stdio.one

Privacy Policy

Last updated: May 13, 2026

1. Introduction

Welcome to Whitekit ("we", "us", "our"), operated by stdio.one. This Privacy Policy explains how we collect, use, and protect your personal information when you use our website at whitekit.io (the "Service").

By using our Service, you agree to the collection and use of information as described in this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address — used for authentication via one-time passcode (OTP)
  • Display name — optionally provided during onboarding

2.2 Usage Data

We automatically collect:

  • Pages visited and features used
  • Favourite/bookmarked designs
  • Browser type, device type, and operating system
  • IP address (anonymized for analytics)
  • Referral source

2.3 Cookies & Local Storage

We use:

  • Session cookies — to keep you signed in
  • Local storage — to store your language preference and UI settings

We do not use third-party tracking cookies.

3. How We Use Your Information

We use collected information to:

  • Provide and maintain the Service
  • Authenticate your identity
  • Save your favourite designs
  • Improve the Service through aggregated analytics
  • Send transactional emails (e.g. sign-in codes)

We do not sell your personal data to third parties.

4. Data Storage & Security

  • Data is stored on servers within the European Union
  • Passwords are not stored — we use passwordless email OTP authentication
  • All connections are encrypted via TLS/HTTPS
  • We implement appropriate technical and organizational measures to protect your data

5. Data Sharing

We may share data with:

  • Infrastructure providers — for hosting and email delivery
  • Law enforcement — when required by applicable law

We do not share personal data with advertisers or data brokers.

6. Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Delete your account and associated data
  • Export your data in a portable format
  • Withdraw consent at any time

To exercise these rights, contact us at privacy@stdio.one.

7. Data Retention

  • Account data is retained while your account is active
  • Upon deletion, personal data is removed within 30 days
  • Anonymized analytics data may be retained indefinitely

8. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this policy from time to time. We will notify registered users of significant changes via email.

10. Contact

For privacy-related inquiries: