Privacy Policy

1. Who We Are

Axis + Flow is a design and planning studio operating in the United States (California, United States) and G. For the purposes of GDPR, we act as the Data Controller for personal data collected through this website.

Data Controller Contact:

Axis + Flow  |  contact@axisandflow.design

2. What Data We Collect

We collect the following categories of personal data:

a) Data You Provide Directly

  • Name and email address (via contact form or newsletter signup)

  • Project details and messages submitted through inquiry forms

  • Business name and location (for client intake purposes)

b) Data Collected Automatically

  • IP address and general location data

  • Browser type, device type, and operating system

  • Pages visited, time on site, and referring URLs

  • Cookie identifiers (see Cookie Policy below)

3. Legal Bases for Processing (GDPR)

We process your personal data under the following legal bases:

  • Legitimate Interests: To respond to inquiries and improve our website

  • Consent: For newsletter subscriptions and non-essential cookies

  • Contractual Necessity: To fulfill services agreed upon with clients

  • Legal Obligation: Where required by applicable law

You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

4. How We Use Your Data

We use collected data to:

  • Respond to inquiries and manage client communications

  • Send newsletters or studio updates (only with your consent)

  • Improve website performance and user experience

  • Comply with legal and regulatory obligations

  • Protect the security and integrity of our website

We do not sell your personal data. We do not use your data for automated decision-making or profiling.

5. Data Sharing and Third Parties

We may share data with the following service providers, only to the extent necessary to operate our business:

  • Squarespace, Inc. – Website hosting and form processing (US-based, Privacy Shield/SCCs)

  • Squarespace, Inc – Newsletter delivery (US-based, SCCs where applicable)

  • Google Analytics – Website analytics (data anonymized where required)

  • Pinterest and Instagram – Embedded feeds or social links (their policies apply)

All third-party processors are required to handle data in compliance with applicable privacy laws. For transfers of EU personal data to the US, we rely on Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms.

6. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

  • Inquiry and contact data: 2 years from last contact

  • Newsletter subscriber data: Until you unsubscribe

  • Client project data: 7 years for legal and accounting purposes

  • Analytics data: 14 months (or as set by the analytics provider)

7. Your Rights Under GDPR

If you are located in the EU/EEA, you have the following rights regarding your personal data:

  • Right of Access – Request a copy of the data we hold about you

  • Right to Rectification – Request correction of inaccurate data

  • Right to Erasure – Request deletion of your data (“right to be forgotten”)

  • Right to Restriction – Request that we limit how we use your data

  • Right to Data Portability – Receive your data in a structured, machine-readable format

  • Right to Object – Object to processing based on legitimate interests

  • Right to Withdraw Consent – Withdraw consent for newsletter or cookies at any time

  • Right to Lodge a Complaint – File a complaint with your national supervisory authority

To exercise any of these rights, contact us at contact@axisandflow.design. We will respond within 30 days.

German residents may also contact the relevant German data protection authority (Datenschutzbehörde) for your state.

8. Your Rights Under CCPA (California Residents)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to Know – Know what personal data we collect, use, and share

  • Right to Delete – Request deletion of your personal data

  • Right to Opt-Out – We do not sell personal data, so no opt-out is required

  • Right to Non-Discrimination – We will not discriminate against you for exercising these rights

To submit a CCPA request, contact us at contact@axisandflow.design with the subject line "CCPA Request."

9. Cookie Policy

Our website uses cookies and similar technologies to function properly and improve your experience.

Types of Cookies We Use:

  • Essential Cookies – Required for the website to function (cannot be disabled)

  • Analytics Cookies – Help us understand site usage (e.g., Google Analytics)

  • Marketing Cookies – Used for newsletter tracking (only with consent)

On your first visit, we display a cookie consent banner. You may accept all cookies, reject non-essential cookies, or manage your preferences. You can also manage cookie settings in your browser at any time.

Note: Squarespace, our website platform, may set its own cookies. Please refer to Squarespace's Privacy Policy for details.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include SSL/TLS encryption, access controls, and regular security assessments.

While we take reasonable precautions, no method of internet transmission is 100% secure. In the event of a data breach that affects your rights and freedoms, we will notify you and relevant authorities as required by law (within 72 hours under GDPR).

11. Children's Privacy

Our website is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately at contact@axisandflow.design.

12. International Data Transfers

Axis + Flow operates in both the United States and Germany. When data is transferred between these jurisdictions, we ensure appropriate safeguards are in place including Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized mechanisms.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Updates will be posted on this page with a revised effective date. For significant changes, we will provide additional notice where required by law.

14. Contact & Data Protection Inquiries

For any privacy-related questions, data subject requests, or concerns:

Axis + Flow

Email: contact@axisandflow.design

Website: www.axisandflow.design

We aim to respond to all data-related inquiries within 30 days.

© Axis + Flow 2026  ·  All Rights Reserved

Effective Date: April 1, 2026