Privacy Policy

1.1 This Privacy Policy explains how Jinx Design Studio (“Jinx”, “we”, or the “Studio”) collects, uses, shares, and protects personal data when you visit our website or communicate with us.

1.2 This Policy applies to processing carried out on https://jinx.design, including its subpages and subdomains (the “Website”).

1.3 Jinx Design Studio, a registered small business operating under the Individual Entrepreneur regime in the Republic of Georgia, acts as the data controller for the Website and can be contacted at hey@jinx.design.

1.4 Processing related to our client services is governed by the Subscription Offer Agreement and any project-specific terms.

1.5 We use cookies and similar technologies as described in Section 4. Non-essential analytics cookies (Google Analytics 4) are set only after you provide consent via our cookie banner, and you can change your choice at any time. We do not use advertising, remarketing, or social media tracking cookies.

1.6 If you schedule a call via Cal.com, that service collects the information needed to arrange the meeting under its own privacy policy; we receive only basic booking details for scheduling and related communications (see Sections 2.5 and 3.1).

1.7 Depending on your location, you may have rights over your personal data (for example, to access, rectify, erase, restrict, object, or port your data). Details on these rights and how to exercise them appear in Section 5.

1.8 This Policy may be updated from time to time to reflect legal, technical, or business changes. The most current version is always available at https://www.jinx.design/docs/privacy, as indicated by the “Last updated” date. Where changes materially affect how we use your data or require consent (for example, for non-essential cookies), we will notify you on the Website and, where required, seek your consent again.

2.1 When you contact us directly (for example, by email or direct message), we collect the information you choose to provide, such as your name, email address, the content of your message, and any attachments.

2.2 We automatically collect technical and usage information when you visit the Website, including pages visited, on-page actions/events, timestamps, approximate location (city/region), device and browser type, operating system, language, and the referrer URL.

2.3 Our hosting environment generates server logs that may include your IP address, request URLs, user-agent, date/time, and error diagnostics. We use this information to maintain security and reliable operation of the Website.

2.4 We use strictly necessary cookies to run core site features and, only with your consent, Google Analytics 4 for analytics. See Section 4 for cookie names, purposes, and lifetimes.

2.5 If you book a call via Cal.com, that service collects the scheduling details it needs (e.g., name, email, time slot, time zone, notes) under its own privacy policy and may use cookies or similar technologies. We receive only basic booking details and use them to confirm and attend the call.

2.6 If you become a lead or client, we create an internal CRM record and store your contact details (such as name, email, company, website or socials, and region/time zone), the context of our conversations (lead source, channel, services of interest, and notes), commercial information (estimates, plan or subscription selection, and agreement status), supporting files or links, and timeline metadata (such as first and last contact dates and follow-up dates). These fields may vary case by case.

2.7 When you submit a form on the Website, we collect the fields you provide (for example, name, email address, social link, payment method, etc.) together with the submission time and IP address (for abuse prevention). Submissions are stored in Webflow’s form storage and then tranfered to our internal workspace in Notion to organise and respond to enquiries.

3.1 We read and reply to your messages, schedule calls via Cal.com, send confirmations and reminders, and maintain a brief record of the conversation while we handle your request. We also create and use CRM records to manage our relationship, tracking conversations, scheduling follow-ups, preparing proposals, and delivering services. We rely on performance of a contract or pre-contract steps (Art. 6(1)(b) GDPR) and, where appropriate, our legitimate interests in effective communication (Art. 6(1)(f)). You may object to follow-ups at any time, and we will suppress your profile from future outreach.

3.2 We serve the Website through our host, balance load, prevent abuse and bots, detect and fix faults, and process and temporarily store server logs (such as IP address, user-agent, request URLs, and timestamps) to maintain secure and reliable operation, relying on our legitimate interests (Art. 6(1)(f)).

3.3 If you give consent, we set Google Analytics 4 cookies, collect usage events, and receive aggregated reports to understand traffic and improve user experience. GA4 is deployed via Google Tag Manager (GTM). GA4 derives coarse location from IP and does not log or store full IP addresses, and we do not use advertising or remarketing cookies (Art. 6(1)(a)). We also use Hotjar (with input-masking enabled) to generate heatmaps and session recordings so we can diagnose UX issues and improve layout and copy; Hotjar runs only after you consent and does not record keystrokes (Art. 6(1)(a)).

