Privacy Policy · Effective 25 May 2026

Privacy Policy

1. Data controller

The controller of personal data collected via rubycube.eu is Rubycube Studio, owned by Deniss Raider FIE, registered in Estonia under reg. code 17514430, Tallinn, Estonia. Reach us via our contact page.

2. What we collect

We collect only what you give us through one of our forms:

  • Contact & widget forms: your name, email, and the message you send.
  • Start-a-project form: the above, plus answers about your project (type, inspiration links, color preference, brand and logo status, company name).

We don't use third-party analytics, advertising, or social-media tracking on this site. No cookies are set apart from a single first-party flag remembering you've dismissed the cookie notice.

3. Why we collect it (lawful basis)

We process your form data on the basis of your consent (you choose to submit it) and our legitimate interest in replying to your enquiry and discussing potential work. If we go on to work together, we'll process further data under a contract with you or your organisation.

4. How we use it

Form submissions reach us by email through Netlify Forms (our form backend). We use the information to reply to you and, if relevant, scope and discuss the project. We never sell or trade your data.

5. Who else sees it

We share data only with these service providers, strictly for the purposes above:

  • Netlify — hosts the site and receives form submissions on our behalf.
  • Email provider — used to send and receive correspondence with you.

These providers act as data processors and apply their own GDPR-aligned safeguards. They may store data outside the EEA; transfers rely on the EU Standard Contractual Clauses where applicable.

6. How long we keep it

Form submissions are kept for as long as needed to handle your enquiry and any resulting work, plus a reasonable archive period (typically up to 24 months for unanswered enquiries, up to 7 years for completed engagements, where required by Estonian bookkeeping law). You can ask us to delete your data sooner — see below.

7. Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct it if it's wrong.
  • Have it erased ("right to be forgotten").
  • Object to or restrict processing.
  • Receive a copy in a portable format.
  • Withdraw consent at any time.
  • Lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

To exercise any of these, reach us via our contact page. We aim to respond within 30 days.

8. Security

Form submissions are transmitted over HTTPS. We use reputable providers (Netlify, our email provider) that follow industry-standard security practices. No system is 100% secure — if you spot something that looks like a security issue, please let us know.

9. Changes to this policy

We may update this policy as the site or our processes change. The effective date at the top reflects the latest revision.

10. Contact

Questions about your data? Get in touch via our contact page.