Legal · EASE°
Privacy Policy
EASE° STUDIO
Last updated: June 16, 2026 Effective date: June 16, 2026
1. Who we are
This Privacy Policy explains how EASE° STUDIO ("EASE°", "we", "us", "our") collects, uses, shares, and protects personal information when you visit https://easedesigned.com and any related pages or campaign landing pages we operate (together, the "Site"), contact us, or engage us for brand, web, and motion design services.
We are the controller of the personal information described here, except where this Policy states that we act together with a third party (see Section 8 — Sharing with Meta and joint controllership).
Controller / contact details
| Trading name | EASE° STUDIO |
| Privacy contact (email) | [email protected] |
2. The short version
We keep this brief because we respect your attention.
- We run a small, content-light marketing site and we advertise on Meta platforms (Facebook and Instagram).
- To measure and improve those ads, our Site uses the Meta Pixel and the Meta Conversions API (CAPI). These tools share certain data about your visit and actions with Meta Platforms, Inc. / Meta Platforms Ireland Ltd.
- In the EEA, the UK, and similar regions, we only load advertising and analytics tools after you give consent through our cookie banner. You can change your mind at any time.
- We collect contact-form details when you choose to start a project with us, and we use them only to reply and to scope work.
- We do not sell your personal information for money. Some ad-related data sharing may count as a "sale" or "sharing" under California law — you can opt out at any time (see Section 13).
- You have rights over your data — access, correction, deletion, objection, and withdrawing consent. Email [email protected] to use them.
The rest of this Policy is the detail behind those points.
3. The data we collect
We collect the categories below. Not every visitor generates every category — for example, if you never submit a form, we hold no contact details from you, and if you decline non-essential cookies, we do not load the advertising tools described here.
3.1 Information you give us directly
| Data | Where it comes from | Notes |
|---|---|---|
| Name | Contact / "Start a project" form | Required to address a reply |
| Email address | Contact form (#cf-email) |
Required to reply |
| Company / brand name | Contact form | Optional |
| Project details, budget, timeline, message | Contact form free-text | Whatever you choose to tell us |
| Email correspondence | Replies to [email protected] | Including any attachments you send |
Please don't send us special-category data (health, religion, political views, etc.) or other people's personal data through the form — we don't need it to scope a design project.
3.2 Information collected automatically when you browse
When you visit the Site, certain data is collected automatically by your browser and by the tools we load (subject to consent for non-essential tools):
| Data | Purpose / source |
|---|---|
| IP address | Transmitted by your browser to our hosting/CDN and to Meta when the Pixel/CAPI run. Used for security, fraud prevention, approximate (city/region-level) geolocation, and ad measurement. Treated as personal data. |
| Device & browser data | Device type, operating system, browser type and version, screen/viewport size, language, referring URL, and similar technical attributes. |
| Usage & event data | Pages and landing pages viewed, time on page, scroll/interaction with key sections, clicks on calls-to-action (e.g. "Start a project"), form-view and form-submit events, and outbound clicks. |
| Cookies & similar identifiers | Including Meta's _fbp and _fbc identifiers — see the Cookie Policy in Section 12. |
| Approximate location | Inferred from IP at city/region level. We do not collect precise GPS location. |
3.3 Meta Pixel and Meta Conversions API (CAPI) data
We use two complementary Meta measurement tools that often describe the same events:
- the Meta Pixel — JavaScript that runs in your browser; and
- the Meta Conversions API (CAPI) — a server-side connection that sends equivalent event data from our server/tooling to Meta.
When active (after consent where required), these tools collect and transmit to Meta information such as:
- Event data — which pages you viewed and which actions you took (e.g.
PageView,ViewContent,Lead/Contactwhen you submit the project form), plus event time and the URL where it happened. - Meta cookie identifiers — the
_fbp(browser/Pixel ID) and_fbc(click ID, derived from thefbclidparameter when you arrive from a Meta ad) values. - Technical data — IP address, user-agent (browser/device string), and page/referrer information.
- Advanced-matching identifiers (hashed) — where Advanced Matching is enabled, identifiers used to match the event to a Meta account, such as email, name, phone, city, state/region, postal code, and country. These identifiers are hashed using SHA-256 before they are sent to Meta — Meta does not receive these fields in plain text from this matching process. Hashing reduces, but does not entirely eliminate, the identifiability of the data.
