The controller responsible for the processing of personal data within the meaning of the General Data Protection Regulation (GDPR) is:

‍S.A.P. BASED Studios Ltd
Thessalonikis 28
8028 Paphos
Cyprus

Email: hello@based-studios.com

We take the protection of your personal data very seriously.
Personal data is processed only to the extent necessary to provide a functional website, to respond to inquiries, to communicate with clients, and to fulfill contractual and legal obligations.
‍
All data processing is carried out in accordance with the General Data Protection Regulation (GDPR) and applicable Cyprus data protection laws.
‍
This privacy policy informs you about:
- which personal data we process,
- for what purposes,
- on what legal basis,
- how long data is stored,
- and what rights you have as a data subject.

Personal data is collected in two ways:
‍
a) Data you actively provide
This includes data you voluntarily submit, for example when:
- contacting us via Typeform, email or WhatsApp
- requesting information about our services
- providing project-related information

b) Data collected automatically
When you visit our website, certain technical data is collected automatically by our systems.
This includes:
- anonymized IP address
- browser type and version
- operating system
- date and time of access

This data is collected to ensure the secure and reliable operation of the website and to analyze usage patterns.

This website is hosted using Webflow, a website hosting and content management service provided by:
‍Webflow, Inc.
398 11th Street, 2nd Floor
San Francisco, CA 94103
United States
When you visit our website, Webflow automatically collects and stores information in server log files.

These data may include:
- anonymized IP address
- browser type and version
- operating system
- referrer URL
- date and time of access

The collection of this data is technically necessary to ensure:
- stable website operation
- security
- and error-free content delivery

Webflow may store cookies or similar technologies that are required for the functionality and security of the website. Webflow processes personal data on our behalf as a processor within the meaning of Art. 28 GDPR.
‍
We have concluded a Data Processing Agreement (DPA) with Webflow to ensure GDPR-compliant processing. Data transfers to third countries may occur. In such cases, appropriate safeguards are applied, including Standard Contractual Clauses (SCCs) approved by the European Commission.
‍
‍Legal basis:
Art. 6(1)(f) GDPR (legitimate interest in secure and reliable website operation)

Further information on data processing by Webflow can be found in Webflow’s privacy policy.

Depending on the nature of your interaction with us, we process the following categories of personal data:

a) Contact and identification data
- First and last name
- Company name
- Email address
- Phone number

b) Business and project-related data
- Project inquiries and requirements
- Target audience information
- Business descriptions
- Logos and brand assets provided by clients
- Any additional information necessary for project execution

c) Communication data
- Email correspondence
- WhatsApp messages
- Meeting information from Google Meet

d) Technical and usage data
- IP address (anonymized)
- Browser and device information
- Website interaction data

Our website contains links to external Typeform forms.
When you submit a form, the data entered is transmitted to Typeform and subsequently processed by us.

The following data may be collected:
- Name
- Email address
- Company name
- Business-related inquiry details

The data is used exclusively to:
- respond to your inquiry,
- assess your project request,
- and initiate or prepare a contractual relationship.

‍Legal basis:
Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures)

Email Communication
If you contact us by email, your email address and the content of your message will be stored and processed to respond to your request and for further business communication.


WhatsApp Business
We use WhatsApp Business as a communication channel. WhatsApp is a service of Meta Platforms Ireland Ltd.

When communicating via WhatsApp, personal data such as:
- phone number,
- profile name,
- and message content
may be processed by WhatsApp under their own responsibility.

We have no influence on the data processing carried out by WhatsApp.
Further information can be found in WhatsApp’s privacy policy.


Google Meet
We use Google Meet to conduct video calls and meetings. During meetings, personal data such as names, email addresses, and communication content may be processed.

‍Legal basis for all communication channels:
Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR (legitimate interest in efficient communication)

We use Zoho to manage inquiries, client relationships, and project documentation.

The following data may be stored in Zoho:
- Contact details
- Company information
- Communication history
- Project-related information

All data is processed manually and solely for internal business purposes such as:
- project execution,
- documentation,
- communication,
- and invoicing.

‍Legal basis:
Art. 6(1)(b) GDPR

For the purpose of fulfilling contractual obligations and delivering our services, personal data may be shared with selected partners or service providers.

This may include, in particular:
- development partners
- technical service providers
- contractors involved in project execution

Personal data is shared only to the extent necessary for the respective project and only with partners who are contractually obligated to process data in compliance with GDPR. Personal data is not sold or disclosed to third parties for advertising purposes.

We use analytics and tracking tools to better understand how visitors use our website and to improve functionality, performance, and user experience.


Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies and similar technologies to analyze your use of the website.

The information generated includes:
- visited pages,
- interaction behavior,
- device and browser information,
- anonymized IP address.

We have enabled IP anonymization, meaning your IP address is shortened before processing so that direct personal identification is not possible.

Google processes this data on our behalf to:
- evaluate website usage,
- compile reports on website activity,
- and provide technical services related to website usage.
Data processing only takes place after you have given your explicit consent via the cookie banner. You can revoke your consent at any time via the cookie settings or by adjusting your browser preferences.
‍

Mouseflow
This website also uses Mouseflow, an analytics tool provided by Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark.

Mouseflow records anonymized user interactions such as:
- mouse movements,
- clicks,
- scrolling behavior,
- and visited pages.

These recordings help us understand how users interact with our website and identify usability improvements. Mouseflow does not collect sensitive personal data and does not enable us to identify individual users. Data processing via Mouseflow only occurs after consent is given through the cookie banner.

‍Legal basis:
Art. 6(1)(a) GDPR (consent)

We use cookies exclusively for analytics purposes. Cookies are only set after you have provided your explicit consent via our cookie banner. You may revoke or adjust your consent at any time using the cookie settings.

We may send business-related or marketing information to existing clients. You can object to receiving such communication at any time by contacting us directly or by using an unsubscribe option where available.

‍Legal basis:
Art. 6(1)(f) GDPR (legitimate interest)

We store personal data indefinitely for documentation and business continuity purposes unless:
-you request deletion, or
- statutory retention obligations require a different storage period.

We do not intentionally transfer personal data outside the European Union (EU) or European Economic Area (EEA).

You have the right to:
- access your personal data (Art. 15 GDPR),
- request rectification (Art. 16 GDPR),
- request deletion (Art. 17 GDPR),
- restrict processing (Art. 18 GDPR),
- receive your data in a portable format (Art. 20 GDPR),
- object to processing (Art. 21 GDPR).

You also have the right to lodge a complaint with a supervisory authority.

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

These measures include, in particular:
- access restrictions to personal data,
- limited to authorized persons only
- password-protected systems and accounts
- encrypted connections (SSL/TLS) for data transmission
- secure storage of data in professional business systems (e.g. CRM and email tools)
- regular review and limitation of access rights
- organizational measures to ensure confidentiality and integrity of data

Our security measures are continuously reviewed and adapted in line with technological developments.

We reserve the right to update this privacy policy to reflect changes in legal requirements or technical developments.