This privacy statement is effective 03/22/2026. Please note that this privacy statement will regularly be updated to reflect any changes in the way we handle your personal data or any changes in applicable laws.

This statement tells you everything you need to know about 4tostudio LLC (“4to Studio design”; “we”) and how we protect the personal data we process and control relating to you (“your personal data”; “your data”) and which rights you have in relation to the processing of your personal data.

1. Who We Are — Data Controller

4to Studio LLC is a Florida Limited Liability Company  with its servicing area in Florida, United States of America.

For the purposes of the EU General Data Protection Regulation (GDPR) and equivalent privacy laws, 4to Studio LLC is the data controller of personal data collected through this website and in connection with our services. This means we determine the purposes and means of processing your personal data.

Contact for privacy matters:  yourdata@4tostudio.com

2. Scope of This Policy

This policy applies to:

–  Visitors to 4tostudio.com and any associated web pages

–  Individuals who submit inquiries via our website contact forms or Jotform

–  Existing and prospective clients and their representatives

–  Suppliers, vendors, and business contacts

–  Individuals who communicate with us by email, telephone, or social media

This policy does not apply to third-party websites linked from our site. We encourage you to review the privacy policies of any third-party sites you visit.

3. What Personal Data We Collect

3.1  Data You Provide Directly

When you interact with us, you may provide:

–  Identity data: first name, last name, job title, company name

–  Contact data: email address, phone number, mailing address

–  Project and business data: descriptions of your project brief, budget range, service requirements

–  Communication data: the content of emails, messages, and form submissions you send us

–  Survey responses: feedback and satisfaction survey responses (submitted voluntarily)

3.2  Data Collected Automatically

When you visit our website, we automatically collect:

–  Technical data: IP address, browser type and version, operating system, device type

–  Usage data: pages viewed, time spent on pages, links clicked, traffic sources, referring URLs

–  Cookie data: see Section 7 (Cookies and Tracking Technologies) for full details

–  Location data: general geographic region derived from IP address (not precise geolocation)

3.3  Data We Do Not Collect

4to Studio does not collect or process:

–  Sensitive personal data (racial/ethnic origin, health data, biometric data, political opinions, religious beliefs, sexual orientation) unless you voluntarily and explicitly provide it

–  Neural data or brain-computer interface data

–  Precise geolocation data

–  Data from individuals under 16 years of age (see Section 12 — Children’s Privacy)

–  Social Security Numbers or government-issued identification numbers

4. How We Use Your Personal Data

We use your personal data only for the following specific purposes and on the following legal bases:

We will never use your personal data for purposes that are incompatible with those disclosed above, unless required by law or you have given explicit consent.

5. Do We Sell or Share Your Personal Data?

No. 4to Studio does not sell, rent, trade, or share your personal data with third parties for monetary consideration or for cross-context behavioural advertising purposes. We have not done so in the past 12 months and do not intend to do so.

If this practice were ever to change, we would update this policy and provide you with a clear opt-out mechanism before any such sharing occurred. California residents retain the right to opt out of the sale or sharing of personal data under CCPA/CPRA at any time by contacting us at hola@4tostudio.com.

6. Who We Share Your Personal Data With

We may share your personal data with trusted third-party service providers who assist us in operating our business. These include:

–  Email and communication platforms (e.g. Gmail / Google Workspace) — to manage client correspondence

–  Form and survey tools (e.g. Jotform) — to receive and process enquiry submissions

–  Website hosting and analytics (e.g. WordPress/Jetpack, Google Analytics) — to operate and improve our website

–  Project management tools (e.g. Asana) — to manage project workflows

–  Electronic signature platforms (e.g. DocuSign) — to execute contracts

–  Cloud storage providers (e.g. Google Drive) — to store project files securely

–  Accounting and invoicing software — to manage financial records

–  Professional advisors (accountants, attorneys) — where necessary for legal or financial obligations

All third-party service providers are required to handle your data in accordance with applicable privacy laws and are prohibited from using your data for any purpose other than providing services to us. We do not authorise our service providers to sell or share your data.

We do not transfer personal data to countries outside the United States or the European Economic Area (EEA) unless appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or an adequacy decision by the European Commission. Where transfers occur, we will ensure your data receives an equivalent level of protection.

