EYZAN StudioEYZAN Studio

Legal

Privacy Policy

Last updated: May 5, 2026

EYZAN Studio ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, and protect personal information when you use our website and services. We operate from Italy and comply with the EU General Data Protection Regulation (GDPR).

1. Data Controller

Legal business name: [LEGAL BUSINESS NAME]
Registered address: [BUSINESS ADDRESS], Italy
VAT / Tax ID: [VAT OR TAX ID]
Contact email: [SUPPORT EMAIL]

2. Information We Collect

  • Account data: email, name, password hash.
  • Billing data: handled by Stripe; we store subscription status and customer ID.
  • Uploaded content: SVG and image files you upload to use our tools.
  • Usage data: anonymized analytics, IP address, device/browser type.

3. Legal Basis

We process personal data under: (a) performance of contract (providing the service), (b) legitimate interest (security, analytics), and (c) consent (non-essential cookies, marketing).

4. How We Use Your Data

  • To provide and operate the EYZAN Studio service.
  • To process subscription payments via Stripe.
  • To send transactional emails (account, billing, support).
  • To improve and secure the service.

5. Data Sharing

We share data only with sub-processors required to deliver the service: Stripe (payments), Supabase (hosted database/auth), and our hosting provider. We do not sell personal data.

6. Data Retention

Account and project data are retained while your account is active and for up to 12 months after deletion for legal/accounting purposes. Billing records are retained as required by Italian/EU tax law.

7. Your GDPR Rights

  • Access, rectification, erasure of your personal data.
  • Restriction or objection to processing.
  • Data portability.
  • Withdraw consent at any time.
  • Lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).

To exercise these rights, contact us at the email above.

8. International Transfers

Some sub-processors may process data outside the EEA. In such cases, we rely on Standard Contractual Clauses approved by the European Commission.

9. Security

We use industry-standard encryption in transit (TLS) and at rest, role-based access control, and routine security review.

10. Changes

We may update this Privacy Policy. Material changes will be communicated by email or a notice on the site.