BackStudios.mlStudios.ml
Sign inGet Started
Privacy PolicyTerms of ServiceCookie PolicyGDPR CompliancePIPL ComplianceCCPA NoticeData Processing AgreementAcceptable Use PolicySecurity

Last updated: January 15, 2025

GDPR Compliance

Studios.ml is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Economic Area.

Data Protection by Design

Privacy built into our systems from the ground up

Strong Security

Encryption, access controls, and regular audits

Data Subject Rights

Full support for access, correction, and deletion

Transparent Processing

Clear documentation of all data processing activities

International Transfers

SCCs and adequate safeguards for data transfers

DPA Available

Data Processing Agreement for all customers

Our Role Under GDPR

Studios.ml acts as a Data Processor when processing personal data on behalf of our customers (who are Data Controllers). For our own business operations and direct customer relationships, we act as a Data Controller.

As a Data Processor, we:

  • Process data only according to your documented instructions
  • Ensure confidentiality of personnel processing data
  • Implement appropriate technical and organizational security measures
  • Assist with data subject requests and compliance obligations
  • Delete or return data upon termination of services

Legal Basis for Processing

We process personal data under the following legal bases:

Contractual Necessity (Article 6(1)(b))

Processing necessary to perform our contract with you, including providing access to our platform, processing payments, and delivering customer support.

Legitimate Interests (Article 6(1)(f))

Processing for fraud prevention, security, service improvement, and business analytics, where these interests are not overridden by your rights.

Legal Obligation (Article 6(1)(c))

Processing required to comply with applicable laws, such as tax regulations and law enforcement requests.

Consent (Article 6(1)(a))

Processing based on your explicit consent, such as marketing communications and optional analytics cookies.

Your Rights Under GDPR

As a data subject in the EEA, you have the following rights:

Right of Access (Article 15)

Obtain confirmation of whether we process your data and request a copy.

Right to Rectification (Article 16)

Have inaccurate personal data corrected or completed.

Right to Erasure (Article 17)

Request deletion of your personal data in certain circumstances.

Right to Restriction (Article 18)

Limit the processing of your personal data.

Right to Portability (Article 20)

Receive your data in a structured, machine-readable format.

Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing.

To exercise these rights, contact our Data Protection Officer at dpo@studios.ml. We will respond within 30 days.

International Data Transfers

When we transfer personal data outside the EEA, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs): EU Commission-approved contractual terms.
  • Adequacy Decisions: Transfers to countries with adequate data protection.
  • Supplementary Measures: Additional technical and organizational safeguards.

Data Processing Agreement

We provide a Data Processing Agreement (DPA) that complies with GDPR Article 28 requirements. The DPA covers:

  • Subject matter and duration of processing
  • Nature and purpose of processing
  • Types of personal data processed
  • Categories of data subjects
  • Rights and obligations of both parties
  • Sub-processor management
  • Technical and organizational security measures

View our Data Processing Agreement

Sub-Processors

We use carefully vetted sub-processors to help deliver our services. All sub-processors are contractually bound to comply with GDPR requirements. Key sub-processors include:

Sub-ProcessorPurposeLocation
VercelHosting & InfrastructureUSA (SCCs)
SupabaseDatabase ServicesUSA (SCCs)
StripePayment ProcessingUSA (SCCs)
ResendEmail DeliveryUSA (SCCs)

Contact & Complaints

For GDPR-related inquiries or to exercise your rights:

  • Data Protection Officer: dpo@studios.ml
  • Address: Studios.ml, Inc., 548 Market St, San Francisco, CA 94104, USA
  • EU Representative: Studios.ml EU, 10 Earlsfort Terrace, Dublin 2, Ireland

You also have the right to lodge a complaint with your local supervisory authority.