Privacy Policy

Last updated: April 15, 2026

This Privacy Policy describes how ARCH-S Design Studio OÜ ("ARCH-S", "we", "our", or "us") collects, uses, and protects your personal data when you visit our website, purchase our digital architectural plans, or contact us. We are committed to compliance with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.

1. Data Controller

ARCH-S Design Studio OÜ, a private limited company incorporated in Estonia, is the data controller responsible for your personal data.

• Contact email: archs.contact@gmail.com
• Registered office: Tallinn, Estonia

2. Information We Collect

2.1 Information you provide directly

• Email address: when you subscribe to our newsletter or sign up for updates.
• Name, billing details, and payment information: when you purchase a plan. Payment data is processed by our payment provider (Stripe) — we do not store your full card details on our servers.
• Correspondence: any information you share when you email us or contact customer support.

2.2 Information collected automatically

• Usage data: IP address, browser type, device type, pages visited, time spent, and referring URLs.
• Cookies and similar technologies (see Section 7).
• Advertising and analytics data from Meta Pixel (Facebook/Instagram) to measure ad performance and show relevant ads. Specifically, our Meta Pixel (ID 25307382845521504) fires the following standard events: PageView (on every page load), ViewContent (when you view a product page), Lead (when you submit the newsletter form), InitiateCheckout (when you click a "Get Build-Ready Plans" button that redirects to Stripe), and Purchase (after you complete a payment on our thank-you page). These events include information such as the plan viewed or purchased, its price in USD, and a hashed identifier for deduplication.
• Chat interaction data collected by Tawk.to when you open the chat widget, including messages you send, your IP address, the page you were on, and any contact details you share with our AI assistant or human agent.

3. How We Use Your Data

We process your personal data for the following purposes:

• To deliver the digital plans you purchased and provide customer support.
• To process payments through our payment provider.
• To send you transactional emails (order confirmations, download links).
• To send you marketing emails about new plans and updates, only if you opt in.
• To measure and improve the performance of our website and marketing campaigns.
• To comply with legal obligations, prevent fraud, and enforce our terms.

4. Legal Basis for Processing (GDPR)

• Performance of a contract — to deliver your purchased plans and process payments.
• Consent — for marketing emails and non-essential cookies. You may withdraw consent at any time.
• Legitimate interest — to secure our website, prevent fraud, and improve our services.
• Legal obligation — to comply with tax, accounting, and consumer protection laws.

5. Sharing Your Data

We do not sell your personal data. We share it only with trusted third parties that help us operate the business:

• Stripe — payment processing. Stripe Privacy Policy
• Meta (Facebook/Instagram) — advertising and conversion tracking via Meta Pixel. Meta Privacy Policy
• Tawk.to — live chat widget and AI assistant; processes chat transcripts and visitor metadata. Tawk.to Privacy Policy
• Google (Apps Script + Sheets) — newsletter email capture; the signup form posts to a Google Apps Script webhook that writes entries to a Google Sheet. Google Privacy Policy
• Calendly — scheduling for the free 30-minute Discovery Call. Calendly Privacy Policy
• Sketchfab — 3D model viewer embedded on product pages. Sketchfab Privacy Policy
• Vercel — website hosting. Vercel Privacy Policy

6. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA), including the United States. When we transfer your data outside the EEA, we rely on Standard Contractual Clauses approved by the European Commission to ensure adequate protection.

7. Cookies

We use the following types of cookies:

• Strictly necessary cookies — required for core website functionality.
• Analytics cookies — to understand how visitors use our site.
• Advertising cookies — set by Meta Pixel to measure ad performance and show relevant ads.

You can control cookies through your browser settings. Disabling cookies may affect website functionality.

8. Data Retention

• Order and billing records: 7 years (required by Estonian accounting law).
• Email newsletter subscribers: until you unsubscribe.
• Analytics data: up to 26 months.
• Correspondence: up to 3 years after the last interaction.

9. Your Rights (GDPR)

Under GDPR, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
• Restrict or object to our processing of your data.
• Request data portability.
• Withdraw consent at any time.
• Lodge a complaint with your local data protection authority. In Estonia, this is the Estonian Data Protection Inspectorate.

To exercise any of these rights, email us at archs.contact@gmail.com.

9.1 California Residents (CCPA / CPRA)

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

• The right to know what personal information we collect, use, and share.
• The right to request deletion of your personal information.
• The right to correct inaccurate personal information.
• The right to opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising.
• The right to non-discrimination for exercising your privacy rights.

We do not sell your personal information for money. However, the use of Meta Pixel for advertising may be considered "sharing" under CPRA. To opt out, email archs.contact@gmail.com with the subject "CCPA Opt-Out" and we will stop sharing your data with Meta for advertising purposes.

10. Security

We implement industry-standard technical and organizational measures to protect your personal data. However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

11. Children

Our website is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new "Last updated" date. We encourage you to review this policy periodically.

13. Contact

If you have questions about this Privacy Policy or how we handle your personal data, please contact us at:

ARCH-S Design Studio OÜ
Email: archs.contact@gmail.com