NNorthform
Back

Legal

Privacy Policy

Last updated: May 10, 2026

Northform Studio ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share and safeguard personal information in compliance with the EU General Data Protection Regulation (GDPR), the UK GDPR and Data Protection Act 2018, and US state privacy laws including the California Consumer Privacy Act as amended by the CPRA, the Virginia CDPA, and similar legislation.

1. Data Controller

Northform Studio is the data controller of personal data collected through this website and during our services. You can reach us at hello@northform.studio.

2. Personal Data We Collect

  • Identity & contact data — name, email, company, phone, role.
  • Project data — information you share when scoping or executing an engagement.
  • Billing data — billing address, VAT number, payment references (we do not store full card data).
  • Technical data — IP address, browser type, device data, cookie identifiers.
  • Marketing preferences — newsletter consent and communication choices.

3. How We Use Personal Data (Purposes)

  • To provide our services and perform our contract with you.
  • To respond to enquiries and manage client communications.
  • To issue invoices and meet tax/accounting obligations.
  • To improve our website, security, and service quality.
  • To send marketing emails where you have opted in (you may unsubscribe at any time).

4. Legal Bases (GDPR / UK GDPR)

  • Contract — to deliver our services to you.
  • Legal obligation — for tax, accounting and regulatory requirements.
  • Legitimate interests — to operate, secure and improve our business.
  • Consent — for marketing communications and non-essential cookies.

5. Cookies and Tracking

We use strictly necessary cookies for site functionality. Analytics and marketing cookies are only loaded after you consent via our cookie banner, in line with the EU ePrivacy Directive and UK PECR. You can withdraw consent at any time through the cookie settings.

6. Sharing of Personal Data

We share personal data only with trusted processors and partners, including:

  • Cloud hosting and infrastructure providers.
  • Email, CRM and analytics tools.
  • Payment processors and accountants.
  • Legal or regulatory authorities where required by law.

We do not sell personal information.

7. International Transfers

Where personal data is transferred outside the EEA or UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or transfers to jurisdictions deemed adequate.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes listed above and to meet legal, accounting, or reporting requirements (typically up to 7 years for billing records). After that period, data is deleted or anonymised.

9. Your Rights (EU / UK)

  • Right to access, rectify, erase or restrict processing of your data.
  • Right to object to processing based on legitimate interests or for direct marketing.
  • Right to data portability.
  • Right to withdraw consent at any time.
  • Right to lodge a complaint with your supervisory authority (e.g. UK ICO at ico.org.uk).

10. US State Privacy Rights (CCPA/CPRA, VCDPA, others)

California, Virginia, Colorado and other US residents have the right to know what personal information we collect, to access and delete it, to correct inaccuracies, to opt out of "sale" or "sharing" of personal information (we do not sell or share for cross-context behavioural advertising), and to be free from discrimination for exercising these rights. You may submit a request by emailing hello@northform.studio.

11. Children's Privacy

Our services are not directed to children under 16 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children.

12. Security

We implement appropriate technical and organisational measures (encryption in transit, access controls, vendor due diligence) to protect personal data against unauthorised access, loss or disclosure.

13. Changes to This Policy

We may update this Privacy Policy. The "Last updated" date reflects the latest revision. Material changes will be communicated by email or via a prominent notice on our website.

14. Contact and Complaints

For privacy questions or to exercise your rights: hello@northform.studio. EU residents may contact their national Data Protection Authority. UK residents may contact the Information Commissioner's Office (ICO).