Privacy

How we handle your data. Plain English, short.

We do not sell, share, or train on your data. We run a studio site, not a surveillance operation. This page tells you exactly what happens when you visit theft.studio or send us an email.

SECTION.01

What happens on this site

Analytics·················································None. No Google Analytics, no Mixpanel, no trackers.
Cookies·················································None beyond what Vercel uses to serve the site.
Forms·················································We use mailto: links. No form data is captured.
Contact emails·················································Stored in our inbox. Replied to. Not forwarded or sold.
Engagement data·················································All client data stays in systems you control or provision.
AI training·················································We do not use your data to train any model. Ever.
Hosting·················································Vercel (US). Standard Vercel log retention applies.
Fonts·················································TX-02 served locally. JetBrains Mono via Google Fonts (CSS only, no tracking cookies with font display: swap).
Third-party logos·················································Client logos loaded from jsDelivr CDN + Brandfetch CDN. IP addresses visible to those CDNs during load.
SECTION.02

Principles

01

Plain English

This page will never ask you to scroll past a wall of legalese. If we change how we handle data, we rewrite this page in the same voice.

02

No dark patterns

No cookie banner nags. No auto-playing audio. No 'consent to continue' walls. The site works the same whether you visit once or a hundred times.

03

GDPR-aligned by default

Your options under GDPR (access, rectification, erasure, portability) apply. Email hello@theft.studio and we'll respond within 30 days, usually within two business days.

04

Compliance on engagements

Active engagements operate under an MSA that explicitly covers SOC 2, GDPR, and EU AI Act alignment. Standard DPA available on request.

SECTION.03

Data requests

Want to know what we have on file (spoiler: probably nothing beyond an email thread), correct it, export it, or delete it? Email hello@theft.studio with the subject line Privacy request. Response within 30 days; usually within 48 hours.

Last updated · 2026-04-22
Controller · THEFT Studio S.L. · Valencia, Spain
EU representative · not required (non-EU-transfer, no processing at scale)
Questions?
Email us. We reply to every message that isn't spam.
hello@theft.studio
Privacy · plain English, no dark patterns · THEFT Studio