Privacy

Privacy policy

Last updated 2026-04-25

This is the plain-language version of how we handle your data. We try not to collect anything we don’t need.

Who we are

Krit Studio (“we”) is a small web design and hosting business based in Kingston, Tennessee. Reach us at [email protected].

What we collect

When you fill out the project enquiry form

Your name, email, business name, current site URL, project type, timeline, budget hint, and the message you write. Plus your IP address, user agent, and the page you came from — basic anti-spam context.

When you become a client

Your name and email become a portal login. We may add your phone number and business address if you give them to us. Anything you upload, post, or submit through the portal — files, change requests, messages — is stored against your project.

When you pay an invoice

We don’t see or store your card number. Stripe handles payment data on their end. We see the invoice status (paid / unpaid), the amount, and the timestamp.

When you visit the site

Standard server logs (IP, user agent, requested URL, timestamp). Cloudflare in front of us records similar data for DDoS protection and CDN routing. We don’t run third-party analytics by default. No advertising trackers.

What we use it for

Replying to your enquiry and quoting your project
Letting you sign in to your portal
Showing you project status, files, messages, and invoices
Sending you transactional emails (welcome, invoice, project updates)
Operating, debugging, and protecting the site

We don’t sell or rent your data. We don’t share it for advertising. We don’t profile you across other sites.

Third parties we use

Stripe — payment processing for invoices. Their privacy policy applies to whatever you give them at checkout.
Cloudflare — DNS, CDN, and DDoS protection in front of the site. Sees your IP and requests.
Cloudflare R2 — storage for files you or we upload to your project.
Google (Gmail SMTP) — outbound email delivery. Your email address transits through Google’s servers when we send you anything.

How long we keep things

Project enquiries: indefinitely, in a private inbox, until you ask us to delete them
Active client data: as long as the project is active or hosting is running
After a project ends or hosting is cancelled: 12 months by default, then we wipe it unless you ask us to keep it
Server logs: 30 days
Invoices and payment records: 7 years (US tax requirement)

Cookies

We use cookies for two things: keeping you signed in (a session cookie) and CSRF protection (a security cookie). That’s it. No analytics, no advertising, no tracking pixels.

Your rights

You can ask us to:

Send you a copy of everything we have on file for you
Correct anything that’s wrong
Delete it (we’ll keep what we’re legally required to, like paid invoices for tax records)
Stop emailing you (for non-essential mail — transactional mail tied to an active project still goes out)

Email [email protected] for any of these. We’ll respond within a few business days.

Children

This isn’t a service for anyone under 13. Don’t use the site or the portal if you’re under 13.

Changes to this policy

If we change anything material we’ll update the date at the top and email active clients. Old versions are kept in our git history if you ever want to see what changed.

Honesty disclaimer: This isn’t a substitute for legal advice. If you have specific compliance needs — HIPAA, GDPR, CCPA — tell us before the project starts and we’ll figure out together what additional terms you need.