7. Cookies and Tracking Technologies

7.1  What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They allow the website to recognise your device, remember your preferences, and collect usage information.

7.2  Cookies We Use

7.3  Your Cookie Choices

You may accept or decline non-essential cookies using the cookie consent banner displayed when you first visit our website. You may also update your preferences at any time.

In addition, you may control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our website.

7.4  Global Privacy Control (GPC)

We recognise and honour the Global Privacy Control (GPC) browser signal. If your browser is configured to send a GPC signal, we will treat this as an opt-out of the sale or sharing of your personal data. We will not override or disregard GPC signals.

8. Artificial Intelligence and Automated Processing

8.1  Use of AI Tools

4to Studio may use AI-powered tools as part of our creative workflow (including but not limited to generative imagery, text assistance, and motion graphics production). Where AI tools process data submitted by you (such as project briefs or content), this is done solely to fulfil our service obligations. We do not use your data to train AI models without your explicit consent.

8.2  Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects about you without human review. If we were to implement such processes, we would notify you and provide the right to request human review, to contest the decision, and to obtain an explanation of the logic involved, in accordance with GDPR Article 22 and CCPA ADMT regulations.

8.3  EU AI Act Compliance

4to Studio does not operate AI systems classified as high-risk under the EU AI Act (Regulation (EU) 2024/1689). We do not use AI systems for biometric identification, critical infrastructure, employment decisions, or systems that manipulate human behaviour. Our use of AI tools falls within the low-risk category and we maintain transparency with clients about AI contributions to deliverables upon request, consistent with our Terms and Conditions.

9. How Long We Retain Your Data

We retain your personal data only for as long as necessary for the purposes described in this policy. The following retention periods apply:

When data is no longer required, we securely delete or anonymise it. You may request earlier deletion of your data subject to the limitations described in Section 10.

10. Your Privacy Rights

Depending on your location, you may have some or all of the following rights regarding your personal data. We will respond to all verified requests within 45 days (extendable by a further 45 days where necessary).

10.1  Rights Available to All Individuals

–  Right of Access: Obtain confirmation of whether we hold your data and receive a copy of it

–  Right to Rectification: Request correction of inaccurate or incomplete data

–  Right to Erasure (‘Right to be Forgotten’): Request deletion of your data, subject to legal retention obligations

–  Right to Restrict Processing: Request that we limit how we use your data in certain circumstances

–  Right to Object: Object to processing based on legitimate interests or for direct marketing

–  Right to Data Portability: Receive your data in a structured, machine-readable format

–  Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior processing

10.2  Additional Rights for California Residents (CCPA/CPRA)

–  Right to Know: Request disclosure of the categories and specific pieces of personal information collected, used, disclosed, or sold in the past 12 months

–  Right to Correct: Request correction of inaccurate personal information

–  Right to Delete: Request deletion of personal information collected from you

–  Right to Opt-Out of Sale/Sharing: Opt out of the sale or sharing of personal information (we do not sell data — see Section 5)

–  Right to Limit Use of Sensitive Personal Information: Restrict our use of sensitive personal information to necessary purposes

–  Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights

–  Authorised Agent: You may designate an authorised agent to submit requests on your behalf

To exercise California rights, contact us at hola@4tostudio.com with the subject line ‘California Privacy Request’ and specify the right you wish to exercise. We will verify your identity before processing the request. We respond to verifiable requests at no charge.

10.3  Rights for EEA/UK Residents (GDPR/UK GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have the right to lodge a complaint with your local supervisory authority if you believe we have not handled your data in accordance with the GDPR. A list of EEA supervisory authorities is available at edpb.europa.eu. The UK supervisory authority is the Information Commissioner’s Office (ico.org.uk).

11. Data Security

We maintain appropriate technical, physical, and organisational security measures to protect your personal data from unauthorised access, disclosure, alteration, loss, or destruction. These include:

–  Encrypted storage and transmission (HTTPS/SSL across all web properties)

–  Access controls limiting data access to authorised personnel only

–  Regular review of our data processing practices and service provider agreements

–  Use of reputable, security-certified third-party platforms (Google Workspace, DocuSign, Asana)

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

Data Breach Notification

In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (GDPR requirement). Where the breach is likely to result in a high risk to your rights, we will also notify you directly without undue delay. Under Florida law (Florida Information Protection Act, Fla. Stat. § 501.171), we will notify affected Florida residents within 30 days of discovery of a breach involving their personal data.

