REFINE STUDIO
Privacy Policy
Last Updated: April 3, 2026
Portal: https://www.refinestudio.io/
1. Introduction
Refine Studio Ltd. (“Company,” “we,” “us,” or “our”), a British Virgin Islands company with offices at Intershore Chambers, Road Town, Tortola, VG1110, operates the website and client portal located at https://www.refinestudio.io/ (the “Portal”). This Privacy Policy describes how we collect, use, store, share, and protect personal information when you visit the Portal, engage our services, or otherwise interact with us.
By accessing the Portal or making payment for our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use the Portal or provide us with your personal information.
This Privacy Policy should be read together with our Terms of Service, which govern your use of the Portal and our Services.
2. Information We Collect
2.1 Information You Provide Directly
We collect personal information that you voluntarily provide when you interact with us, including:
- Account and Contact Information: Full name, email address, phone number, mailing address, company name, job title, and billing address.
- Payment Information: Bank account details, wire transfer information, stablecoin wallet addresses, and transaction records. We do not store full credit card numbers on our servers.
- Project Materials: Any files, documents, API credentials, design assets, code, specifications, or other materials you upload or share with us in connection with a Statement of Work.
- Communications: Emails, messages sent through the Portal or project management tools, meeting recordings (where consented to), and any other correspondence between you and our team.
- Feedback and Support Requests: Information you provide when submitting bug reports, feature requests, design feedback (including via Figma or similar tools), or support inquiries.
2.2 Information Collected Automatically
When you visit or use the Portal, we automatically collect certain technical information, including:
- Device and Browser Data: IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.
- Usage Data: Pages visited, time spent on the Portal, click patterns, referring URLs, and navigation paths.
- Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to facilitate Portal functionality, remember your preferences, and analyze usage patterns. See Section 8 for more detail.
- Log Data: Server logs that record access times, error logs, and request details.
2.3 Information from Third Parties
We may receive information about you from third-party sources, including:
- Payment processors and financial institutions that confirm transaction details.
- Analytics providers such as Google Analytics that help us understand Portal usage.
- Project management and communication platforms (e.g., Slack, ClickUp, GitHub) where you interact with our team.
- Publicly available sources such as LinkedIn or company websites, used solely for business development and client onboarding purposes.
3. How We Use Your Information
We use the personal information we collect for the following purposes:
3.1 Service Delivery
- To create and manage your account on the Portal.
- To perform Services under your Statement of Work, including product development, design, testing, and quality assurance.
- To process payments, issue invoices, and manage billing.
- To communicate with you about project status, deliverables, milestones, and alignment calls.
- To provide technical support and respond to your inquiries.
3.2 Portal Operations and Improvement
- To maintain, secure, and improve the functionality of the Portal.
- To analyze usage trends and optimize the user experience.
- To detect, prevent, and address technical issues, fraud, or security threats.
3.3 Legal and Compliance
- To comply with applicable laws, regulations, and legal processes.
- To enforce our Terms of Service and protect our legal rights.
- To respond to lawful requests from governmental authorities.
3.4 Business Communications
- To send you administrative notices, such as updates to this Privacy Policy or our Terms of Service.
- To send project-related communications, including meeting invitations, status updates, and blocker notifications.
- With your consent, to send you information about new services, features, or offerings that may be relevant to your business.
4. Legal Bases for Processing
We process your personal information based on the following legal grounds:
- Contractual Necessity: Processing is necessary to perform our obligations under the Terms of Service and any applicable Statement of Work.
- Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving our services, securing the Portal, and conducting business development, provided these interests do not override your fundamental rights.
- Consent: Where required by law, we obtain your explicit consent before processing certain categories of personal information (e.g., marketing communications). You may withdraw consent at any time by contacting us at privacy@refinestudio.io.
- Legal Obligation: Processing is necessary to comply with applicable laws, regulations, or court orders.
5. How We Share Your Information
We do not sell your personal information to third parties. We may share your information in the following circumstances:
5.1 Service Providers and Subcontractors
We engage trusted third-party service providers who assist us in delivering the Services, including cloud hosting providers, payment processors, analytics services, project management platforms, and communication tools. These providers are contractually obligated to use your information only for the purposes we specify and to maintain appropriate security measures.
5.2 Professional Advisors
We may share your information with our legal counsel, accountants, auditors, or other professional advisors where necessary for the conduct of our business or to comply with legal obligations.
5.3 Legal Requirements
We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to an enforceable government request.
5.4 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or other similar event, your personal information may be transferred to the successor entity. We will notify you via the Portal or email of any such change and any choices you may have regarding your information.
5.5 With Your Consent
We may share your information with third parties when you have given us your explicit consent to do so.
6. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our specific retention periods are as follows:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account and contact information | Duration of engagement plus 3 years | Contractual and legitimate interest |
| Payment and billing records | 7 years from date of transaction | Tax and regulatory compliance |
| Project materials and Work Product | Duration of engagement plus 1 year, unless Client requests earlier deletion | Contractual necessity |
| Communications and correspondence | Duration of engagement plus 2 years | Legitimate interest and dispute resolution |
| Server logs and usage data | 12 months from collection | Security and performance monitoring |
| Cookie data | As specified in cookie settings (maximum 13 months) | Consent or legitimate interest |
Upon termination of our engagement, and subject to the Terms of Service, we will, at your request, return or delete your Client Data within thirty (30) days, except where retention is required by law or legitimate business need (e.g., backup archives that are automatically purged within ninety (90) days).
7. Data Security
We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it, including:
- Encryption of data in transit using TLS 1.2 or higher.
- Encryption of sensitive data at rest using AES-256 or equivalent industry-standard encryption.
- Access controls that restrict access to personal information to authorized personnel on a need-to-know basis.
- Regular security assessments and vulnerability testing of our systems.
- Secure development practices, including code reviews and testing to prevent the introduction of malicious code.
- Incident response procedures to detect, investigate, and respond to data breaches promptly.
While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we commit to notifying affected individuals and relevant authorities of any data breach within seventy-two (72) hours of discovery, in accordance with applicable law.
8. Cookies and Tracking Technologies
8.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Essential for Portal functionality, including authentication, session management, and security | Session or up to 24 hours |
| Functional | Remember your preferences such as language, timezone, and display settings | Up to 12 months |
| Analytics | Help us understand how visitors interact with the Portal using aggregated, anonymized data | Up to 13 months |
| Performance | Monitor Portal performance and identify technical issues | Up to 12 months |
8.2 Managing Cookies
You can manage your cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. However, disabling strictly necessary cookies may impair your ability to use certain features of the Portal. We honor Do Not Track (DNT) browser signals where technically feasible.
8.3 Third-Party Analytics
We use Google Analytics to analyze Portal usage. Google Analytics uses cookies to collect anonymized information about how visitors use the Portal. This information is transmitted to and stored by Google on servers that may be located outside your jurisdiction. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.
9. International Data Transfers
Refine Studio is a British Virgin Islands company that operates globally. Your personal information may be transferred to, stored in, and processed in jurisdictions other than the one in which you reside, including the United States, the British Virgin Islands, and other countries where our team members or service providers are located.
Where we transfer personal information outside your jurisdiction, we ensure that appropriate safeguards are in place, including:
- Standard contractual clauses approved by relevant data protection authorities.
- Ensuring that recipients are located in jurisdictions that provide an adequate level of data protection.
- Obtaining your explicit consent where required by applicable law.
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we will comply with applicable data transfer requirements under the General Data Protection Regulation (GDPR) or equivalent legislation.
10. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
10.1 General Rights
- Right of Access: You may request a copy of the personal information we hold about you.
- Right to Rectification: You may request correction of inaccurate or incomplete personal information.
- Right to Erasure: You may request deletion of your personal information, subject to our legal retention obligations.
- Right to Restrict Processing: You may request that we limit how we use your personal information in certain circumstances.
- Right to Data Portability: You may request to receive your personal information in a structured, commonly used, machine-readable format.
- Right to Object: You may object to processing of your personal information based on legitimate interests or for direct marketing purposes.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
10.2 Exercising Your Rights
To exercise any of these rights, please contact us at privacy@refinestudio.io. We will respond to your request within thirty (30) days. We may ask you to verify your identity before processing your request. If we are unable to fulfill your request due to a legal exception, we will explain the reason in our response.
10.3 Complaints
If you believe that we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.
11. California Privacy Rights
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights:
- Right to Know: You may request details about the categories and specific pieces of personal information we have collected, the sources of collection, the purposes of processing, and the categories of third parties with whom we share your information.
- Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
- Right to Opt Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising purposes. If this practice changes, we will provide a clear opt-out mechanism.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.
To submit a request under the CCPA/CPRA, please contact us at privacy@refinestudio.io. We will verify your identity and respond within forty-five (45) days of receiving your request.
12. Children’s Privacy
The Portal and our Services are not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take prompt steps to delete that information. If you believe that a child under 18 has provided us with personal information, please contact us at privacy@refinestudio.io.
13. Third-Party Links and Services
The Portal may contain links to third-party websites, tools, or services (such as GitHub, Figma, Slack, or payment processors) that are not operated or controlled by us. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party service before providing your personal information. We are not responsible for the privacy practices or content of third-party websites or services.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Post the updated Privacy Policy on the Portal with a revised “Last Updated” date.
- Notify you via email or a prominent notice on the Portal at least fifteen (15) days before the changes take effect.
Your continued use of the Portal or Services after the updated Privacy Policy becomes effective constitutes your acceptance of the revised terms. We encourage you to review this Privacy Policy periodically.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Refine Studio Ltd.
Intershore Chambers, Road Town, Tortola, VG1110
British Virgin Islands
Email: privacy@refinestudio.io
Portal: https://www.refinestudio.io/
We aim to respond to all privacy-related inquiries within fifteen (15) business days of receipt.
BY USING THE PORTAL OR ENGAGING OUR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO THE COLLECTION, USE, AND SHARING OF YOUR INFORMATION AS DESCRIBED HEREIN.