Privacy policy

This page explains what we collect when you visit robotostudio.com, why we collect it, who we work with, and what your rights are.Questions? If anything here doesn't make sense, email us and we'll explain it like normal people: hello@roboto.studio

Who "we" are"Roboto Studio", "we", or "us" means Roboto Studio Ltd, registered in England & Wales.For anything privacy-related, the data controller is:Roboto Studio Ltd hello@roboto.studio

We're responsible for how personal data is collected and used on this website.What we collect (and why)

We only collect what we need to:

  • Keep the site running on Vercel
  • Understand what's working (and what's not)
  • Reply when you reach out to discuss a project
  • Send you things you explicitly sign up for (like the newsletter)
  1. Things your browser sends anyway

When you visit the site, some information is automatically collected by our infrastructure and analytics:

  • IP address — Security, debugging, rough geographic stats
  • Browser type and version — Making sure the site works everywhere
  • Device and operating system — Same as above
  • Pages you visit, links you click, time on page — Understanding what content resonates
  • Referrer (how you got here) — Knowing which channels actually work

Legal basis: Legitimate interests (running and improving our website, security, debugging).2. Forms (contact, "get in touch", etc.)If you fill out a form on the site, we'll collect:

  • Your name
  • Your email
  • Anything you write in the message box
  • The fact that you ticked the consent box

What we do with it:

  • Reply to your message — Email + internal tools
  • Keep a light-touch record — So we remember what we talked about
  • Improve lead qualification — So we can respond faster and smarter

We use Formspark (or equivalent) to handle submissions securely, then our own systems to respond and follow up.Legal basis:

  • Contract / taking steps at your request (you asked us to contact you)
  • Legitimate interests (running a B2B agency, keeping track of conversations)

Want us to stop? If you ask us to stop contacting you, we will. No questions asked.

  1. Analytics & session recording (PostHog)

We use PostHog to understand how people actually use the site. That includes:

  • Page views and navigation paths — what's getting read
  • Events — form submissions, clicks on key calls-to-action
  • Heatmaps and session recordings — so we can see where people rage-click when something is broken

Where we connect events to a person (for example, capturing your email when you submit a form), this may include:

  • Email address
  • Name
  • High-level site interaction (e.g. "submitted contact form", "subscribed to newsletter")

We do not use this to make automated decisions about you with legal effects. It's there so we can ship a better website and fix UX issues.

Legal basis:

  • Legitimate interests (understanding how people use the site, improving UX, measuring marketing performance)
  • Consent where required (e.g. for non-essential cookies in certain jurisdictions)

Consent controls: Where local law requires explicit consent for analytics, we'll only run these scripts once you've agreed via a cookie banner or similar control.

  1. NewsletterIf you subscribe to our newsletter:
  • Email address (and possibly name) — Store with our email provider
  • Opens and clicks — Track basic metrics so we know if the content is actually useful

Unsubscribe anytime via the link in the email or by emailing us directly.Legal basis: Consent. You can withdraw it whenever you like; we'll stop sending marketing emails. We may keep a minimal record to make sure we don't accidentally re-add you.Cookies and similar techWe use a mix of:

  • Strictly necessary — Keep the site functioning, security, basic performance
  • Analytics — PostHog, understanding what's working
  • Preference — Remembering things like closed banners or submitted forms

Where the law requires it, we'll:

  • Ask for your consent before dropping non-essential cookies
  • Give you a way to change your mind

You can also control cookies from your browser settings.Where your data lives (and who processes it)

Our site is built with Next.js and hosted on Vercel. That means some technical data (like IP addresses and logs) may be processed in data centres outside the UK/EU.Third parties we work with:

  • Vercel — Hosting and deployment
  • PostHog — Analytics, events, heatmaps, session recordings
  • Formspark — Processing form submissions
  • Email & CRM providers — Sending emails, keeping track of conversations

Some of these providers are based outside the UK/EU (particularly in the US).International transfers: When personal data is transferred out of the UK/EU, we rely on legally recognised safeguards:

  • Standard Contractual Clauses (SCCs)
  • The UK Addendum
  • Additional technical and organisational measures (encryption, access controls)

How long we keep thingsWe don't keep personal data forever.

  • Analytics data — Per our PostHog configuration, only as long as needed to understand performance
  • Server/security logs — Limited period for security and debugging
  • Contact emails & form submissions — As long as reasonably needed to manage our relationship (sales cycle, project history)
  • Newsletter data — Until you unsubscribe; minimal suppression record after

Legal requirements: If we're legally required to keep something for longer (tax, legal, regulatory), we'll do so, then delete or anonymise it.Your rightsIf you're in the UK or EU (and we choose to apply these rights globally anyway), you have:

  • Access — Ask what we hold about you and get a copy
  • Rectification — Fix incorrect or incomplete data
  • Erasure — Ask us to delete your data, in certain circumstances
  • Restrict processing — Ask us to limit how we use your data
  • Object — Especially to analytics/marketing based on legitimate interests
  • Data portability — Have some data sent to you in a portable format
  • Withdraw consent — For anything based on consent (like newsletters)

To exercise these rights: Email hello@roboto.studio. We may need to verify you're actually you before we act.ComplaintsIf you're not happy with how we handle your data:

  1. Email us first at hello@roboto.studio — we'd genuinely like to fix it
  2. UK residents: Complain to the Information Commissioner's Office (ICO)
  3. EU residents: Complain to your local Data Protection Authority

Security and ISO 27001We use HTTPS everywhere and work with reputable providers (Vercel, PostHog) that take security seriously. Access to systems is restricted to people who need it to do their job.We are working towards ISO 27001 certification, which means formalising and independently auditing the way we manage information security.No system is perfect, but we take reasonable steps to keep your data safe.Changes to this policyWe may update this policy when:

  • We change analytics or infrastructure
  • Privacy laws change
  • We start doing something new with your data

We'll update the text on this page and change the "last updated" date. If we make big changes, we'll be more explicit about it.Continued use: If you keep using the site after an update, we'll take that as you having read and understood the new version (or at least scrolled past it).

Can you find sections in this field where it seems as though there should be a paragraph break (usually when the text is flush to the next piece of text)