Privacy Policy

This Privacy Policy explains how Elmunei Studio ("Elmunei", "we", "us") collects, uses, and protects personal information when you visit elmunei.com, browse our work, or submit a project brief.

This policy applies to information collected through our public website. Client engagements are governed by separate contracts and statements of work.

We collect the minimum information needed to evaluate a brief and operate the site.

• Project briefs: name, email, business or project name, website URL (if provided), project type, message, budget range, timeline, and consent checkbox.
• Analytics (with consent only): aggregated page-view and behaviour telemetry via Google Analytics 4 and Microsoft Clarity. These scripts do not load until you accept analytics cookies in the cookie banner.
• Essential storage: cookie consent preference (localStorage). Required for the site to remember your choice.
• Operational logs: standard server logs (IP address, user agent, timestamp) kept for security and abuse prevention.

We use the information for the following purposes only:

• To respond to your project brief and send a confirmation email.
• To improve the website and studio materials.
• To meet legal and regulatory obligations.

We do not sell personal information. We do not enrol you in marketing drips without your request. We do not share your details with third parties for advertising.

We process personal information on the basis of (a) your consent, given when you submit a form or accept analytics cookies; (b) our legitimate interest in operating and improving the website and enquiry process (excluding analytics, which relies on consent); and (c) compliance with applicable law, including the Protection of Personal Information Act, 2013 (POPIA) where it applies.

We use a small number of trusted sub-processors to operate the website and respond to you.

• Cloudflare: site hosting, edge delivery, and security.
• Resend: transactional email for form submissions and acknowledgements.
• Google Analytics 4: traffic analysis (loaded only after analytics consent).
• Microsoft Clarity: session replay and heatmaps for usability (loaded only after analytics consent).

Project brief data is retained for up to 24 months from submission, unless you enter into a contractual engagement with us, in which case retention is governed by that contract. Server logs are retained for up to 12 months.

Subject to applicable law, you have the right to access, correct, delete, or restrict the personal information we hold about you, to object to processing, and to lodge a complaint with a supervisory authority. Under POPIA, the Information Regulator (South Africa) is the supervisory authority.

To exercise any of these rights, email support@elmunei.com. We respond within 30 days.

We protect personal information using least-privilege access, encryption in transit, and reputable infrastructure providers. No method of transmission over the internet is completely secure; we apply reasonable measures appropriate to the data we hold.

Some sub-processors may process personal information outside South Africa. Where required, we rely on appropriate safeguards such as standard contractual clauses or adequacy decisions offered by those providers.

We may update this Privacy Policy from time to time. Material changes will be reflected in the "Last updated" date above.