PRIVACY POLICY

Last updated: May 2026

IMPORTANT: This Privacy Policy explains how RenderForm Studio ("RenderForm," "we," "us," or "our") collects, uses, stores, and protects your personal data when you visit our Website (renderform.co / renderform.studio) and use our Services. This policy is designed to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Please read this Privacy Policy carefully. If you do not agree with this policy, please do not use our Website or Services.

1. Who We Are (Data Controller)

For the purposes of data protection law, the data controller is:

RenderForm Studio
An individual enterprise established under the laws of Georgia
Operated by Zurabi Mushkudiani
Address: Rustaveli Street 21, Tbilisi, Georgia
Email: legal@renderform.studio

Our Representative in the EU (if required): We currently do not maintain a permanent establishment in the EU. If you are in the EU and have data protection concerns, please contact us directly at the address above. Pursuant to Article 27 GDPR, we have not yet designated an EU representative, as we assess our obligations on an ongoing basis in relation to the scale and nature of our processing activities.

2. What Personal Data We Collect

We collect and process the following categories of personal data:

2.1 Contact and Identification Data

Full name
Email address
Phone number (if provided)
Company or organization name (if applicable)
Professional title or role (if applicable)

2.2 Project-Related Data

Project descriptions and requirements
Architectural drawings, plans, CAD files, and reference materials you upload
Feedback, comments, and communication related to your project
Project history and records of services provided

2.3 Payment Data

Payment card information (processed securely by Stripe; we do not store full card details on our servers)
Billing address
Transaction history and invoices

2.4 Technical and Usage Data

IP address
Browser type and version
Operating system
Device information
Referral source (how you found our Website)
Pages visited, time spent on pages, and interaction data
Date and time of visits

2.5 Marketing and Communications Data

Your preferences for receiving marketing communications
Your communication history with us
Responses to surveys or feedback requests

2.6 Data from Third Parties

Information from analytics providers (e.g., Google Analytics) about your use of our Website
Information from advertising partners (e.g., Meta Pixel) regarding your interactions with our ads
Publicly available professional information (e.g., from LinkedIn or company websites, if you are a business contact)

3. How We Collect Your Data

We collect personal data through:

Direct interactions: When you fill out our contact form (via Tally.so), send us an email, call us, or communicate with us through any channel.
Automated technologies: When you browse our Website, we automatically collect technical data using cookies, server logs, and similar technologies. See our Cookie Policy below for details.
Third-party integrations: When you interact with our Website, data is collected through Google Analytics 4 and Meta Pixel.
Payment processing: When you make a payment, Stripe collects and processes your payment details.
CRM records: We store project and client records in Notion.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

PurposeLegal BasisTo provide our architectural rendering Services, including project management, communication, and deliveryPerformance of a contract (Art. 6(1)(b) GDPR)To process payments and maintain financial recordsPerformance of a contract; Legal obligation (Art. 6(1)(b) & (c) GDPR)To communicate with you about your project, respond to inquiries, and provide customer supportPerformance of a contract; Legitimate interests (Art. 6(1)(b) & (f) GDPR)To manage our relationship with you, including sending service-related noticesPerformance of a contract; Legitimate interests (Art. 6(1)(b) & (f) GDPR)To analyze Website usage, improve our Website and Services, and troubleshoot issuesLegitimate interests (Art. 6(1)(f) GDPR)To deliver targeted advertising and measure the effectiveness of our marketing campaigns (e.g., through X/Twitter, Meta)Consent (Art. 6(1)(a) GDPR)To maintain our CRM and business recordsLegitimate interests; Legal obligation (Art. 6(1)(f) & (c) GDPR)To protect our legal rights, prevent fraud, and ensure securityLegitimate interests; Legal obligation (Art. 6(1)(f) & (c) GDPR)To comply with applicable legal and tax obligationsLegal obligation (Art. 6(1)(c) GDPR)

Legitimate Interests

Our legitimate interests include: operating and managing our business; maintaining accurate records; improving our Services and Website; ensuring network and information security; and direct marketing to existing clients about similar services (where permitted by law without separate consent).

5. Cookies and Similar Technologies

We use cookies and similar tracking technologies to collect technical and usage data. For detailed information, please see our Cookie Policy below.

6. Data Sharing and Third-Party Processors

We do not sell your personal data. We share your data only with the following categories of recipients, and only to the extent necessary for the purposes described above:

6.1 Service Providers (Data Processors)

ProcessorPurposeLocationFramerWebsite hosting and content deliveryUnited StatesTally.soContact form processing and data collectionEuropean UnionNotionCustomer relationship management (CRM), project records, and internal documentationUnited StatesStripePayment processing and fraud preventionUnited States / EU (as applicable)Google Analytics 4Website analytics and usage statisticsUnited StatesMeta Platforms, Inc.Advertising analytics and conversion tracking (Meta Pixel)United States

We have entered into or will enter into data processing agreements with these processors where required by law, to ensure they process your data only on our instructions and in compliance with applicable data protection law.

