Privacy Policy

Effective Date: December 13th, 2025
Last Updated: December 13th, 2025

This Privacy Policy explains how Stateless Studio LLC ("Stateless Studio," "we," "us," or "our") collects, uses, discloses, and safeguards personal information when you interact with our websites, products, services, and communications (collectively, the "Services"). It also describes your privacy rights and choices. If you have questions, contact us at Legal@stateless.studio.

Scope: This Policy applies to personal information we process in our role as a business/controller. If we process data on behalf of a client (as a service provider/processor), our processing is governed by that client's instructions and our data processing agreement.

1) Information We Collect

We collect information in three ways: (a) directly from you, (b) automatically, and (c) from third parties.

a) Information you provide

  • Account & profile data: name, alias, company, job title, email address, phone number, billing and mailing addresses, username, password, and preferences.
  • Transactional data: purchases, subscriptions, invoices, and payment method details (we use trusted payment processors; we do not store full card numbers).
  • Communications & support: messages, feedback, survey responses, and any files you submit.
  • Event & marketing data: registrations, opt‑ins, and content downloads.

b) Information collected automatically

  • Device & usage data: IP address, device identifiers, browser type, operating system, referring/exit pages, timestamps, and clickstream.
  • Analytics data: page views, feature use, performance metrics, crash logs.
  • Cookies & similar technologies: session cookies, preference cookies, analytics, and—in jurisdictions where permitted—advertising identifiers.

c) Information from third parties

  • Business partners & vendors: payment processors, analytics providers, and hosting partners.
  • Public sources: professional profiles, social media posts you make public, and company registries.
  • Client-provided data: when we act as a processor, clients may provide data for us to handle on their behalf.

2) How We Use Your Information

We use personal information to:

  • Provide and improve the Services (create and manage accounts, deliver features, troubleshoot, and enhance performance).
  • Process transactions (orders, subscriptions, payments, accounting).
  • Communicate (service notifications, security alerts, updates, and marketing where permitted).
  • Customize experiences (remember preferences, personalize content).
  • Ensure security & prevent misuse (detect, prevent, and investigate fraud, spam, or illegal activity).
  • Comply with law & enforce terms (recordkeeping, regulatory requirements, contractual enforcement).
  • Conduct research & analytics (aggregate statistics, product development).
  • Support business operations (auditing, reporting, mergers, acquisitions, or asset transfers).

Legal bases (EEA/UK): Where the GDPR/UK GDPR applies, we rely on: (i) contract (to provide the Services), (ii) legitimate interests (e.g., improving and securing the Services), (iii) consent (e.g., certain cookies and direct marketing), and (iv) legal obligation (e.g., tax and accounting).

3) How We Share Information

We share personal information with:

  • Service providers/Processors: hosting, cloud infrastructure, analytics, email and marketing tools, payment processors, customer support platforms, security and anti‑fraud services—each bound by contractual obligations to protect data and use it only to provide services for us.
  • Business partners: with your direction or consent (e.g., integrations you enable).
  • Corporate transactions: in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets (your information may be transferred as part of the transaction).
  • Legal & compliance: to comply with law, legal process, or governmental requests; to enforce our terms; or to protect rights, property, or safety.
  • With your consent: when you ask or authorize us to do so.

We do not sell personal information and we do not share it for cross‑context behavioral advertising in jurisdictions where "share" has a defined legal meaning (e.g., CPRA). If this changes, we will update this Policy and provide required opt‑out mechanisms.

4) Cookies and Similar Technologies

We use cookies, pixels, SDKs, and local storage to operate the site, remember preferences, analyze usage, and—in jurisdictions where permitted—measure the effectiveness of our marketing. You can manage cookies via your browser settings and, where required, via our cookie banner/consent manager. Disabling certain cookies may limit functionality.

5) Data Retention

We retain personal information only as long as needed for the purposes described above, including to meet legal, accounting, or reporting requirements. When retention is no longer necessary, we will delete, anonymize, or securely store information and segregate it from further processing.

6) Security

We implement technical and organizational measures designed to protect personal information, including encryption in transit, access controls, least‑privilege practices, logging/monitoring, and vendor due diligence. No method of transmission or storage is 100% secure; we cannot guarantee absolute security. If we learn of a breach, we will notify affected individuals and authorities in accordance with applicable law.

