Privacy Policy — Dopamine Studio

Last updated: 08/07/2026

1. Who we are and what this policy covers

Dopamine Studio operates the website at www.dopaminestudio.io. We are the data controller responsible for the personal data described in this policy.

Dopamine Studio is based in Rome, Italy. As an EU-based operator, we handle personal data in line with the EU General Data Protection Regulation (GDPR) and Italian data protection law. Because we serve visitors and clients in the United States, this policy also addresses the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA) for California residents (see section 8).

This policy covers the website only. It does not cover data handled inside client engagements, which is governed by the relevant contract.

Contact for any privacy question or request: [email protected].

2. Information we collect

Information you give us directly. Our website collects personal data through one channel: the contact form. When you use it, we collect your name, your email address, and the content of your message. We use this only to read and respond to your enquiry.

Information collected automatically. When you visit the site, limited technical data is processed to deliver the pages and keep the service secure. This can include your IP address, browser type and version, device and operating system information, and general server-log data such as pages requested and referring source. This is handled through our hosting and security infrastructure to serve the site and protect it against abuse. We do not run analytics or any tracking that builds a profile of you.

We do not collect payment data, we do not run user accounts, and we do not operate newsletters, marketing campaigns, analytics, or behavioural profiling.

3. How and why we use your data, and our legal basis

What: Name, email, message from the contact form.
Why: To read your enquiry and reply to you.
Legal basis (GDPR): Consent, given when you submit the form. In some cases, steps taken at your request before entering a contract (Art. 6(1)(b)).

What: IP address, browser, device, server logs.
Why: To serve the website, maintain security, and prevent abuse.
Legal basis (GDPR): Legitimate interest in running a secure, functioning site (Art. 6(1)(f)).

We do not use your data for automated decision-making or profiling.

4. Cookies and tracking

Our website keeps tracking to a minimum. We do not use analytics tools and we do not track visitors across sites or over time.

Our hosting and security provider, Cloudflare, may set strictly necessary cookies or process limited technical data required to deliver the site securely and defend against malicious traffic. These are essential to the functioning of the site and do not identify you for marketing purposes. You can control or block cookies through your browser settings, though blocking strictly necessary cookies may affect how the site works.

If we introduce analytics or any non-essential cookies in future, we will update this policy and request your consent through a cookie banner before they load.

5. Sharing and disclosure

We do not sell your personal data, and we do not share it for advertising.

We share data only with service providers who help us run the website, acting as our processors under contract:

  • Webflow — Website hosting and delivery of the pages and contact form. Form submissions are processed through Webflow's infrastructure(.
  • Cloudflare — Content delivery and security.

We may also disclose data where required by law, or to protect our legal rights.

International transfers. Some of these providers are based outside the European Economic Area, including the United States. Where data is transferred outside the EEA, it is protected by appropriate safeguards such as the European Commission's Standard Contractual Clauses or an equivalent mechanism.

6. Retention

We keep contact-form data (name, email, message) only as long as needed to handle your enquiry and any follow-up, and for a reasonable period afterward to maintain a record of the correspondence. As a working figure, we retain enquiries for up to 24 months and then delete them, unless the exchange leads to a client relationship governed by a separate agreement(.

Technical server-log and security data is retained for a shorter period, in line with our providers' standard settings(.

7. Your rights (GDPR)

Under the GDPR, you have the right to:

  • access the personal data we hold about you
  • ask us to correct data that is inaccurate or incomplete
  • ask us to delete your data
  • restrict or object to how we process it, including processing based on legitimate interest
  • receive your data in a portable format
  • withdraw consent at any time, where processing is based on consent, without affecting processing already carried out

To exercise any of these rights, contact us at [email protected]. We will respond within one month, as required by the GDPR.

You also have the right to lodge a complaint with a supervisory authority. In Italy, this is the Garante per la protezione dei dati personali (www.garanteprivacy.it).

8. California privacy rights (CCPA/CPRA)

This section applies to residents of California.

Categories of personal information we collect. In the past 12 months, we have collected the following categories, as defined under the CCPA/CPRA: identifiers (name, email address, IP address) and internet or other electronic network activity information (browser and device data, server logs). We collect these for the purposes described in sections 2 and 3.

Sources. Directly from you (contact form) and automatically from your device when you visit the site.

No sale or sharing. We do not sell your personal information and we do not share it for cross-context behavioural advertising, as those terms are defined under the CCPA/CPRA. We have not done so in the past 12 months. Because we do not sell or share, there is no "Do Not Sell or Share My Personal Information" action to take, but you are welcome to contact us to confirm.

No sensitive personal information use. We do not use or disclose sensitive personal information beyond the purposes permitted under the CCPA/CPRA.

Your California rights. You have the right to:

  • know what personal information we collect, use, and disclose
  • request access to, and a copy of, the personal information we hold about you
  • request deletion of your personal information
  • request correction of inaccurate personal information
  • not be discriminated against for exercising these rights

To exercise these rights, contact us at [email protected]. We will verify your request by confirming control of the email address associated with the data. You may use an authorised agent to make a request on your behalf, subject to verification. We will respond within the timeframes required by law.

9. Security

We take reasonable technical and organisational measures to protect your data, including relying on reputable hosting and infrastructure providers with their own security controls. No website or transmission over the internet can be guaranteed fully secure, so we cannot promise absolute security, but we work to protect your data appropriately.

10. Children

Our website is aimed at businesses and professionals. It is not directed at children. We do not knowingly collect personal data from anyone under 16, or under 13 in the United States. If you believe a child has provided us data, contact us and we will delete it.

11. Changes and contact

We may update this policy from time to time. When we do, we will change the effective date at the top, and for significant changes we will make the update clear on the website.

For any question about this policy or your personal data, contact:

Dopamine Studio
Rome, Italy
[email protected]

UK Flag
English