12. Children’s Privacy

Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us immediately at hola@4tostudio.com and we will delete that information promptly.

If we become aware that we have collected personal data from a child under 16 without verifiable parental consent, we will take steps to remove that information from our systems as soon as practicable.

13. International Data Transfers

4to Studio is based in the United States. If you are located outside the USA — including in the European Economic Area, United Kingdom, Latin America, or elsewhere — your personal data may be transferred to and processed in the USA, which may not provide the same level of data protection as your home country.

Where we transfer personal data from the EEA or UK to the USA or other third countries, we implement appropriate safeguards including:

–  Standard Contractual Clauses (SCCs) as approved by the European Commission (for EEA transfers)

–  The UK International Data Transfer Agreement (IDTA) or addendum (for UK transfers)

–  Adequacy decisions where applicable

You may request a copy of the safeguards in place for international transfers by contacting hola@4tostudio.com.

14. Marketing Communications

We send commercial emails and marketing communications only to individuals who have: (a) provided consent; or (b) with whom we have an existing business relationship and who have not opted out, in accordance with the CAN-SPAM Act and applicable marketing laws.

Every marketing communication we send includes a clear and conspicuous opt-out mechanism. You may opt out at any time by:

–  Clicking the ‘unsubscribe’ link in any marketing email

–  Contacting us at yourdata@4tostudio.com with the subject line ‘Unsubscribe’

We use Jotform for email distribution. Our marketing emails may include web beacons and tracking pixels that indicate whether an email was opened and which links were clicked, solely to measure campaign effectiveness. You may disable this tracking by disabling HTML email rendering in your email client.

We maintain CRM records of business contacts. If you wish to be removed from our CRM database entirely, contact yourdata@4tostudio.com. We will retain a minimal record noting your opt-out status to ensure we do not contact you again.

15. Third-Party Links and Services

Our website may contain links to third-party websites including our social media profiles (LinkedIn, Instagram, Behance, Vimeo). These third-party sites have their own privacy policies and we do not accept responsibility for their content or practices. We encourage you to review their policies before providing any personal information.

Our website uses Google Analytics, operated by Google LLC. Google Analytics collects usage data through cookies. For information on how Google uses this data, see: policies.google.com/technologies/partner-sites. You may opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on: tools.google.com/dlpage/gaoptout.

16. Notice to California Residents — CCPA/CPRA

This section applies exclusively to California residents and provides information as required by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (CPRA).

Categories of Personal Information Collected in the Last 12 Months

To submit a California privacy rights request, contact us at hola@4tostudio.com with subject line ‘California Privacy Request’. We will verify your identity and respond within 45 days. We do not charge a fee for requests unless they are excessive or repetitive.

17. Notice to Florida Residents

4to Studio is a Florida-based LLC and complies with the Florida Information Protection Act (FIPA). In the event of a security breach involving Florida residents’ personal data, we will notify affected individuals within 30 days of discovery. Notification will be provided by email to the address you have provided to us, or by mail if email is unavailable.

Florida residents may exercise the same data access, correction, and deletion rights described in Section 10 by contacting yourdata@4tostudio.com.

18. Updates to This Privacy Policy

We will update this privacy policy periodically to reflect changes in applicable laws, our business practices, or the data we collect. Material changes will be communicated by posting a notice on our website and updating the ‘effective date’ at the top of this policy.

We recommend reviewing this policy at least annually. Your continued use of our website after any update constitutes acceptance of the revised policy. If we make changes that significantly affect your rights, we will provide more prominent notice or seek your consent where required.

This policy should be reviewed annually, and whenever there is a material change to our data practices, technology stack, or applicable law. Recommended next review: March 2027.

19. Contact Us

For all privacy-related questions, requests, or complaints, please contact us:

Email:  yourdata@4tostudio.com subject line: ‘Privacy Request’

We aim to respond to all privacy requests within 45 days. For EEA/UK residents, you also have the right to lodge a complaint with your local data protection supervisory authority if you are not satisfied with our response.