Privacy Policy

Kuro Studio
Lukas Wirth
Hirschberger Str. 24
90559 Burgthann, Germany

Contact Information:
Email: hi@kuroapps.com
Phone: +49 157 57151022

We collect information when you visit our website or use our services:

Personal Information:
• Name, email address, and phone number (when you contact us)
• Project requirements and business inquiries
• Communication history and correspondence
• Newsletter subscription data (if you subscribe)

Technical Information:
• IP address and device information
• Browser type and version
• Pages visited and time spent on site
• Referral sources and user behavior patterns

Server Log Files:
Our hosting provider automatically collects and stores information in server log files, which your browser automatically transmits. This includes:
• Browser type and version
• Operating system used
• Referrer URL (previously visited page)
• Hostname of the accessing computer
• Time of server request
• IP address

This data cannot be assigned to specific persons and is not merged with other data sources.

We use your personal data for the following purposes:

Service Provision:
• Process project inquiries and consultation requests
• Provide personalized service recommendations
• Schedule appointments and follow-up communications
• Deliver project updates and technical notifications
• Send newsletters (if you subscribed)

Business Operations:
• Improve our website functionality and user experience
• Analyze service quality and customer satisfaction
• Comply with legal and regulatory requirements
• Maintain business records as required by law

Communication:
• Respond to your inquiries and requests
• Send relevant service updates and information
• Provide technical support and assistance

Legal Basis (GDPR Art. 6):
• Processing based on your consent (Art. 6(1)(a) GDPR) - e.g., newsletter subscription
• Processing necessary for contract performance (Art. 6(1)(b) GDPR) - e.g., project inquiries
• Processing necessary for legal obligations (Art. 6(1)(c) GDPR) - e.g., tax records
• Processing based on legitimate interests (Art. 6(1)(f) GDPR) - e.g., website analytics

We use the following analytics tools to improve our services:

Google Analytics:
• Tracks website usage, page views, and user behavior
• Helps us understand how visitors interact with our site
• Enables us to improve website performance and content
• Data is anonymized (IP anonymization enabled)
• Privacy Policy: https://policies.google.com/privacy
• Opt-out: https://tools.google.com/dlpage/gaoptout

Google Tag Manager:
• Manages website tracking codes and conversion measurement
• Enables us to measure marketing effectiveness
• Helps optimize user experience based on behavior data
• Privacy Policy: https://policies.google.com/privacy

Conversion Tracking:
We track the following events to improve our services:
• Contact form submissions and inquiries
• Phone and email click interactions
• Social media engagement
• Quality visits and user engagement metrics

You can opt out of analytics tracking by adjusting your cookie preferences or using browser privacy settings.

We work with trusted third-party providers to deliver our services:

Website Infrastructure:
• Vercel Inc. (Website hosting and CDN services)
• Privacy Policy: https://vercel.com/legal/privacy-policy

Communication Services:
• Resend (Email delivery for notifications and newsletter)
• Privacy Policy: https://resend.com/legal/privacy-policy

Data Storage and Security:
• Supabase (Secure database and authentication services)
• Privacy Policy: https://supabase.com/privacy

All third-party providers are carefully selected and contractually required to maintain appropriate data protection standards in compliance with GDPR.

Newsletter Subscription:
With your consent, you can subscribe to our newsletter to receive information about our services, product updates, and relevant industry insights.

Legal Basis:
Newsletter delivery is based on your explicit consent (Art. 6(1)(a) GDPR).

Data Processing:
• Email address (required for delivery)
• Subscription timestamp
• Confirmation timestamp (double opt-in)
• IP address at subscription time (proof of consent for legal compliance)

Service Provider:
Newsletter emails are sent via Resend (https://resend.com/legal/privacy-policy). Your email address and subscription data are transmitted to and processed by Resend for the purpose of newsletter delivery.

Double Opt-In Process:
We use the double opt-in procedure to ensure your consent. After registration, you will receive a confirmation email with a verification link. Only after clicking this confirmation link will you be subscribed to our newsletter. This protects you from unwanted subscriptions and serves as proof of consent.

Withdrawal of Consent:
You can withdraw your consent and unsubscribe at any time by:
• Clicking the unsubscribe link at the bottom of any newsletter email
• Sending an email to hi@kuroapps.com
• Contacting us via phone at +49 157 57151022

Upon unsubscribe, your email address will be immediately removed from our newsletter distribution list. If we are legally required to retain your data for other purposes (e.g., if you are also a customer with an active contract), this retention will be limited to those purposes only.

