Skip to content

Privacy Policy

Last Updated: MAY 01, 2026

1. Introduction

Welcome to Smoke Studio ("Company", "we", "our", "us"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website smokestud.io and use our services, including our "SmokeScan" platform.

This policy is designed to comply with international data protection regulations, including the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States.

2. Data Controller

For the purposes of the GDPR and other applicable data protection laws, the Data Controller is SmokeStudio, located at Av. Tamaulipas 257 C.P. 01510 Álvaro Obregón CDMX.

3. Information We Collect

We may collect and process the following data about you:

  • Identity and Contact Data: Name, email address, and profile picture (especially when you authenticate using Third-Party Providers like Google or Microsoft).
  • Authentication Data: OAuth tokens and identifiers provided by your identity provider (Google or Microsoft) necessary for Single Sign-On (SSO).
  • Technical and Usage Data: IP address, browser type, operating system, pages visited, and interaction data collected via cookies and similar technologies (e.g., Google Analytics, Clarity).
  • Service Data: Information you input into our tools such as "SmokeScan" to validate your business ideas.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain our website and services.
  • To manage your account and authentication processes via Google/Microsoft SSO.
  • To communicate with you, including sending service updates, marketing emails (only with your explicit consent where required), and responding to your inquiries.
  • To analyze usage trends and improve our platform's user experience.

5. Legal Basis for Processing (GDPR)

If you are from the European Economic Area (EEA) or the UK, our legal basis for collecting and using the personal data described above depends on the context in which we collect it:

  • Consent: You have given us clear consent to process your data for a specific purpose (e.g., marketing emails, cookies).
  • Contract: Processing is necessary for the performance of a contract with you (e.g., providing our services and account creation).
  • Legitimate Interests: Processing is necessary for our legitimate interests (e.g., improving our platform) provided those interests are not overridden by your rights.

6. Third-Party Services and Data Transfers

We use third-party services to facilitate our platform, including Supabase (for database and authentication infrastructure), Google Analytics, Google Tag Manager, and Microsoft Clarity. These third parties may access your data only to perform tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Your information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. We take all necessary steps to ensure that your data is treated securely and in accordance with this Privacy Policy, utilizing Standard Contractual Clauses or other approved transfer mechanisms where applicable.

7. Your Data Protection Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right to Access: You can request copies of your personal data.
  • Right to Rectification: You can request that we correct any information you believe is inaccurate or incomplete.
  • Right to Erasure (Right to be Forgotten): You can request that we erase your personal data, under certain conditions.
  • Right to Restrict Processing: You can request that we restrict the processing of your personal data, under certain conditions.
  • Right to Object: You can object to our processing of your personal data, under certain conditions.
  • Right to Data Portability: You can request that we transfer the data that we have collected to another organization, or directly to you.

For California Residents (CCPA): We do not "sell" your personal information as defined by the CCPA. You have the right to request disclosure about our data collection practices and to request deletion of your data.

To exercise any of these rights, please contact us at privacy@smokestud.io].

8. Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

9. Children's Privacy

Our services do not address anyone under the age of 13 (or higher depending on your local laws). We do not knowingly collect personally identifiable information from anyone under this age. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. You are advised to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

  • By email: privacy@smokestud.io
  • By mail: Av. Tamaulipas 257 C.P. 01510 Álvaro Obregón CDMX