PRIVACY POLICY

Welcome to our website's exciting privacy policy. While we take no pride in the fact that we have such a page on our website, we are told (by people who know a lot more about this than we do) that we need one, so here it is. We hope you enjoy it!

In brief, there are two sections to this page: a privacy policy (discussing collected information) and the lovely terms and conditions of use! We have tried to make it as painless as possible knowing full well that each and every visitor of our website will spend hours upon hours reading every single word on this page at least three times (really... that's the only way to do it).

We care about the privacy of those who visit our website and so the information in our Privacy Policy will explain how we respect your privacy. It informs our website visitors when and how we collect information from visitors, what type of information we collect, to what end, for how long such information is retained by us, and the involvement of others (outside of Steph’s Studio, Inc. and our visitors) in dealing with this collected information.

TL;DR

Here’s the “too long; didn’t read” version of what personal information might be at stake when using our website:

  • We collect your email address from the Contact page, and whatever else you put in the actual message of the email. Third-parties that help us process the form may also collect and store more personal information. At present, no such third-party exists, but one (or more) may exist in the future; and if that comes to be, we will update this page to reflect this change, and offer further details.

  • We use Google Analytics, but this doesn’t collect any personal information from you. Any potentially personal data is masked when it’s collected.

  • We collect information you provide when scheduling a session (using the Schedule page). However, we do no collect credit card or billing address information; that responsibility falls on third-parties (Stripe, Shopify, et al.). To be sure, Stephs’ Studio will never see your credit card information; instead, we will be informed of the fact that you made a purchase successfull, for which service (and dates) you processed a payment, and the amount of the payment. This information is retained

Personal Information

Generally, we tend toward data minimization, not bothering to collect any personal information belonging to human persons unless it’s absolutely necessary. Less information collected, means less information for everyone to worry about, right? Still, this all depends on how you think about your personal information. Obviously, your name, your address, phone numbers, credit card numbers, demographic information, social security number, or driver’s license number is all very personal and sensitive information and we would never ask for such things from our website visitors at any time. Instead, for website visitors interested in scheduling a session, we will forward your request to our payment processing folks (Squarespace, Shopify, and Stripe — apparently, if your company names doesn’t begin with an S, we don’t want anything to do with you).

The most general definition of “personal information” is any data that can identify you directly or indirectly; either “by reference to an identifier such as an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.” Some people think that your Internet Protocol (IP) address can be considered personal information, since it is a unique string of numbers and it may be used to disclose your precise location. Email addresses might also be considered personal information. Since these people (that is, the people who wrote the European Union’s General Data Protection Regulation, or GDPR) classify this information as “personal information,” and some of our website visitors might be from the EU we detail below how we collect, process, share, and store it.

In short, we collect information in two scenarios:

  1. Using our Contact Us form: Website visitors who complete the form are submitting their email address (along with other substantive information in the subject and body of the email) to us.

  2. Google Analytics: We love data, and we want to use it responsibly! If you’re going to collect it, who better to ask than Google™ about providing us with site tracking statistics? And it's free - with one or two caveats: the information collected is sent to Google™, and as part of Google™ Analytics Terms of Service, we are required to have this page.

  3. Schedule form: Website visitors who complete the form are submitting their email address (along with other substantive informaiton in the form) to us.

Processing Information: Scope and Purpose

Contact Us Form

Scope: There are four fields for information on the Contact Us page, and three of those items are open-ended, meaning, website visitors may submit whatever text they want in response to these three questions: email address, subject, and message. The one remaining field for entering information is a checkbox. The checkbox is consent that the person submitting the web form is in fact human and has read our legal page (this one). There is also an anti-robot thing to dissuade the robo-submitting entities out there in cyberspace, but this doesn’t require your input as much as your performance of a fun little game.

Our code for the form comes from Formspree. Formspree may collect your information in the name of providing services to you and maintaining the quality of their services for everyone. You can read their Privacy Policy here. Formspree uses SendGrid™’s API for emails. SendGrid™ may collect your personal information and use web beacons to track your activity related to the emails that they send and receive. They do this to provide reliable communication services to you and us. The information that they do keep is anonymized. You can read SendGrid's Privacy Policy here.

