Data protection

Privacy policy

This page explains what personal data Shopkeep Studio processes, why, on what legal basis, and the rights you have over it. It follows the EU General Data Protection Regulation (GDPR).

Overview

We take the protection of personal data seriously. This policy explains how Shopkeep Studio ("we", "us") processes personal data when you visit this website and when we contact businesses about our services.

Who is responsible (data controller)

Shopkeep Studio
Contact: [email protected]

Shopkeep Studio is an independent web studio operated from Germany. Full controller contact details are available on request by email. We have not appointed a Data Protection Officer, as we are not legally required to.

Visiting this website

Hosting & server logs

This site is hosted on Cloudflare Pages (Cloudflare, Inc.). When you load a page, Cloudflare automatically processes technical data needed to deliver it and to keep the service secure — including your IP address, the requested page, browser type, and the date and time of the request. This is necessary to operate the website and is based on our legitimate interest in a secure, functioning site (Art. 6(1)(f) GDPR).

Cloudflare is a US provider and may process this data on servers outside the EU. Such transfers are covered by the EU Standard Contractual Clauses and Cloudflare's data-protection framework commitments. See Cloudflare's privacy policy: cloudflare.com/privacypolicy.

Fonts & assets

All fonts and scripts are served from this website itself. We do not load fonts, analytics, tracking pixels, or advertising from third parties, and this site sets no cookies.

Contacting us by email

If you email us, we process the address and the content of your message to reply and to handle your request. The legal basis is our legitimate interest in responding (Art. 6(1)(f) GDPR), or — where your message concerns a possible contract — the performance of pre-contractual steps (Art. 6(1)(b) GDPR). We keep such correspondence only as long as needed to deal with it and to meet any legal retention obligations.

Business outreach

Part of what we do is introduce our web-design service to local businesses in the United States that do not appear to have a website. To do this we process a limited amount of business contact data. Because a business email or a sole trader's details can relate to an identifiable person, GDPR can apply, so we explain it here.

What data, and where it comes from

We collect this from publicly available sources — for example OpenStreetMap and publicly listed business information. We do not buy contact lists, and we do not process special categories of data.

Why, and on what legal basis

We use this data to send a single, personalised introduction to businesses that may benefit from a website, offering a free preview. The legal basis is our legitimate interest in direct B2B outreach for our services (Art. 6(1)(f) GDPR). We have weighed this against the recipient's interests: we contact businesses (not consumers) at their business address, about a service relevant to their trade, once, with a clear and free opt-out. We target US recipients only.

Opting out

You can opt out at any time — simply reply to the email and say so, or write to [email protected]. We will stop contacting you and add your address to a suppression list so it is not contacted again.

How long we keep it

We keep outreach contact data only as long as needed for the outreach and any follow-up you welcome, and we delete it when it is no longer needed or on request. If you opt out, we retain the minimum needed (your email address on a suppression list) purely to make sure we do not contact you again.

Service providers we use

These providers act on our instructions under data-processing agreements. Where they process data outside the EU, appropriate safeguards (such as EU Standard Contractual Clauses) are in place.

Your rights

Under the GDPR you have the right to:

To exercise any of these, email [email protected]. You also have the right to complain to a supervisory authority — in Germany, the data-protection authority of the federal state in which the controller is established.

Contact & changes

For any privacy question, contact us at [email protected].

We may update this policy as our service changes; the current version always lives at this address.

Last updated: 10 July 2026