7) International Transfers

Stateless Studio operates globally. If we transfer personal information outside your country (for example, from the EEA/UK to the United States), we use lawful transfer mechanisms such as adequacy decisions, Standard Contractual Clauses (SCCs), and supplementary measures where appropriate. You may request details of our transfer safeguards using the contact information below.

8) Your Rights & Choices

Depending on your location, you may have the following rights:

  • Access & portability: request a copy of your personal information and certain details about how we process it.
  • Correction: request that we correct inaccurate information.
  • Deletion: request that we delete your personal information (subject to legal exceptions).
  • Restriction & objection (EEA/UK): request that we restrict processing, or object to processing based on legitimate interests, including direct marketing.
  • Consent withdrawal: withdraw consent at any time where we rely on consent (e.g., certain cookies or marketing).
  • Opt‑out of targeted advertising (US states): opt‑out of the processing of personal information for targeted advertising.
  • Opt‑out of sale/sharing (CPRA): we do not sell or share personal information as defined by CPRA; if we ever do, we will provide a "Do Not Sell or Share My Personal Information" link.
  • Non‑discrimination: you will not be charged different prices or receive a different level of service because you exercised your privacy rights.

How to exercise your rights: Email Legal@stateless.studio. We may need to verify your identity before fulfilling requests. Authorized agents may submit requests with valid authorization and verification.

9) Children's Privacy

Our Services are not directed to children under 13 (or a higher age where required by local law), and we do not knowingly collect personal information from children. If you believe a child provided us information, contact us and we will take appropriate steps to remove it.

10) Data Controller / Contact Details

Stateless Studio LLC
82 Des Moines Ct
Tinton Falls, New Jersey, USA 07712

Email: Legal@stateless.studio
Phone: 732-200-7250

11) Processor Activities (When We Act on Behalf of Clients)

When a client engages us to process personal information, we act as a processor/service provider and process data only under the client's instructions and our agreement. The client's privacy policy governs their use of personal information. We implement appropriate security measures and assist clients with data subject requests as required.

12) Marketing Communications

You may opt out of marketing emails by clicking "unsubscribe" in our messages or contacting us. We will still send you non‑marketing messages about your account, transactions, or Service notices.

13) Third‑Party Links & Integrations

Our Services may include links to or integrations with third‑party sites and services. We are not responsible for the privacy practices of those third parties. Review their policies before providing personal information.

14) Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Services, by email, or by posting a notice and updating the "Effective Date" above. Your continued use of the Services after the Effective Date signifies your acceptance of the updated Policy.

15) Additional Disclosures

California (CPRA/CCPA)

  • Categories collected in the past 12 months include identifiers (e.g., name, email, IP), commercial information, internet/network activity, geolocation (approximate), professional information, and inferences derived from usage.
  • We disclose these categories to service providers for business purposes such as hosting, analytics, payment processing, and security.
  • We do not sell personal information or share it for cross‑context behavioral advertising.
  • You may exercise access, deletion, correction, and opt‑out rights as described above.

Virginia/Colorado/Connecticut/Utah/Oregon and other U.S. State Laws

Residents may have rights to access, correct, delete, confirm processing, obtain portability, and opt out of targeted advertising, sale, or profiling with significant effects. Use the contact methods above to exercise rights; we will honor them consistent with applicable law.

EEA/UK

You may lodge a complaint with your local data protection authority. We would appreciate the chance to address your concerns first.

16) Definitions (Plain English)

  • "Personal information" / "personal data" means information that identifies, relates to, describes, or can reasonably be linked to a particular person or household.
  • "Service provider" / "processor" means an entity that processes personal information for us under a written contract, subject to confidentiality and use limitations.
  • "Sale" / "Share" (CPRA) have specific legal meanings that differ from common usage and generally involve exchanging data for money or for cross‑context behavioral advertising.

17) Subprocessors

We use trusted third-party service providers ("subprocessors") to help us deliver and support our Services. These subprocessors process personal information on our behalf under written agreements that require confidentiality and data protection measures. Our current subprocessors include:

  • Amazon Web Services (AWS): Cloud hosting and infrastructure.
  • Microsoft 365: Productivity and collaboration tools.
  • Google Analytics: Website and product analytics.
  • Stripe: Payment processing.
  • Intuit: Accounting and financial management.

We may update this list from time to time. If required by law, we will provide notice of changes and allow you to object where applicable.

Have Questions?

We're here to help. Contact us anytime.

Get in Touch →