Purpose: We have a Contact Us page because we think it is very important to offer the opportunity (a simple web form in this case) to visitors (of the human variety) to communicate with us. And, of course, given this fact, it behooves us to actually collect the information/content of the communication that is submitted by the web visitor. We trust this all sounds reasonable.

Google Analytics

Scope: Using Google Analytics, we run a script on our website that sends the following information about our website visitors to Google™: date and time of first visit, general geolocation, visit count, screen resolution, screen color depth, browser, browser landscape, Java™ support, and Flash™ version. All items are per page and per visit. Error logs also collect any errors that visitors might encounter. As a part of our data minimization practice, we have elected to disable cookies, and not to implement the User-ID and Advertising features of Google Analytics. Also, we mask IP addresses; so, in this scenario, no personal information is collected. You can read more about this on Google's own website at http://www.google.com/policies/privacy/partners/.

Purpose: We are interested in knowing how visitors come to find themselves on our site. Also, we are interested in knowing what they do once they've arrived, and how long they stay with us. Specifically, logs help us understand what draws people to our website, where our audience is located, and what we could be doing to make sure the website performs better for everyone. Error logs help us fix any problems you might encounter. Knowing these things (we think) will help us in some way make our website better and serve our customers better.

Securing Information: Storage and Transfer

To make use of the data that we collect, we transfer it for analysis, using third-party services for both processing and storage and for the intended purposes explained above. We aren’t using the data for any other purpose.

Transfer

Our site is SSL encrypted, so the information that you submit on our site is protected against unauthorized access. Please note that data that we collect is not transferred outside of the US, unless, of course, you are accessing this page from outside of these United States. Google Analytics is an active member of the E.U. - U.S. Privacy Shield Framework, so the information collected about your visit to our site is certified to be secure even in the process of transferring the data-- and even if you happen to be located outside of the USA. SendGrid is also an active member of Privacy Shield, so the same security standards apply to the Contact Us form.

Storage

Information collected through the Contact Us page is stored on our servers — that sounds like we have physical servers, which we, of course, do not. To be very specific, the information collected from our Contact Us page and the Schedule page is transmitted to us (via email), and thus is stored in our emailing (and data sharing platform… hmmm… Google Workspace and Microsoft 365… yup, both of’m… don’t ask). The Contact Us page uses Formspree, which keeps the last 100 messages that roll through and we delete the last 100 email addresses that come in; the messages are stored but remain anonymous. SendGrid deletes the raw information after communications have been relayed.

As mentioned before, the information that Google Analytics collects about geolocation is disassociated from personally identifiable information. GDPR calls this “pseudonymisation.” Get it? Like a British pseudonym? Got it? Good. It’s also good to know that Google Analytics encrypts the information it keeps for us. We keep logs for 14 months-- or whatever Google’s minimum storage option is at the time.

Third-party Involvement

Other than our employees and members of our Advisory Board, we do not share any information we collect from our website with any third-party. The exceptions, of course, are the data collected using Formspree (described above), and the information collected by payment processing entities (that, again, we do not see). This means that we do not sell or otherwise distribute data collected from our website (as described above) to any entity. Like we said, we care about your privacy.

Consent

The legal basis on which we collect and process your personal information is explicit and affirmative consent. In other words, without your expressed consent, we cannot legally (and do not) collect or process your personal information. By using this website, submitting the Contact Us or Schedule forms, you give us permission to collect, process, and store the information collected, as stated in the policy above.

User Rights

Thanks to international regulations, visitors to this site now enjoy a full set of data protection rights. Congratulations! For the purposes of this policy, we are a data collector. Visitors to this site, especially EU residents, have a special right to:

  1. Access: to request information regarding the data stored in relation to themselves or to their pseudonym (like a username, pen name, or IP address), for verification or clarification. Upon your request, the information can be provided electronically and in a timely manner.

  2. Revocation: to revoke a given consent to the collection and use of their personal data at any time with effect for the future, but without affecting the lawfulness of processing based on consent before your withdrawal.

  3. Rectification or erasure: to request the correction or deletion of their data from us and its third-party vendors’ systems/assets.

