Understand Our Privacy Policy at Soulscribed & Co

Last updated: 14 June 2025

Soulscribed & Co. (“Soulscribed,” “we,” “our,” or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy (“Policy”) explains how we collect, use, disclose, and safeguard information when you visit soulscribed.co (including any sub‑domains, the “Site”), purchase digital products, or engage us for design and consulting services (collectively, the “Services”).

1. Who We Are

Data Controller: Soulscribed & Co.
Email: privacy@soulscribed.co

For purposes of the EU General Data Protection Regulation (“GDPR”), UK GDPR, and other applicable privacy laws, Soulscribed is the controller of the personal data we process.

2. Information We Collect

Category

Identification Data

Contact Data

Payment Data . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . .

Project Data

Marketing Data

Technical & Usage Data

Examples

Name, business name, postal address, VAT/Tax ID

Email, phone, social‑media handle

Last four digits of card, billing address (processed via Stripe/PayPal; we never store full card numbers)

Brand briefs, logos, website credentials, design files

Email‑newsletter preferences, survey responses

IP address, browser type, device ID, pages visited, cookies

Recipient

Cloud hosting & email providers (e.g., Google Workspace)

Payment processors (e.g. Stripe, PayPal, Squarespace)

Project tools (Notion, Canva, Squarespace project management) . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . .

Analytics & marketing platforms (Google Analytics, Flodesk)

Professional advisors & auditors

Authorities

Legal Basis* (GDPR)

Contract, Legitimate Interest

Contract, Legitimate Interest

Contract, Legal Obligation . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . .

Contract

Consent

Legitimate Interest, Consent (cookies)

3. How We Use Your Information

  1. Service Delivery – to create proposals, design assets, websites, or digital products you request.

  2. Payment Processing – to collect and manage invoices, refunds, or chargebacks.

  3. Account & Project Management – to schedule meetings, send proofs, and provide support.

  4. Marketing – to send newsletters or promotions when you opt‑in (you may unsubscribe anytime).

  5. Analytics – to monitor Site performance, enhance user experience, and detect fraud.

  6. Legal Compliance – to satisfy tax, accounting, or regulatory obligations.

4. Cookies & Similar Technologies

We use cookies, pixels, and local‑storage objects to:

  • remember your preferences;

  • analyze traffic via tools such as Google Analytics;

  • enable secure checkout through Stripe or PayPal.

Cookie choices: You can accept or reject non‑essential cookies via our banner or by adjusting browser settings. Essential cookies (e.g., to keep you logged in) cannot be disabled.

5. Disclosure of Your Information

We never sell personal data. We share it only with:

Purpose

File storage, communications

Secure transactions

Collaborative design & project management

Site analytics, email campaigns . . . . . . . . . .. . . . . . . . . . . . . . . . . . . .

Accounting, legal, compliance

Where required by law or court order

Safeguard

EU Standard Contractual Clauses (SCCs)

PCI‑DSS compliant

Data‑processing addenda. . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . .

IP anonymization, opt‑out mechanisms . . . . . . . . . .. . . . . . . . . . . . . . . . . . . .

Confidentiality obligations

Limited to the scope requested

6. International Transfers

Your data may be transferred outside the European Economic Area (EEA). When we do, we rely on:

  • Adequacy decisions (Art. 45 GDPR);

  • Standard Contractual Clauses (Art. 46 GDPR); or

  • Your explicit consent.

7. Data Retention

  • Client Project Files: Stored for 5 years after final delivery, then deleted or archived.

  • Accounting Records: 10 years, as required by Serbian tax law.

  • Email Marketing Lists: Until you unsubscribe or 3 years after last interaction.

  • Cookies: 30 seconds to 24 months, depending on type.

8. Your Rights

Under GDPR/UK GDPR (and, where applicable, CCPA/CPRA for California residents) you have the right to:

  • Access a copy of your personal data;

  • Rectify inaccurate data;

  • Erase data (“right to be forgotten”);

  • Restrict or object to processing;

  • Data portability;

  • Withdraw consent at any time;

  • Lodge a complaint with your supervisory authority (e.g., the Serbian Commissioner for Information of Public Importance and Personal Data Protection or your local EU authority).

Exercising rights: Email privacy@soulscribed.co. We may verify your identity before fulfilling requests.

9. Children’s Privacy

The Site and Services are not directed to children under 16. We do not knowingly collect data from minors. If you believe we have, contact us for deletion.

10. Data Security

We employ:

  • TLS encryption for data in transit;

  • ISO‑27001‑certified cloud providers;

  • Role‑based access controls;

  • Regular backups and password‑management protocols.

No system is 100 % secure, but we strive to protect your data using industry best practices.

11. Links to Third‑Party Sites

Our Site may contain links to external websites. We are not responsible for their privacy practices. Review their policies before providing personal data.

12. Changes to This Policy

We may update this Policy periodically. Material changes will be announced via email or banner, and the “Last updated” date will be revised. Continued use of the Site after changes signifies acceptance.

13. Contact Us

Questions about this Privacy Policy? Email alexandra@soulscribed.co or write to:

Soulscribed & Co.
Attn: Data Protection Officer
P.O. Box 4978
23000 Zrenjanin, Republic of Serbia

Thank you for trusting Soulscribed & Co. with your information.