We use Pixel + CAPI together to measure ad performance more accurately and to reduce duplicate or lost events caused by browser restrictions and ad blockers. Event deduplication (matching the browser event and the server event via a shared event ID) is used so the same action is not counted twice.
What this means in plain terms: if you click one of our Facebook or Instagram ads and later submit the project form, Meta can be told "a person matching this hashed email completed a Lead on EASE°'s site," so we can understand which ads actually bring the right clients. You can prevent this by declining advertising cookies (see Section 12) and by using the California opt-out (see Section 13).
3.4 Information from third parties
- Meta may provide us with aggregated, de-identified reporting and audience insights about our ad campaigns (e.g. reach, cost per result, broad audience demographics). This reporting does not identify you individually to us.
- Service providers listed in Section 9 may provide us with technical and security logs relating to your use of the Site.
3.5 We do not knowingly collect
- Payment card numbers — we do not take payments through the Site.
- Precise geolocation.
- Data from children (see Section 15).
4. How and why we use your data (purposes)
| Purpose | What it involves | Categories of data |
|---|---|---|
| Respond to enquiries & scope work | Reading and replying to your form submission or email, preparing proposals, scheduling calls | Name, email, company, message, correspondence |
| Provide design services | Delivering an engagement once you become a client, project communications | Contact and project data |
| Advertising & campaign measurement | Running Meta ads; measuring conversions via Pixel + CAPI; understanding which campaigns work; building/refining audiences | Event data, IP, device/browser, _fbp/_fbc, hashed advanced-matching identifiers |
| Retargeting & lookalike audiences | Showing relevant ads to people who visited the Site and reaching similar audiences on Meta | Event data, Meta cookie identifiers |
| Site analytics & improvement | Understanding traffic and how pages perform so we can improve them | Usage data, device/browser, approximate location |
| Security, fraud prevention & abuse | Protecting the Site and our systems, spam filtering on the form, logging | IP, device/browser, usage data |
| Legal & compliance | Keeping records, responding to lawful requests, defending claims, demonstrating consent | Relevant data as needed, consent logs |
We do not use your data for automated decision-making that produces legal or similarly significant effects on you.
5. Legal bases for processing (GDPR / UK GDPR)
If you are in the EEA or the UK, we rely on the following legal bases under the GDPR / UK GDPR:
| Processing | Legal basis | Notes |
|---|---|---|
| Loading the Meta Pixel, CAPI for advertising, advertising/analytics cookies, retargeting, lookalikes, advanced matching | Consent — Art. 6(1)(a) | Collected via our cookie banner before non-essential tools load; withdrawable at any time. Storing/reading these cookies also relies on consent under the ePrivacy Directive / PECR. |
| Replying to enquiries and scoping a possible engagement | Steps prior to a contract — Art. 6(1)(b), and/or legitimate interests — Art. 6(1)(f) | Our interest: responding to people who contact us. |
| Performing a signed engagement | Contract — Art. 6(1)(b) | |
| Security, fraud prevention, spam filtering, and essential site operation | Legitimate interests — Art. 6(1)(f) | Our interest: keeping the Site and our business secure and functional. Essential cookies do not require consent. |
| Basic, privacy-protective measurement of our own marketing (where lawful without consent in your region) | Legitimate interests — Art. 6(1)(f) | Where local law requires consent for any analytics, we rely on consent instead. |
| Keeping records and complying with law | Legal obligation — Art. 6(1)(c), and/or legitimate interests — Art. 6(1)(f) |
Our legitimate-interests assessment. Where we rely on legitimate interests, we have weighed our interests against your rights and freedoms and limited the processing accordingly (e.g. by not using intrusive analytics without consent, by minimising data, and by honouring objections). You can ask for more detail at [email protected], and you can object at any time (see Section 11).
Withdrawing consent. Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal — see Section 12 for how.
6. Consent, the cookie banner, and Meta's "Limited Data Use" / Consent Mode
- In the EEA, the UK, Switzerland, and other regions that require it, non-essential cookies and trackers — including the Meta Pixel and the advertising/advanced-matching features of CAPI — are blocked until you opt in through our consent banner. Declining means we do not load them, and we do not send your data to Meta for advertising.
