PRIVACY POLICY

Last Updated: January 2026

1. INTRODUCTION

Chroma AI Studio (“we,” “us,” “our,” or “Company”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (chromaaistudio.com), use our services, or interact with us.

Please read this Privacy Policy carefully. By using our services or providing us with your information, you consent to the practices described in this policy.

If you do not agree with the terms of this Privacy Policy, please do not access our website or use our services.

2. INFORMATION WE COLLECT

We collect information that you provide directly to us, information we obtain automatically, and information from third-party sources.

2.1 Information You Provide to Us

Personal Information:

  • Name
  • Email address
  • Phone number
  • Company/Business name
  • Mailing address
  • Payment information (processed through secure third-party payment processors)

Business Information:

  • Website URL
  • Social media handles
  • Business details and industry
  • Marketing goals and preferences
  • Product information
  • Brand assets (logos, images, content)

Communications:

  • Messages sent through contact forms
  • Email correspondence
  • WhatsApp messages
  • Phone call records
  • Meeting notes and consultation details

Project-Specific Information:

  • Website content and design preferences
  • Social media account access (with your permission)
  • Analytics data from your platforms
  • Customer demographics and target audience details
  • Marketing campaign performance data

2.2 Information We Collect Automatically

Website Usage Data:

  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Pages visited and time spent
  • Referring website
  • Click patterns and navigation paths
  • Date and time of access

Cookies and Tracking Technologies:

We use cookies and similar tracking technologies to enhance your experience. Cookies are small data files stored on your device. Types of cookies we use:

  • Essential Cookies: Required for website functionality
  • Analytics Cookies: Help us understand how visitors use our site
  • Marketing Cookies: Track visitors across websites for advertising purposes
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings, but disabling certain cookies may limit website functionality.

2.3 Information from Third-Party Sources

We may receive information from:

  • Social media platforms (Facebook, Instagram, LinkedIn, TikTok)
  • Analytics providers (Google Analytics)
  • Payment processors (PayPal, Stripe)
  • Email service providers
  • CRM systems
  • Public databases and directories

3. HOW WE USE YOUR INFORMATION

We use collected information for the following purposes:

3.1 Service Delivery

  • Provide, operate, and maintain our services
  • Process transactions and send transaction confirmations
  • Create and manage client accounts
  • Deliver website design, social media management, SEO, and video content services
  • Access client platforms (with explicit permission) to perform contracted services
  • Communicate about projects, deliverables, and timelines

3.2 Customer Support

  • Respond to inquiries and support requests
  • Provide customer service
  • Troubleshoot technical issues
  • Send service-related announcements

3.3 Business Operations

  • Process payments and manage billing
  • Maintain records and accounts
  • Conduct internal analytics and research
  • Improve and optimize our services
  • Develop new products and features
  • Monitor service quality and performance

3.4 Marketing and Communications

  • Send promotional emails about our services (with your consent)
  • Provide updates, newsletters, and marketing materials
  • Conduct surveys and request feedback
  • Display relevant advertising
  • Analyze marketing campaign effectiveness

You can opt out of marketing communications at any time by:

  • Clicking “unsubscribe” in emails
  • Contacting us at hello@chromaaistudio.com
  • Updating your communication preferences

3.5 Legal and Security

  • Comply with legal obligations and regulations
  • Enforce our Terms and Conditions
  • Protect against fraud and unauthorized access
  • Resolve disputes and legal claims
  • Protect rights, property, and safety of our company, clients, and others

3.6 AI and Technology Services

  • Train and improve AI models for content creation
  • Generate, edit, and optimize content
  • Analyze performance data for optimization
  • Create personalized marketing materials
  • Develop and enhance video production technology

Important: We do not use client-specific data to train public AI models. Client content and data are used only for contracted services and internal service improvement.

4. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information to third parties. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party vendors who perform services on our behalf:

  • Web hosting providers
  • Email service providers (e.g., Mailchimp, Gmail)
  • Payment processors (e.g., PayPal, Stripe)
  • Analytics providers (e.g., Google Analytics)
  • Cloud storage services
  • CRM and project management tools
  • Communication platforms (e.g., Calendly)

These providers are contractually obligated to protect your information and use it only for specified purposes.

4.2 Social Media Platforms

When managing your social media accounts, we access platforms including:

  • Facebook/Instagram
  • TikTok
  • LinkedIn
  • Pinterest
  • YouTube

We access these platforms only with your explicit permission and use your credentials solely to deliver contracted services.

4.3 Legal Requirements

We may disclose information if required by law or in response to:

  • Court orders or legal processes
  • Government or regulatory requests
  • Protection of legal rights
  • Prevention of fraud or security threats
  • Enforcement of our Terms and Conditions

4.4 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to the successor entity.

4.5 With Your Consent

We may share information for purposes not listed here with your explicit consent.

4.6 Aggregated Data

We may share aggregated or anonymized data that cannot identify you individually for:

  • Industry research and analysis
  • Marketing and promotional purposes
  • Service improvement
  • Public reporting

5. DATA RETENTION

5.1 Retention Periods

We retain your information for as long as necessary to:

  • Provide services you’ve requested
  • Comply with legal obligations
  • Resolve disputes
  • Enforce agreements

Specific Retention Periods:

  • Active client data: Duration of service agreement plus 12 months
  • Project files and deliverables: 12-24 months after project completion
  • Financial records: 7 years (for tax and accounting purposes)
  • Marketing communications data: Until you unsubscribe or request deletion
  • Website analytics: 26 months (Google Analytics default)

5.2 Data Deletion

After retention periods expire, we securely delete or anonymize your information unless:

  • Legal requirements mandate longer retention
  • You request continued storage for your records
  • Information is necessary for ongoing legitimate business purposes

6. DATA SECURITY

6.1 Security Measures

We implement reasonable technical and organizational measures to protect your information:

Technical Safeguards:

  • Encryption of data in transit (SSL/TLS)
  • Secure cloud storage with access controls
  • Regular security updates and patches
  • Firewall protection
  • Secure authentication protocols
  • Regular backups

Organizational Safeguards:

  • Access limited to authorized personnel only
  • Confidentiality agreements with staff and contractors
  • Regular security training
  • Incident response procedures
  • Vendor security assessments

6.2 Limitations

Despite our efforts, no security system is impenetrable. We cannot guarantee absolute security of your information. You are responsible for:

  • Maintaining confidentiality of login credentials
  • Using strong, unique passwords
  • Securing your devices and networks
  • Promptly reporting suspected security breaches

6.3 Breach Notification

In the event of a data breach that compromises your personal information, we will:

  • Notify affected individuals without undue delay
  • Report to relevant authorities as required by law
  • Take immediate steps to contain and remediate the breach
  • Provide guidance on protective measures you can take

7. YOUR PRIVACY RIGHTS

Depending on your location, you may have certain rights regarding your personal information:

7.1 General Rights

Access: Request copies of your personal information we hold

Correction: Request correction of inaccurate or incomplete information

Deletion: Request deletion of your personal information (subject to legal retention requirements)

Restriction: Request restriction of processing in certain circumstances

Objection: Object to processing of your information for certain purposes

Portability: Receive your information in a structured, machine-readable format

Withdraw Consent: Withdraw consent for processing (where consent is the legal basis)

7.2 Marketing Rights

  • Opt out of marketing emails (unsubscribe link in emails)
  • Request removal from marketing lists
  • Opt out of targeted advertising

7.3 Exercising Your Rights

To exercise any of these rights, contact us at:

  • Email: hello@chromaaistudio.com
  • WhatsApp: +971 55 835 8857

We will respond to requests within 30 days. We may require verification of your identity before processing requests.