Retention Periods:
• Project inquiries and consultations: Up to 3 years (business compliance)
• Newsletter subscriptions: Until you unsubscribe or withdraw consent
• Communication records: Until you withdraw consent or request deletion
• Website analytics: 14 months (Google Analytics default)
• Technical logs: 12 months maximum
• Legal/tax records: As required by German commercial and tax law (typically 10 years)

Security Measures:
We implement industry-standard security measures including:
• Encrypted data transmission (SSL/TLS encryption)
• Secure data storage with access controls
• Regular security assessments and updates
• Staff training on data protection procedures
• Incident response and breach notification procedures

SSL/TLS Encryption:
This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, including inquiries you send to us. You can recognize an encrypted connection by the "https://" in your browser's address bar and the lock icon. When SSL/TLS encryption is activated, data you transmit to us cannot be read by third parties.

Our website uses cookies and similar technologies:

Essential Cookies:
• Required for basic website functionality
• Session management and security
• Cannot be disabled without affecting site operation

Analytics Cookies:
• Google Analytics for website performance measurement
• User behavior analysis for service improvement
• Anonymous usage statistics and reporting

Marketing Cookies:
• Conversion tracking for marketing campaigns
• Social media integration and sharing features

Cookie Management:
You can control cookie settings through:
• Your browser's privacy settings
• Our cookie consent banner (where applicable)
• Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout

Most browsers accept cookies automatically but allow you to disable them. Please note that disabling cookies may limit website functionality.

Under GDPR, you have the following rights:

Access and Information (Art. 15 GDPR):
• Request information about what personal data we process
• Obtain a copy of your personal data in a structured format
• Be informed about data processing purposes and recipients

Correction and Deletion (Art. 16, 17 GDPR):
• Request correction of inaccurate or incomplete data
• Request deletion of your personal data ("right to be forgotten")
• Object to processing for marketing purposes

Restriction and Portability (Art. 18, 20 GDPR):
• Request restriction of data processing in certain circumstances
• Receive your data in a portable format
• Transfer data to another controller

Consent and Withdrawal (Art. 7 GDPR):
• Withdraw consent for data processing at any time
• Opt out of marketing communications and newsletters
• Request restriction of analytics tracking

Right to Object (Art. 21 GDPR):
• Object to data processing based on legitimate interests
• Object to direct marketing and profiling

Exercising Your Rights:
To exercise any of these rights, contact us at:
Email: hi@kuroapps.com
Phone: +49 157 57151022

We will respond to your request within 30 days (as required by GDPR Art. 12).

Right to Lodge a Complaint:
You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your residence, workplace, or where an alleged data protection violation occurred.

Supervisory Authority:
For data protection matters in Bavaria, Germany, the competent supervisory authority is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach, Germany
Phone: +49 (0) 981 180093-0
Email: poststelle@lda.bayern.de
Website: https://www.lda.bayern.de

Some of our service providers operate internationally, which may involve transferring your data outside the EU/EEA:

Google Services (Analytics, Tag Manager):
• Data may be processed in Google's global data centers
• Google LLC participates in the EU-US Data Privacy Framework (DPF)
• DPF adequacy decision by EU Commission: July 10, 2023
• Google complies with GDPR and international data protection standards
• DPF List: https://www.dataprivacyframework.gov/list
• Privacy Policy: https://policies.google.com/privacy

Vercel and Supabase:
• Infrastructure located in secure, compliant data centers
• All transfers are protected by appropriate safeguards (GDPR Art. 46)
• Contractual data protection obligations in place (Standard Contractual Clauses)
• Vercel complies with EU-US Data Privacy Framework

We ensure all international transfers comply with GDPR requirements and include appropriate protection measures.

When you contact us via our contact form or email:

Data Processing:
• Your inquiry data is stored for processing your request
• We collect only the information necessary to respond to your inquiry
• Data is processed based on your consent (GDPR Art. 6(1)(a)) or contract performance (GDPR Art. 6(1)(b))

Storage Duration:
• Contact form data is retained until your inquiry is fully resolved
• If a business relationship develops, data is stored according to commercial and tax retention requirements
• You can request deletion at any time (subject to legal retention obligations)

Email Communication:
• Emails are transmitted via Resend with encryption
• Email content is stored only as long as necessary for communication purposes
• We do not share your email address with third parties without your consent

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you as defined in Art. 22 GDPR.

Our website analytics are used solely for statistical purposes and website improvement. They do not result in automated decisions about individuals.

We may update this privacy policy periodically to reflect:
• Changes in our data processing practices
• New legal requirements or regulatory guidance
• Updates to our services or technology
• Enhanced privacy protection measures

We will notify you of significant changes by:
• Posting the updated policy on our website with a new effective date
• Sending email notifications for material changes (where applicable)
• Highlighting key changes in our communications

We encourage you to review this policy regularly to stay informed about how we protect your privacy.

Last Updated: {{lastUpdated}}

For any questions, concerns, or requests regarding this privacy policy or your personal data, please contact us:

Contact Information:
Kuro Studio
Lukas Wirth
Email: hi@kuroapps.com
Phone: +49 157 57151022

Office Address:
Hirschberger Str. 24
90559 Burgthann, Germany

Response Time:
We aim to respond to all privacy-related inquiries within 30 days (GDPR compliance). For urgent matters, please call our office directly.