6.2 Professional Advisers

We may share data with our legal, accounting, and insurance advisers where necessary to protect our interests or comply with legal obligations.

6.3 Legal and Regulatory Authorities

We may disclose personal data if required to do so by law, court order, or regulatory authority, or to protect our rights, property, or safety, or that of others.

6.4 Business Transfers

If RenderForm undergoes a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal data.

7. International Data Transfers

RenderForm Studio is based in Georgia, which is outside the European Economic Area (EEA). Your personal data will be processed in Georgia and may be transferred to and processed in countries outside your jurisdiction, including the United States and the European Union, where our service providers operate.

When we transfer personal data from the EEA, UK, or other jurisdictions requiring safeguards to countries not deemed to provide an adequate level of data protection (such as the United States), we implement appropriate safeguards, including:

Standard Contractual Clauses (SCCs): We rely on EU Commission-approved Standard Contractual Clauses for transfers to our processors, where applicable.
Adequacy Decisions: For transfers to countries with an EU adequacy decision (e.g., Tally.so in the EU), no additional safeguards are required.
Contractual and technical measures: We ensure our processors provide appropriate contractual, technical, and organizational protections.

By using our Services, you acknowledge and consent to the transfer of your data to Georgia and other countries as described above. If you are in the EEA, you have the right to request a copy of the safeguards we use for international transfers by contacting us.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

Data CategoryRetention PeriodContact and project data (active clients)For the duration of our business relationship, plus 3 yearsFinancial and transaction records7 years (to comply with tax and accounting obligations)Marketing data (with consent)Until you withdraw consent, or 3 years from last interactionWebsite analytics and cookie data26 months (for Google Analytics) or as specified in our Cookie PolicyCommunication records3 years from last interactionBackup dataUp to 2 years beyond primary retention periods

After the applicable retention period, we will securely delete or anonymize your personal data, unless longer retention is required or permitted by law.

9. Your Data Protection Rights

Depending on your location and applicable law, you have the following rights regarding your personal data:

9.1 Right of Access (Art. 15 GDPR)

You have the right to request confirmation of whether we process your personal data, and if so, to request a copy of that data and information about how it is processed.

9.2 Right to Rectification (Art. 16 GDPR)

You have the right to request that we correct any inaccurate or incomplete personal data.

9.3 Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)

You have the right to request deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purposes for which it was collected, or when you withdraw consent and there is no other legal basis for processing.

9.4 Right to Restrict Processing (Art. 18 GDPR)

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to our processing.

9.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller, where processing is based on consent or contract and is carried out by automated means.

9.6 Right to Object (Art. 21 GDPR)

You have the right to object to the processing of your personal data based on legitimate interests, including profiling. You also have the right to object to direct marketing at any time.

9.7 Right to Withdraw Consent (Art. 7 GDPR)

Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

9.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that our processing of your personal data infringes applicable data protection law.

9.9 Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

How to Exercise Your Rights

To exercise any of your rights, please contact us at legal@renderform.studio. We will respond to your request within one month of receipt, or within two months if the request is complex. We may need to verify your identity before fulfilling your request. There is no fee for exercising your rights, but we may charge a reasonable fee or refuse to act on manifestly unfounded or excessive requests.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

Encryption of data in transit (TLS/SSL)
Access controls and authentication measures for our systems
Regular security assessments and software updates
Confidentiality obligations binding our staff and processors
Secure backup procedures

While we take these precautions, no internet transmission or electronic storage is completely secure. We cannot guarantee absolute security, but we continuously work to protect your data.

11. Children's Privacy

Our Services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately, and we will delete such information.

12. Your Choices and Marketing Communications

12.1 Marketing Opt-Out

If you have consented to receive marketing communications, you can opt out at any time by:

Clicking the "unsubscribe" link in any marketing email;
Contacting us at legal@renderform.studio; or
Updating your preferences through any preference center we provide.

12.2 Cookies and Tracking

You can manage your cookie preferences through our cookie consent mechanism on the Website or through your browser settings. See our Cookie Policy below for more information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will post the updated Privacy Policy on our Website with a revised "Last updated" date. Material changes will be communicated to you directly where required by law. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Supervisory Authorities

If you are in the EU and wish to lodge a complaint, you may contact the data protection supervisory authority in your country. A list of EU data protection authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en