3.4 We retain invoices, correspondence, and minimal technical records to comply with tax and accounting rules and to establish, exercise, or defend legal claims, relying on legal obligations (Art. 6(1)(c)) and/or our legitimate interests (Art. 6(1)(f)).

3.5 You can withdraw analytics consent at any time, and you may object to processing that we base on legitimate interests (Art. 21 GDPR). Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

4.1 We use strictly necessary cookies to run core site features (e.g., hosting, load balancing, security); these do not require consent.

4.2 Analytics cookies (Google Analytics 4) are set only after you click “okay!” in our banner. You can reject or change your choice anytime via the cookie banner or your browser. We use Google’s Consent Mode v2 so GA4 stays blocked until you consent.

4.3 Typical GA4 cookies are _ga and _ga_<measurement-id> (up to 2 years, configurable), _gid (24 hours), and _dc_gtm_<container-id> (about 1 minute, if GTM is used). Names and lifetimes may vary with your configuration.

4.4 GA4 event-level data retention is configured to 2 months in our property settings. Cookie expiry is separate and may differ. If you withdraw consent, we stop future analytics collection; this does not affect processing that occurred before withdrawal.

4.5 Hotjar cookies help measure session activity and sampling. Typical names and lifetimes include: _hjSessionUser_<siteid> (user persistence across sessions, up to 1 year),_hjSession_<siteid> (current session data, ~30 minutes),_hjAbsoluteSessionInProgress (first pageview flag, ~30 minutes), and_hjIncludedInSessionSample (sampling flag, 2–30 minutes).Exact names and durations may vary with configuration.

4.6 We do not use advertising, remarketing, or social media tracking cookies.

5.1 We use a small number of service providers that act as processors and handle personal data only on our instructions. These include Webflow, Inc. for hosting, CMS, and form storage; Google for Google Analytics 4 (only if you consent), which we deploy via Google Tag Manager (GTM). GTM is a tag container and does not itself store personal data. We also use Hotjar Ltd. (only if you consent) for heatmaps and session analytics. For enquiry handling and client management, we organise submissions and notes in Notion (Notion Labs, Inc.). If you complete a payment through a link we provide, BoomFi (boomfi.xyz) acts as our payment processor and shares limited billing metadata with us (for example, amount, status, timestamp, and a payment reference). We do not receive full card or wallet credentials. We remain the controller, we have data-processing agreements in place where required, and we do not sell personal data or allow our providers to use it for their own marketing.

5.2 Where our providers process data outside the EEA or the UK, international transfers are protected by Standard Contractual Clauses or other appropriate safeguards, and we apply supplementary measures where required by law.

5.3 We implement appropriate technical and organizational measures, such as TLS encryption in transit, access controls, and least-privilege practices, to protect personal data against unauthorized access, misuse, loss, or alteration. No system is perfectly secure. If we become aware of a personal-data breach that requires notification, we will inform you and/or the competent authority as the law requires.

5.4 We keep server logs for up to seven days (longer only to investigate incidents). We retain contact and inquiry information, including basic scheduling details received from Cal.com, for up to twenty-four months after our last interaction unless we need it longer to establish, exercise, or defend legal claims. Client account and billing records are kept for the duration of the relationship and then for the periods required by tax and commercial law (typically five to ten years). Analytics data is retained as configured in Section 4.4, and cookie lifetimes may differ from analytics retention.

5.5 Depending on your location, you may have the right to request access to your personal data and to seek rectification, erasure, restriction, portability, or to object to processing, including processing based on our legitimate interests. You can withdraw consent to analytics at any time via the cookie banner or by clearing cookies. Withdrawing consent does not affect processing carried out before withdrawal.

5.6 You may lodge a complaint with your local data protection authority (EEA/UK) or, in Georgia, with the Personal Data Protection Service.

5.7 To exercise your rights, email hey@jinx.design. We may request information to verify your identity and will respond without undue delay and, in any event, within one month of receipt; where requests are complex or numerous, we may extend this period by up to two further months and will let you know if we do.