- We record your consent choices (what you agreed to, and when) so we can demonstrate compliance and honour your preferences.
- We use Meta's consent signalling so that, when you do not consent, the Pixel/CAPI either do not fire or operate in a restricted way consistent with Meta's tools.
- Limited Data Use (LDU): for users we identify as being in California (and other applicable U.S. states), we instruct Meta to process the relevant data in Limited Data Use mode, which restricts how Meta uses that data, in line with U.S. state privacy laws. See Section 13.
7. How we collect consent for server-side (CAPI) events
Because CAPI sends events from our server, we want to be clear: server-side events are governed by the same consent as browser events. When you decline advertising cookies (or use a recognised opt-out signal), we suppress or restrict the corresponding CAPI events and the advanced-matching identifiers that would otherwise be sent to Meta. CAPI is used to make consented measurement more reliable — not to bypass your choices.
8. Sharing with Meta, and joint controllership
When the Pixel and/or CAPI are active, we share the data described in Section 3.3 with Meta Platforms, Inc. (United States) and, for EEA/UK users, Meta Platforms Ireland Ltd. (Ireland) (together, "Meta").
Joint controllership. For certain processing — in particular the collection and transmission of event data via the Pixel/CAPI for measurement and audience-building — EASE° and Meta act as joint controllers under Art. 26 GDPR, pursuant to the Meta Controller Addendum / Business Tools Terms. Under that arrangement:
- We are responsible for obtaining any required consent and for providing this notice and transparency to you.
- Meta is responsible for the rights of data subjects in respect of the personal data it processes after receipt, and is the contact point for exercising GDPR rights against Meta for that processing.
- Once data reaches Meta, Meta processes it as an independent controller for its own purposes in accordance with Meta's Privacy Policy and its terms.
You can read how Meta uses data here:
- Meta Privacy Policy:
https://www.facebook.com/privacy/policy/ - Meta Cookies Policy:
https://www.facebook.com/policies/cookies/ - Your Meta ad preferences / controls:
https://www.facebook.com/adpreferencesandhttps://accountscenter.facebook.com/ - Meta Business Tools terms:
https://www.facebook.com/legal/terms/businesstools - Meta Controller Addendum:
https://www.facebook.com/legal/controller_addendum
We do not control, and are not responsible for, Meta's own processing once data is received by Meta.
9. Other recipients & service providers
We share personal information with a limited set of vendors who process it on our behalf under data processing agreements, only as needed to run the Site and our studio. Categories include:
| Recipient type | Purpose | Provider |
|---|---|---|
| Website hosting / CDN | Serving the Site, security, logs | Cloudflare (Pages) |
| Form & email delivery | Receiving and routing form submissions | Cloudflare (Pages Functions + Email Routing) |
| Email & productivity | Replying to you, storing correspondence | Google (Gmail) |
| Consent management | Cookie banner and consent records | EASE° (self-managed) |
| Analytics | Cookieless, privacy-friendly traffic measurement | Cloudflare Web Analytics |
| Scheduling / calls | Booking calls | Not currently in use |
| Professional advisors | Legal, accounting | As needed |
We may also disclose information (a) to comply with law, regulation, or a valid legal request; (b) to enforce our terms or protect our rights, safety, and property, or those of others; and (c) in connection with a merger, acquisition, financing, or sale of assets, in which case we will require the recipient to honour this Policy or notify you.
We keep an up-to-date internal list of vendors and will provide specifics on request to [email protected].
10. International data transfers
Some of our providers — notably Meta, Cloudflare, and Google — may process data outside your country or region, including in the United States.
Where we transfer personal data internationally, we rely on an appropriate safeguard, such as:
- the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum / IDTA;
- a valid adequacy decision, where one applies to the destination; and/or
- for transfers to the U.S., a recipient's certification under the EU–U.S. Data Privacy Framework (DPF) and its UK extension, where applicable.
These measures aim to ensure your data receives a level of protection consistent with the laws of your home jurisdiction. You can request a copy of the relevant safeguard (with commercial terms redacted) at [email protected].
11. Your rights (EEA / UK)
If you are in the EEA or the UK, you have the following rights, which you can exercise free of charge in most cases:
- Access — get confirmation of whether we process your data and a copy of it.
- Rectification — correct inaccurate or incomplete data.
