Privacy Policy

Who I am

Yes Please Studio is operated by Eric Stein-Beldring, a sole trader based in Oslo, Norway. Data controller: Eric Stein-Beldring, [email protected].

What data I collect

I collect data in two ways:

• Contact form. When you submit the contact form, I collect your name, email address, the engagement type you selected, and your message. This data is sent to [email protected] via Resend (see third-party services below).
• Analytics. If you accept analytics, I collect session data via PostHog (see below): pages visited, time on site, and interaction data such as clicks and navigation within the site. If you decline, no analytics is collected in your browser.
• Contact form delivery data. When you submit the contact form, a single event is recorded on the server in PostHog noting that a message was received and which engagement type you selected. This does not include your name, email, or message text. It is recorded whether or not you accepted analytics, so I can tell whether the contact form is working.

Why I collect it

• Contact form data is used solely to respond to your inquiry.
• Analytics data is used to understand which pages and services are most relevant to visitors, so I can improve the site and offerings.

How long I keep it

Contact form submissions are retained in email for as long as necessary to manage the business relationship, typically up to three years. Analytics data is retained per PostHog's default retention settings.

Third-party services

• PostHog (analytics). EU cloud (eu.i.posthog.com). Data is stored on PostHog servers in the EU. In-browser analytics uses local storage and runs only after you explicitly accept analytics. PostHog privacy policy: posthog.com/privacy.
• Resend (email delivery). Used to deliver contact form submissions to [email protected]. Resend processes message data in transit but does not store it as a CRM record. Resend privacy policy: resend.com/legal/privacy-policy.
• Cal.com (booking). If you use the Cal.com booking link, you are subject to Cal.com's privacy policy: cal.com/privacy. I do not control data you submit directly to Cal.com.
• Railway (hosting). The site runs on Railway. Railway processes server request data, including IP addresses in standard server logs, to deliver the site. Railway is a US-based provider. Railway privacy policy: railway.com/legal/privacy.
• Cloudflare (content delivery and security). All traffic to this site is routed through Cloudflare, which provides caching, encryption in transit, and protection against abuse. Cloudflare processes visitor IP addresses and request metadata for this purpose. Cloudflare is a US-based provider. Cloudflare privacy policy: cloudflare.com/privacypolicy.

International data transfers

Analytics data is stored in the EU. Some providers above — Resend, Railway, and Cloudflare — are US-based, which means limited personal data (such as IP addresses, and contact form contents while in transit) may be processed outside the European Economic Area. Where that happens, the transfer relies on the provider's Standard Contractual Clauses or an equivalent GDPR-recognized safeguard.

Your rights under GDPR

If you are in the European Economic Area, you have the following rights:

• Access. Request a copy of your personal data.
• Rectification. Request that inaccurate data is corrected.
• Erasure. Request that your data is deleted.
• Restriction. Request that I limit how I process your data.
• Portability. Request your data in a portable format.
• Objection. Object to processing based on legitimate interests.

To exercise any of these rights, email [email protected]. I will respond within 30 days.

Cookies and local storage

This site does not use tracking cookies. Analytics, if you accept it, runs through PostHog using your browser's local storage rather than cookies. The consent banner at the bottom of the page lets you accept or decline, and your choice is saved in local storage and respected on future visits.

Contact

Questions about this policy: [email protected].