Privacy Policy
ISLA Studio respects your privacy and processes personal data transparently, securely and in line with the GDPR. Where applicable to individuals in Brazil, we also observe principles compatible with the LGPD.
Controller
The entity responsible for processing data collected through this website is ISLA Studio. For privacy questions or rights requests, contact hello@islastudio.pt.
Data collected
We may collect name, email, phone/WhatsApp contact, project type, submitted message, cookie preferences, basic technical request data and information needed to respond to your enquiry.
Purposes
We use data to respond to enquiries, prepare proposals, provide pre-contractual support, improve website security, measure performance with consent and comply with legal obligations.
Legal basis
Processing may rely on pre-contractual steps when you request a quote, consent when you accept optional cookies, legitimate interest in website security and legal obligations where applicable.
Subprocessors
We may use third-party services to operate the website and communications, such as hosting/deployment providers, Resend for email delivery, Google Analytics only with consent and other necessary technical providers. These services may process data under their own terms and data protection agreements.
Cookies and analytics
We use essential cookies for operation and preferences. Analytics cookies are only activated if you accept that category in the consent banner. You can reject optional cookies without affecting essential website use and change your preference through the Cookies link in the footer.
Retention
We keep contact requests only for as long as necessary to respond, follow commercial opportunities and comply with legal obligations. As an operational reference, commercial contacts may be reviewed and deleted when no longer needed.
Security
We apply form validation and sanitization, anti-spam protection, request rate limiting, security headers, optional cookie controls and server-side email handling. No measure is absolute, but we aim to reduce risks of unauthorized access, abuse and data loss.
Data subject rights
You may request access, rectification, erasure, restriction, portability, objection to processing and withdrawal of consent where applicable. You may also lodge a complaint with the competent supervisory authority. For individuals covered by the LGPD, equivalent rights may apply, including confirmation of processing, access, correction, deletion and withdrawal of consent.
International transfers
Some technology providers may process data outside the European Economic Area. Where applicable, appropriate mechanisms such as standard contractual clauses, adequacy decisions or equivalent safeguards should apply.
Changes
This policy may be updated to reflect technical, legal or operational changes. The version published on this page is the version in force.