Ghost Hat Studioghosthatstudio.com ← Home
Legal

Privacy Policy

Last updated 23 June 2026

This policy explains what personal information Ghost Hat Studio collects, why we collect it, who we share it with, and the rights you have over it. We keep our data practices small on purpose. We collect what we need to answer you, deliver what you asked for, and run the site, and nothing beyond that.

01 Who we are

Ghost Hat Studio LLC (“Ghost Hat Studio”, “we”, “us”) is an AI infrastructure consultancy based in North Bend, Washington, United States. We operate the website at ghosthatstudio.com and the related domains ghosthat.studio and ghosthat.ai.

For the purposes of the EU and UK General Data Protection Regulation (GDPR), Ghost Hat Studio is the data controller for the personal information described here. You can reach us about anything in this policy at [email protected].

02 Information we collect

Information you give us

  • When you email us at [email protected]: your name, email address, and whatever you choose to put in your message.
  • When you book a call through our scheduling page: your name, email address, the time you pick, and any details you add to the booking. Scheduling is handled by Calendly on our behalf.
  • When you subscribe to our newsletter: your email address. The list is handled by Buttondown, and subscription is double opt-in, so you confirm by email before you receive anything.
  • When you call us: your call may be answered by an automated voice assistant. We may record or transcribe the call so we can respond and keep an accurate record, and we tell you this at the start of the call. We collect your phone number, the reason for your call, and what you say to us.

Information we collect automatically

  • Server and security logs. Like most websites, our host records standard technical data when you visit: IP address, browser type, the pages you request, and the date and time. This is used to serve the site, keep it secure, and diagnose problems.
  • Local storage. The site stores your light or dark theme choice in your browser so the page looks the way you left it. This stays on your device and is not sent to us.

We do not run advertising trackers, behavioural analytics, or third-party marketing pixels on the site.

03 Cookies and similar technologies

Our own pages set no tracking cookies. We use a single piece of browser local storage to remember your theme preference, which is a functional setting you control.

When you open the embedded scheduling tool to book a call, Calendly may set its own cookies to run that feature. Those cookies are governed by Calendly’s privacy notice, linked below.

04 How we use your information and our legal bases

Under the GDPR we rely on the following legal bases:

  • To respond to your enquiry and discuss working together. Legal basis: our legitimate interest in answering people who contact us, and taking steps at your request before entering a contract.
  • To send the newsletter you asked for. Legal basis: your consent, which you can withdraw at any time by unsubscribing.
  • To provide, manage, and improve our services and the site. Legal basis: performance of a contract where one exists, and otherwise our legitimate interest in running and improving our business.
  • To keep our systems and records secure and to meet legal and accounting obligations. Legal basis: our legitimate interest in security, and compliance with legal obligations.

We do not sell your personal information, and we do not use it for advertising.

05 Service providers we rely on

We use a small set of trusted providers to run the business. Each processes personal information only as needed to provide its service to us, under its own terms and data protection commitments:

06 Automated systems and AI

We build and use our own AI agents to help run the studio. They may answer the phone, sort incoming email, and draft replies for a person to review. A human stays in the loop on anything that affects you.

We do not make decisions that produce legal or similarly significant effects about you based on automated processing alone.

07 International transfers

We are based in the United States, and some of our providers are too. If you contact us from the European Economic Area, the United Kingdom, or elsewhere outside the US, your personal information will be transferred to and processed in the United States.

Where we or our providers transfer personal information out of the EEA or the UK, we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses and the equivalent UK provisions, together with the data protection commitments in our providers’ terms.

08 How long we keep it

We keep personal information only as long as we need it for the purpose we collected it, or as long as the law requires. Newsletter data is kept until you unsubscribe. Enquiry and call records are kept while there is an active conversation or relationship and for a reasonable period afterward. Records we need for legal, tax, or accounting reasons are kept for the period the law sets. When we no longer need information, we delete it or anonymise it.

09 Your rights

Depending on where you live, you have some or all of the following rights over your personal information:

  • Access a copy of the information we hold about you.
  • Correct information that is wrong or out of date.
  • Ask us to delete it.
  • Restrict or object to how we use it.
  • Receive it in a portable format, or ask us to transfer it.
  • Withdraw consent at any time, where we rely on consent.

To exercise any of these, email us at [email protected]. We will respond within the time the law allows. If you are in the EEA or the UK and you think we have mishandled your information, you have the right to complain to your local data protection authority, though we hope you will contact us first so we can put it right.

If you are a California resident, we do not sell or share your personal information as those terms are defined under California law, and you may exercise the access and deletion rights above by contacting us.

10 Security

We take reasonable technical and organisational measures to protect personal information against loss, misuse, and unauthorised access. No method of transmission or storage is perfectly secure, so we cannot promise absolute security, but we work to keep the surface small and the safeguards current.

11 Children

The site and our services are meant for businesses and the adults who run them. They are not directed to children, and we do not knowingly collect personal information from anyone under 16. If you believe a child has given us their information, contact us and we will delete it.

12 Changes to this policy

We may update this policy as our practices or the law change. When we do, we will revise the date at the top of the page. If a change is significant, we will make a reasonable effort to let affected people know.

13 Contact us

Questions, requests, or concerns about your privacy go to [email protected], or by post to Ghost Hat Studio LLC, North Bend, Washington, United States.