Privacy

Published on June 9, 2025.

1. Introduction

At Dunko Studio, we respect your privacy and are committed to protecting your personal data. This privacy policy will inform you about how we look after your personal data when you visit our website, use our web design and development services, and tell you about your privacy rights.

As a web design and development service provider, Dunko Studio operates in two distinct capacities:

  • As a data controller for information collected through our own website and during our client relationships

  • As a data processor when we design, develop, and maintain websites for our clients

This privacy policy primarily addresses our practices as a data controller. For information about how client websites handle personal data, please refer to the specific privacy policy of that website.

2. Information We Collect

We may collect, use, store, and transfer different kinds of personal data about you, including:

  • Identity Data: includes first name, last name, company name, job title

  • Contact Data: includes email address, telephone number, business address

  • Financial Data: includes payment information (though we do not store complete credit card details)

  • Transaction Data: includes details about payments to and from you and details of services you have purchased from us

  • Technical Data: includes internet protocol (IP) address, browser type and version, time zone setting, operating system

  • Usage Data: includes information about how you use our website and services

  • Marketing Data: includes your preferences in receiving marketing from us

  • Client Website Content: includes website designs, text, images, and other content you provide for your website

  • Client Access Credentials: includes usernames and encrypted passwords for content management systems

We also collect, use and share Aggregated Data such as statistical or demographic data. Aggregated Data may be derived from your personal data but is not considered personal data as it does not directly or indirectly reveal your identity.

3. How We Use Your Information

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • To register you as a new client and set up your account

  • To provide and improve our web design and development services

  • To process payments and maintain records of transactions

  • To manage our relationship with you, including notifying you about changes to our services or policies

  • To provide technical support and respond to inquiries

  • To administer and protect our business and website

  • To deliver relevant website content and advertisements to you

  • To use data analytics to improve our website, services, marketing, and client relationships

  • To make suggestions and recommendations about services that may be of interest to you

  • To comply with legal obligations

We rely on the following legal bases for processing your personal data:

  • Performance of a contract: Processing necessary for the performance of a contract with you

  • Legitimate interests: Processing necessary for our legitimate interests, provided your interests and fundamental rights do not override those interests

  • Legal obligation: Processing necessary to comply with our legal obligations

  • Consent: Where you have given us consent to process your personal data for specific purposes

4. Client Website Data

As part of our web design and development services, we may have access to data that is collected through client websites, including:

  • Content provided by clients for their websites

  • Data collected through forms on client websites

  • Analytics data related to client website performance and usage

  • User data that may be stored in client website databases

In relation to this data, Dunko Studio acts as a data processor, and the client acts as the data controller. This means:

  • We process this data only on the client's instructions

  • The client is responsible for ensuring they have the legal basis to collect and process this data

  • The client is responsible for providing appropriate privacy notices to their users

  • We implement appropriate technical and organizational measures to protect this data

We provide clients with content management tools that allow them to edit certain aspects of their website. Clients are solely responsible for any data they add, modify, or delete using these tools, and for ensuring that their use of these tools complies with applicable data protection laws.

5. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. We limit access to your personal data to those employees and third parties who have a business need to know.

For client websites, we implement industry-standard security measures, including:

  • Secure hosting environments

  • Encrypted connections (SSL/TLS)

  • Secure authentication systems for content management access

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect personal data, we cannot guarantee its absolute security.

6. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

For client data, our typical retention periods are:

  • Client account information: For the duration of our business relationship plus 7 years for tax and legal purposes

  • Website content and design files: For the duration of our service agreement plus 6 months after termination

  • Website backups: Typically retained for 30 days, unless otherwise specified in our service agreement

  • Analytics data: Typically retained for 26 months

Upon termination of services, we may delete all client website data from our systems after the retention period, unless otherwise required by law or agreed upon with the client.

7. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to:

  • Request access to your personal data

  • Request correction of your personal data

  • Request erasure of your personal data

  • Object to processing of your personal data

  • Request restriction of processing your personal data

  • Request transfer of your personal data

  • Right to withdraw consent

If you wish to exercise any of these rights, please contact us using the information in the "Contact Information" section. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests.

8. Third-Party Services

In providing our web design and development services, we may use various third-party services, including:

  • Hosting providers

  • Domain registrars

  • Payment processors (such as Stripe)

  • Analytics services (such as Google Analytics)

  • Email service providers

  • Content delivery networks

  • Website plugins and extensions

These third-party services may collect, use, and share personal data in accordance with their own privacy policies. We encourage you to review the privacy policies of these third parties.

We select third-party service providers with due care and require them to have appropriate security measures in place to protect personal data. However, we are not responsible for the privacy practices of these third parties.

9. Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

We use the following types of cookies:

  • Essential cookies: These are necessary for the website to function properly

  • Analytical/performance cookies: These allow us to recognize and count visitors and see how they move around our website

  • Functionality cookies: These are used to recognize you when you return to our website

  • Targeting cookies: These record your visit to our website, the pages you visit, and the links you follow

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

10. California Privacy Rights

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

  • The right to know what personal information we collect, use, disclose, and sell

  • The right to delete personal information we have collected about you

  • The right to opt-out of the sale of your personal information

  • The right to non-discrimination for exercising your CCPA rights

  • The right to limit the use and disclosure of sensitive personal information

  • The right to correct inaccurate personal information

To exercise these rights, please contact us using the information in the "Contact Information" section.

11. Contact Information

If you have any questions about this privacy policy or our privacy practices, please contact us atcontact@dunko.dev.

Dunko Studio is based in San Diego, California. We are the controller responsible for your personal data collected through our website and in the course of our business relationship with you.