Privacy Policy

1. Who we are

Nurani Studio is a web design and software agency registered at the Dutch Chamber of Commerce (KvK) under number 82209812. Our office is located at Bronsweg 17, 8211 AL Lelystad, Netherlands. You can reach us at [email protected].

Nurani Studio is the data controller for the personal data processed through this website (nurani.io).

2. What data we collect

Contact form submissions: When you fill out our contact form, we collect your name, email address, the services you are interested in, and your message. This data is necessary to respond to your inquiry and prepare your free strategy report.

Website analytics: We use Umami, a privacy-first analytics tool hosted on our own servers. Umami does not use cookies, does not collect personal data, and does not track IP addresses. It provides anonymous, aggregate statistics such as page views, referral sources, and device types.

Heatmaps and session recordings: We use Microsoft Clarity to understand how visitors interact with our website. Clarity provides anonymous heatmaps and session recordings that show where visitors click, scroll, and navigate. Clarity does not collect personal data and IP addresses are masked. This helps us improve the website experience.

Technical data: Our servers automatically log technical information such as browser type, operating system, and referring pages. This data is used solely for website security and performance.

3. Why we collect your data

We process personal data for the following purposes: to respond to your project inquiry and deliver your free strategy report (legal basis: pre-contractual measures at your request); to analyze website performance and improve our services (legal basis: legitimate interest); to ensure website security and prevent abuse (legal basis: legitimate interest).

4. Who we share your data with

We do not sell your personal data. We share data with the following service providers who process data on our behalf: our hosting provider (Hetzner, for website delivery and self-hosted analytics), Microsoft (for anonymous heatmaps and session recordings via Clarity), and our email provider (for responding to inquiries). All service providers are bound by data processing agreements and comply with GDPR requirements.

5. How long we keep your data

Contact form data is retained for as long as necessary to complete your inquiry, plus a maximum of 12 months after your last interaction. Analytics data is stored on our own servers as anonymous, aggregate statistics and contains no personal data. Server logs are automatically deleted after 30 days.

6. Your rights

Under the General Data Protection Regulation (GDPR/AVG), you have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your data; restrict or object to processing of your data; receive your data in a portable format; withdraw consent at any time.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

7. Cookies

Our website uses one essential cookie (NEXT_LOCALE) to remember your language preference. This cookie is strictly necessary and does not require consent. We do not use analytics cookies. Our analytics tool, Umami, is cookieless and privacy-first, hosted on our own servers. Microsoft Clarity uses two cookies (_clck and _clsk) for anonymous session tracking. These cookies contain no personal data and are used to improve website usability.

8. Security

We take appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our website uses HTTPS encryption for all data transmission.

9. Complaints

If you believe we are not handling your personal data correctly, you have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

10. Changes to this policy

We may update this privacy policy to reflect changes in our practices or legal requirements. The date at the top of this page indicates when it was last updated.

11. Instagram messaging integration (Nurani client portal)

Our internal client portal at clientportal.nurani.io includes an Instagram messaging integration that uses Meta's Instagram Graph API. This integration is used by Nurani Studio's own staff to manage business conversations from Instagram accounts that we own or manage (such as @fromnurani).

Through this integration, when a user sends a direct message to one of our connected Instagram Business or Creator accounts, we receive and store: the sender's Instagram username and display name, their public profile picture URL, the text and media content of the message, the message timestamp, and the conversation ID assigned by Instagram. We also store our own outbound replies. We do not collect or store any other personal data about Instagram users.

Legal basis: legitimate interest in managing business conversations and customer relationships. Purpose: customer relationship management (CRM) and sales pipeline tracking inside our internal portal.

Storage and retention: this data is stored in a PostgreSQL database hosted on our own servers in the European Union (Hetzner, Falkenstein DE). It is retained for as long as the conversation is relevant to our business relationship, and is deleted on request (see our Data Deletion page).

Sharing: we do not share Instagram conversation data with any third party. It is never used for advertising, marketing automation outside our portal, or sold. Only authorised Nurani Studio staff can access it.

Your rights as an Instagram user: if you have messaged one of our connected Instagram accounts and want your data removed from our systems, please follow the instructions on our Data Deletion page or email [email protected] with the subject 'Instagram data deletion'. We will confirm deletion within 7 days.