7.4 Right to Complain

If you believe we have not handled your information properly, you have the right to lodge a complaint with:

  • Your local data protection authority
  • Relevant supervisory authority in your jurisdiction

8. REGION-SPECIFIC PRIVACY RIGHTS

8.1 European Union (GDPR)

If you are in the EU/EEA, you have additional rights under the General Data Protection Regulation:

Legal Basis for Processing:

  • Performance of contract
  • Legitimate business interests
  • Legal compliance
  • Your consent (where applicable)

International Transfers: We may transfer data outside the EU/EEA with appropriate safeguards (Standard Contractual Clauses).

Data Protection Officer: For GDPR-related inquiries: hello@chromaaistudio.com

8.2 United States (State Privacy Laws)

California (CCPA/CPRA): California residents have rights to:

  • Know what personal information is collected
  • Know if information is sold or shared (we do not sell information)
  • Delete personal information
  • Opt out of sale of personal information
  • Non-discrimination for exercising privacy rights

Other US States: Residents of Virginia, Colorado, Connecticut, Utah, and other states with privacy laws have similar rights.

8.3 United Kingdom (UK GDPR)

UK residents have rights equivalent to EU GDPR provisions.

8.4 United Arab Emirates

We comply with UAE data protection regulations including:

  • Federal Decree-Law No. 45 of 2021 on Personal Data Protection
  • Dubai International Financial Centre (DIFC) Data Protection Law (if applicable)

8.5 Other Jurisdictions

We comply with applicable data protection laws in all jurisdictions where we operate or serve clients.

9. CHILDREN’S PRIVACY

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children.

If you believe we have inadvertently collected information from a child, contact us immediately at hello@chromaaistudio.com and we will delete the information promptly.

10. THIRD-PARTY WEBSITES AND SERVICES

Our website and services may contain links to third-party websites, platforms, and services that are not operated by us:

  • Social media platforms
  • Client websites we design
  • Third-party tools and integrations
  • External resources and references

We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

Third-Party Services We Use:

  • Google Analytics (analytics)
  • Facebook Pixel (advertising)
  • Calendly (scheduling)
  • Stripe/PayPal (payments)
  • Cloud hosting providers
  • Email service providers

These services have their own privacy policies governing how they collect and use data.

11. COOKIES AND TRACKING TECHNOLOGIES

11.1 Types of Cookies We Use

Strictly Necessary Cookies: Essential for website operation. Cannot be disabled.

Performance/Analytics Cookies: Help us understand website usage (Google Analytics).

Functionality Cookies: Remember your preferences and settings.

Targeting/Advertising Cookies: Deliver relevant advertisements based on interests.

11.2 Managing Cookies

Browser Settings: You can control cookies through your browser settings:

  • Block all cookies
  • Accept only certain cookies
  • Delete existing cookies
  • Receive alerts when cookies are set

Note: Disabling cookies may affect website functionality.

Opt-Out Links:

  • Google Analytics: https://tools.google.com/dlpage/gaoptout
  • Facebook Pixel: https://www.facebook.com/help/568137493302217

11.3 Do Not Track

Some browsers have “Do Not Track” (DNT) features. Our website does not currently respond to DNT signals, as there is no industry standard for DNT compliance.

12. INTERNATIONAL DATA TRANSFERS

We may transfer your information to countries outside your country of residence, including:

  • United States
  • European Union
  • United Arab Emirates
  • Cloud service provider locations

When transferring data internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Binding Corporate Rules
  • Your explicit consent

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect:

  • Changes in our practices
  • Legal or regulatory requirements
  • New technologies or services
  • Customer feedback

Notification of Changes:

  • Updated “Last Updated” date at the top of this policy
  • Email notification for material changes (to active clients)
  • Website announcement of significant updates

Your Continued Use: Continued use of our services after changes constitutes acceptance of the updated policy.

We encourage you to review this policy periodically.

14. CONTACT US

For questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us:

Chroma AI Studio

Email: hello@chromaaistudio.com
Instagram: @ChromaUGC