  4. Restriction: under certain circumstances, to control and limit the processing of their data. In this situation, you’d allow us to store the information we already have on you, but no longer process it.

  5. Data portability: to receive their data, or, if technically feasible, have it transferred to a third-party at their request, in a commonly used and machine-readable format and without any additional hinderance. You can have your cake and eat it too!

  6. Lodge a complaint: to complain to a supervisory authority about our policies, behaviors, or handling of their data. The supervisory authority is an independent public authority in each Member State of the European Union, who protects the fundamental rights and freedoms of natural persons in relation to processing and to facilitate the free flow of personal data within the Union. Sorry US residents; you’ll have to find someone else to complain to.

  7. Notification: to be notified:

    1. on the status of each of the requests (as listed above)

    2. whenever a data breach has occurred that may impact personal information

    3. at least 30 days in advance if we intend to:

      1. further process your personal data for a purpose other than that for which you have expressly consented; or

      2. change our privacy policy

All rights may be exercised by you, free of charge, and should receive a response within 30 days. However, excessive requests by any singular individual may incur a fee.

Contacting Us

Now that you’ve read all the caveats about contacting us through the form, we will provide you with an alternative, which, of course, is subject to your email provider’s own Privacy Policy and Terms of Use. That said, we need to display contact information to allow website visitors the ability to request that their private information be erased. In the event that a website visitor is eager for us to erase private information submitted on our website, please send an email to info@stephs.studio. You can also use this email address to withdraw consent previously given and to request we erase the information that we have on you (if it is at all tied to you personally, like your email). Please be as specific as possible about the date/time and nature of the information you are requesting we erase, and please allow us up to 30 days to respond with an update to your request.

Terms and Conditions of Use

1. Terms

By accessing this web site, you are agreeing to be bound by these website Terms and Conditions of Use, and by all applicable laws and regulations; and you agree that you are responsible for compliance with any applicable local laws. You agree that by submitting your name and email address in the Contact Us form that we may use your email address to reply to the request. If you do not agree with any of these terms or the Privacy Policy, you are prohibited from using or accessing this site. The materials contained in this web site are protected by applicable copyright and trade mark law.

2. Use License

Permission is granted to temporarily download one copy of the materials on Steph’s Studio, Inc.'s website for personal, non-commercial transitory viewing only (this, in effect, to load the various webpages on our website onto your device, as you are presently doing). This is the grant of a license, not a transfer of title, and under this license you may not: 1) modify or copy the materials; 2) use the materials for any commercial purpose, or for any public display (commercial or non-commercial); 3) attempt to decompile or reverse engineer any software contained on our website; 4) remove any copyright or other proprietary notations from the materials; or 5) transfer the materials to another person or "mirror" the materials on any other server.

This license shall automatically terminate if you violate any of these restrictions and may be terminated by us at any time. Upon terminating your viewing of these materials or upon the termination of this license, you must destroy any downloaded materials in your possession whether in electronic or printed format.

3. Disclaimer

The materials on our website are provided "as is". We make no warranties, expressed or implied, and hereby disclaim and negate all other warranties, including without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights. Further, we dos not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its Internet web site or otherwise relating to such materials or on any sites linked to this site.

4. Limitations

In no event shall we or our suppliers be liable for any damages (including, without limitation, damages for loss of data or profit, or due to business interruption,) arising out of the use or inability to use the materials on our Internet site, even if we or an of our authorized representative has been notified orally or in writing of the possibility of such damage. Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.

5. Revisions and Errata

The materials appearing on our website could include technical, typographical, or photographic errors. We have done our best to make sure the materials on its website is accurate, complete, and current but due to human error may not be.

6. Site Terms of Use and Privacy Policy Modifications

When we do make changes to the Privacy Policy or Terms and Conditions of Use, we will post the change(s) on this page, 30 days in advance of the date that the changes go into effect and mark the date of change here: last updated on July 31, 2022. We may revise these policies for its website at any time. By using this website you are agreeing to be bound by the then current version of these Terms and Conditions of Use and Privacy Policy.

7. Governing Law

Any claim relating to Steph’ Studio, Inc. website shall be governed by the laws of the State of Illinois without regard to its conflict of law provisions.