- Erasure ("right to be forgotten") — have your data deleted in certain circumstances.
- Restriction — limit how we process your data in certain circumstances.
- Objection — object to processing based on legitimate interests, and object to direct marketing / profiling for marketing at any time (we will stop).
- Portability — receive certain data in a structured, machine-readable format and have it transmitted to another controller where technically feasible.
- Withdraw consent — at any time, where we rely on consent (e.g. for the Pixel/CAPI and advertising cookies), without affecting prior processing.
- Not be subject to solely automated decisions with legal or similarly significant effects — we don't make such decisions.
- Lodge a complaint with a supervisory authority (see Section 17).
How to exercise. Email [email protected] with your request. We may need to verify your identity. We will respond within one month (extendable by two further months for complex requests, and we'll tell you if so). Because Meta acts as a joint/independent controller for Pixel/CAPI data once received, some requests about that data are best directed to Meta using the links in Section 8 — we'll help point you the right way.
12. Cookie Policy
Cookies and similar technologies (pixels, local storage, device identifiers) let the Site function and let us measure our advertising. In regions that require it, non-essential cookies load only after you consent via our banner.
12.1 How to control cookies
- On our banner: choose Accept, Reject, or Manage preferences when you first visit, and reopen it anytime via the "Cookie preferences" link in the footer to change or withdraw consent.
- In your browser: block or delete cookies in your browser settings (this may affect how the Site works).
- At Meta: adjust your ad settings at
https://www.facebook.com/adpreferences. - Industry opt-outs:
https://www.youronlinechoices.eu/(EU),https://optout.aboutads.info/andhttps://optout.networkadvertising.org/(US). - Global Privacy Control (GPC): where required, we treat a recognised GPC signal as a valid opt-out of "sale"/"sharing" (see Section 13).
12.2 Cookie table
The cookies below are representative; exact names, providers, and lifespans should be confirmed against a live scan of your published Site before launch.
Strictly necessary (always on — required for the Site and your choices to work)
| Cookie / item | Provider | Purpose | Typical duration |
|---|---|---|---|
| Security / anti-bot (Cloudflare) | EASE° / host | Core site operation, security | Session |
ease_consent |
EASE° / CMP | Stores your cookie choices | 6–12 months |
| Anti-spam token | Cloudflare | Protects the contact form | Session – 30 days |
Analytics / performance (consent where required)
| Cookie / item | Provider | Purpose | Typical duration |
|---|---|---|---|
| — | Cloudflare | Cloudflare Web Analytics — cookieless, privacy-friendly traffic measurement that sets no cookies and does not track you across sites or use device fingerprinting | No cookie set |
Advertising / targeting — Meta (consent required in EEA/UK; opt-out in US)
| Cookie / item | Provider | Purpose | Typical duration |
|---|---|---|---|
_fbp |
Meta | Identifies browsers for ad delivery & measurement (set by the Pixel) | ~90 days |
_fbc |
Meta | Stores the click identifier (fbclid) from a Meta ad click for attribution |
~90 days |
fr |
Meta (facebook.com) |
Ad delivery, measurement, and relevance | ~90 days |
| Pixel / CAPI events | Meta | Conversion measurement, retargeting, lookalikes, advanced matching (hashed) | Event-based; see Meta's retention |
If you decline advertising cookies, the Meta items above are not set or sent for advertising purposes.
13. Your California privacy rights (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA, gives you specific rights. (Residents of other U.S. states with comparable laws — e.g. Colorado, Connecticut, Virginia, Utah, Texas, and others — have similar rights and may use the same contact methods.)
13.1 "Do Not Sell or Share My Personal Information"
We do not sell your personal information for money. However, our use of the Meta Pixel/CAPI and similar advertising tools may be considered a "sale" or "sharing" for cross-context behavioural advertising under the CCPA/CPRA.
You can opt out at any time by any of these methods:
- Use our "Do Not Sell or Share My Personal Information" link (in the footer) / set our cookie banner to Reject advertising cookies;
- Send a recognised Global Privacy Control (GPC) signal from your browser, which we honour as a valid opt-out; or
- Email [email protected] with the subject "Do Not Sell or Share."
When you opt out, we instruct Meta to apply Limited Data Use (LDU) and we stop the advertising data-sharing described above for you.
