Privacy Policy
We take your privacy seriously. This page explains clearly what data we collect, why we collect it, and the full control you have over it.
Stoolio ("we", "our", "us") is a digital creative studio producing and selling professional Lightroom presets through our website at stoolio.com. We are the data controller responsible for your personal information when you visit our site or purchase our products.
For all privacy matters: [email protected]
We collect only what is genuinely necessary. Nothing more.
You give us directly:
- Account registration: Name, email address, encrypted password
- Purchase: Name, email, billing country. Payment card data is handled entirely by Stripe — we never see it
- Support messages: Any information you share when contacting our team
- Newsletter: Email address, only if you choose to subscribe
Collected automatically:
- Technical data: IP address, browser type, device type, operating system
- Usage data: Pages visited, time on site, clicks, referral source
- Transaction data: Order IDs, amounts, timestamps — for fulfilment and support only
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Processing & delivering your order | Name, email, order details | Contract performance |
| Sending download link & confirmation | Email, order details | Contract performance |
| Customer support | Name, email, order history | Contract performance |
| Account & download history | Account data, purchase records | Contract performance |
| Marketing emails (new presets, offers) | Email address | Your explicit consent |
| Website improvement | Anonymised usage data | Legitimate interest |
| Fraud prevention & security | IP, transaction data | Legitimate interest |
| Legal & accounting compliance | Transaction records | Legal obligation |
We do not sell your data to anyone. We work with the following trusted service providers who process data strictly on our behalf:
- Stripe Inc. — Secure payment processing. They handle card data under their own privacy policy. We receive only a transaction reference.
- Web hosting providers — Store our website and your account data on secure servers under data processing agreements.
- Email service providers — Used to send order confirmations, download links, and (with consent) marketing emails.
- Google Analytics — Receives anonymised, aggregated usage data only. No personally identifiable data is shared.
- Legal authorities — Only when required by law, court order, or to protect safety and rights.
| Type | Purpose | Optional? |
|---|---|---|
| Essential | Login sessions, shopping cart, Stripe checkout security | No — required |
| Analytics | Anonymised traffic data via Google Analytics | Yes — opt out via banner |
| Preferences | Remembering language or display preferences | Yes — opt out |
| Marketing | Ad conversion tracking — only with your explicit consent | Yes — opt out |
On your first visit, our cookie banner will let you choose. You can change preferences at any time through the banner or your browser settings.
- SSL/TLS encryption: All data between your browser and our site is encrypted via HTTPS
- PCI-DSS payment security: All card processing is handled by Stripe at PCI-DSS Level 1 — we never handle card details
- Password hashing: Account passwords are stored using one-way cryptographic hashing (bcrypt)
- Access controls: Customer data is accessible only by authorised personnel on a need-to-know basis
- Regular reviews: We periodically review security practices and hosting infrastructure
If a data breach occurs that may affect your rights, we will notify you and relevant authorities as required by applicable law.
- Account data — Retained while your account is active. Deleted within 30 days of account closure, except where legally required
- Transaction records — Retained for 7 years (legal/accounting obligation)
- Download records — Retained while your account is active to allow re-downloading
- Support communications — Up to 3 years from last interaction
- Marketing opt-in — Until you unsubscribe; opt-out records kept indefinitely to prevent accidental re-contact
- Analytics data — Anonymised; session data maximum 26 months
- Access: Request a copy of the personal data we hold about you at any time
- Rectification: Ask us to correct any inaccurate or incomplete data
- Erasure: Request deletion of your personal data (subject to legal retention obligations)
- Restrict Processing: Ask us to temporarily stop processing your data in certain circumstances
- Data Portability: Receive your data in a structured, machine-readable format
- Object: Object to marketing or processing based on legitimate interests
- Withdraw Consent: Withdraw consent for marketing at any time with no penalty
- Complain: Lodge a complaint with your local data protection supervisory authority
Some service providers (such as Stripe and Google Analytics) may process your data outside your country, including in the United States. Where this occurs, we ensure adequate protections via Standard Contractual Clauses, adequacy decisions, or the UK International Data Transfer Agreement (IDTA) as applicable.
Contact us at [email protected] for more details on international transfer safeguards.
Stoolio is intended for adults and is not directed at anyone under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with their information, please contact [email protected] immediately and we will delete it promptly.
We may update this policy as our practices or legal requirements change. When we do, we will update the "Effective" date at the top of this page and notify registered customers by email where appropriate. Your continued use of our site after any update constitutes acceptance of the revised policy.
- Email: [email protected]
- Response time: Within 5 business days for general queries; 30 days for formal data subject requests
- Supervisory authority: If unsatisfied with our response, you have the right to contact your local data protection authority
Privacy Question?
We read every message and will get back to you within 5 business days.
© 2025 Stoolio. All rights reserved.