GDPR notice for EU residents

Aarons Zatorski is a US (California-based) digital studio. Because we serve clients in the European Union — including Poland — our processing of EU residents' personal data falls under the GDPR (Regulation 2016/679) per Article 3(2) (extraterritorial scope).

GDPR contact: hello@aaronszatorski.com.

Performance of a contract or pre-contract steps — Art. 6(1)(b) GDPR (free-preview form, active clients).

Issuing invoices / receipts and bookkeeping — legal obligation under US tax law, Art. 6(1)(c) GDPR.

Service security and monitoring — legitimate interest, Art. 6(1)(f) GDPR.

Identification (business or individual name), contact (email, optional phone), transaction (invoice or receipt number, amount), technical (IP, user-agent — server logs only, 14 days).

Form submissions: 24 months from last contact.

Active client data: duration of the engagement + 7 years (US tax and bookkeeping retention requirements for transaction records).

Server logs: 14 days.

Hosting provider (Hetzner Online GmbH, Germany / Finland) — processed within the EU.

Email provider (Brevo, France) — processed within the EU.

External bookkeeping — to the extent needed to maintain records.

AI tooling (OpenAI / OpenRouter, USA) — used during project generation. Operates within our own US infrastructure.

Some processing (our US-side infrastructure and AI tooling) takes place outside the EEA — in the United States. For those transfers we rely on the EU Standard Contractual Clauses per Commission Implementing Decision 2021/914, plus appropriate technical and organizational safeguards.

You have the right to: access, rectify, erase, restrict processing, port your data, and object to processing based on our legitimate interest.

To exercise any right, email hello@aaronszatorski.com. We respond within 7 business days at no charge.

You also have the right to lodge a complaint with your local EU supervisory authority (for example, the Polish DPA — uodo.gov.pl — for residents of Poland).

We do not make fully automated decisions about you. Our AI system generates draft websites and copy — but every project is reviewed by a human before it reaches you.

We use only functional cookies (NEXT_LOCALE for language preference, session tokens for the form). No analytics cookies, no marketing cookies. No consent banner because no personal data is collected via cookies.

Providing data is voluntary, but required to fulfill your request (preview form, contract signing, invoice issuance). Without it we cannot deliver the service.