13.2 Categories collected, "sold/shared," and disclosed
In the last 12 months we have collected the categories in Section 3. Of these, the categories that may be "shared"/"sold" for advertising are identifiers (e.g. online identifiers such as _fbp/_fbc, IP address) and internet/network activity (browsing and interaction events), shared with Meta. We do not knowingly sell or share the personal information of consumers under 16. We may disclose for a business purpose (e.g. to hosting, form, and security vendors) the categories needed to run the Site.
13.3 Your CCPA/CPRA rights
- Right to know / access the personal information we collect, use, disclose, and share.
- Right to delete personal information we hold about you (subject to exceptions).
- Right to correct inaccurate personal information.
- Right to opt out of "sale"/"sharing" (above).
- Right to limit use of sensitive personal information — note we do not use sensitive personal information for purposes that trigger this right.
- Right to non-discrimination for exercising your rights.
We do not use or disclose sensitive personal information beyond the purposes permitted under the CPRA. To exercise these rights, email [email protected]; we will verify your request and may allow an authorised agent to act for you with proof of authorisation. We aim to respond within 45 days (extendable to 90 with notice). You also have a right to appeal a decision where your state law provides one — reply to our response to start an appeal.
14. Data retention
We keep personal data only as long as necessary for the purposes in this Policy, then delete or anonymise it. Indicative periods:
| Data | Retention |
|---|---|
| Contact-form enquiries that don't become projects | up to 24 months, then deleted |
| Client project records & correspondence | Duration of engagement + 6 years for legal/tax/record-keeping |
| Consent records (cookie choices) | Up to 24 months from last interaction |
| Server & security logs (incl. IP) | Up to 90 days, longer if needed for security investigations |
| Analytics data | Cloudflare Web Analytics (cookieless) — aggregate data retained ~6 months |
| Meta Pixel / CAPI event data held by Meta | Per Meta's retention practices and your Meta settings — see Meta's Privacy Policy |
Where data is held by Meta as a joint/independent controller, Meta's retention applies to that copy; the periods above govern data we hold.
15. Children
The Site and our services are intended for business clients and adults, and are not directed to children under 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal data from children, and we do not knowingly sell or share it. If you believe a child has provided us data, contact [email protected] and we will delete it.
16. How we protect your data (security)
We use appropriate technical and organisational measures to protect personal data, including:
- encryption in transit (HTTPS/TLS) across the Site;
- hashing (SHA-256) of advanced-matching identifiers before they are sent to Meta;
- access controls and least-privilege access to enquiry and client data;
- reputable, security-conscious processors under data processing agreements;
- data minimisation — we collect only what we need; and
- routine review of our tools and configuration.
No method of transmission or storage is completely secure, so we cannot guarantee absolute security. Where required, we will notify you and the relevant authority of a personal-data breach within applicable timeframes.
17. Complaints & supervisory authorities
If you have a concern, please contact us first at [email protected] — we'd genuinely like to put it right.
You also have the right to complain to a data protection authority:
- EEA: your local Data Protection Authority (list:
https://edpb.europa.eu/about-edpb/about-edpb/members_en). - UK: the Information Commissioner's Office (ICO),
https://ico.org.uk/. - California: the California Privacy Protection Agency (
https://cppa.ca.gov/) and the California Attorney General (https://oag.ca.gov/privacy).
18. Third-party links
The Site may link to third-party sites and profiles (for example, Instagram and Are.na in our footer). We are not responsible for the privacy practices of those sites. Please review their privacy policies.
19. Changes to this Policy
We may update this Policy to reflect changes in our practices, our tools, or the law. When we do, we will revise the "Last updated" date above and, for material changes, take additional steps to notify you where appropriate (for example, a notice on the Site or a refreshed consent request). Your continued use of the Site after an update means you accept the revised Policy, except where your consent is required and re-requested.
20. Contact us
Questions, requests, or anything privacy-related:
EASE° STUDIO
Email: [email protected]
This Privacy Policy is a template provided for convenience and does not constitute legal advice. EASE° makes no warranty that it satisfies the requirements applicable to your specific circumstances. Engage qualified privacy counsel to review, tailor, and approve it — and to confirm your Meta Pixel/CAPI consent configuration, your cookie scan, and your vendor list — before publishing or running advertising campaigns.
← Back to EASE°