to protect your data, including encryption in transit, access controls, and limiting data access to those who need it to perform their work. No method of transmission over the internet is one hundred percent secure, and we cannot guarantee absolute security.

9. Children’s privacy

Our services are not directed to anyone under the age of eighteen. We do not knowingly collect personal information from children.

10. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top reflects the most recent revision. Material changes will be communicated through a notice on the website. Continued use of the site after changes constitutes acceptance of the revised policy.

11. Contact

For any privacy-related questions or requests:

Bluerun Studio LLC
sabine@bluerun.studio