Legal

Privacy Policy

Last updated: April 21, 2026

This Privacy Policy explains how VoidAtelier ("we", "our", "us") collects, uses, stores, and shares personal data when you visit voidatelier.com or commission our miniature painting and 3D printing services.

We process your data in accordance with Regulation (EU) 2016/679 ("GDPR") and the Polish Personal Data Protection Act (Ustawa o ochronie danych osobowych of May 10, 2018).

1. Data Controller

The data controller is VoidAtelier, based in Poland. For any question regarding the processing of your personal data, write to us at hello@voidatelier.com.

2. What data we collect

Data you provide directly

  • Contact and commission form: name, email, phone (optional), project description.
  • Account registration: email, name, hashed password (bcrypt, never stored in plaintext), phone (optional).
  • Uploaded files: STL/3D files and reference images you attach to commissions.

Data collected automatically

  • Technical data: IP address (hashed for abuse prevention), browser type, referring URL.
  • Usage analytics: only if you accept the "Analytics" cookie category. Powered by Vercel Analytics (aggregated, cookieless).
  • Consent record: we store a hashed fingerprint of your cookie consent for audit purposes.

3. Legal basis for processing

  • Art. 6(1)(b) GDPR — contract performance: handling commissions you request.
  • Art. 6(1)(c) GDPR — legal obligation: invoicing, tax records (5 years under Polish law).
  • Art. 6(1)(a) GDPR — consent: analytics, marketing cookies, newsletter (if applicable).
  • Art. 6(1)(f) GDPR — legitimate interest: fraud prevention, network security, rate limiting.

4. How long we keep your data

  • Commission enquiries without order: up to 12 months, then deleted.
  • Active orders and related messages: duration of service + 5 years (tax/accounting).
  • Customer accounts: until you delete the account; inactive accounts are purged after 24 months of inactivity.
  • Consent logs: 3 years, for regulatory audit trail.
  • Server logs with IP hashes: 90 days.

5. Who we share your data with

We do not sell your data. We share it only with service processors necessary to run the site:

  • Vercel Inc. — hosting, serverless functions, Blob storage (EU/US). Standard Contractual Clauses in place.
  • Neon Inc. — PostgreSQL database (EU region).
  • Upstash Inc. — rate limiting store (EU region), optional.
  • Payment / accounting providers — only for paid commissions, limited to what the invoice requires.

Some of these processors are based in the United States. In that case, transfers are secured by EU Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework.

6. Your rights under GDPR

You have the right to:

  • Access your personal data (Art. 15).
  • Rectify inaccurate or incomplete data (Art. 16).
  • Erasure — "the right to be forgotten" (Art. 17).
  • Restriction of processing (Art. 18).
  • Portability — receive your data in a machine-readable format (Art. 20).
  • Object to processing based on legitimate interest (Art. 21).
  • Withdraw consent at any time, without affecting lawful processing done before withdrawal.
  • Lodge a complaint with the Polish data protection authority (Prezes UODO, uodo.gov.pl) or the supervisory authority in your EU country of residence.

To exercise any of these rights, email hello@voidatelier.com. We respond within 30 days.

7. Security

We apply reasonable technical and organizational measures: HTTPS everywhere, bcrypt-hashed passwords, HMAC-signed session tokens, HTTP-only cookies, server-side input validation (Zod), and rate limiting on sensitive endpoints.

8. Minors

The site is not directed to children under 16. We do not knowingly collect data from minors. If you believe a minor has submitted data, contact us and we will delete it.

9. Changes to this Policy

We may update this Policy to reflect legal or operational changes. Material changes will be highlighted on the homepage for at least 14 days. The "last updated" date at the top always reflects the current version.

10. Contact

VoidAtelier
Email: hello@voidatelier.com