Privacy Policy
This Privacy Policy explains how Rewake Studio (“Rewake”, “we”, “us”, “our”) collects, uses, stores and protects personal data when you visit rewake.studio or use any related services. Please read this policy carefully.
If you have questions or want to exercise your rights, contact us at: privacy@rewake.studio
1. Who we are
The data controller for personal data collected through this website and related services is Rewake Studio. Our legal entity details and registered address will be published here as the business formalizes. In the interim, all privacy-related inquiries should be directed to: privacy@rewake.studio.
We do not have a designated Data Protection Officer at this stage. We will assess whether appointing a DPO is required as our data processing activities grow in scale and complexity.
This policy is intended to reflect our actual data practices during the current private beta phase. It will be updated as the product and our legal structure evolve.
2. What data we collect and why
We collect only the personal data that is necessary for the purposes described below.
2.1 Beta access requests
When you submit a request for early access through our beta form, we collect your email address and any information you voluntarily provide in the form (such as your name, professional context, or description of your workflow). We use this data to evaluate your application and communicate with you about access decisions.
| Data | Purpose | Legal basis (GDPR) |
|---|---|---|
| Email address | Beta access evaluation and communication | Consent (Art. 6(1)(a)) — subject to how the form is implemented at collection point |
| Name / professional context | Application review | Consent (Art. 6(1)(a)) |
| Voluntary form responses | Understanding your workflow and fit | Consent (Art. 6(1)(a)) |
2.2 Analytics and usage data
We use analytics tools to understand how visitors interact with our website. Analytics are activated only after you have given explicit consent through our cookie consent banner. Without your consent, no analytics data is collected.
Analytics tools we use include Google Analytics 4 and Microsoft Clarity. These tools may collect anonymized or pseudonymized data about your browsing behavior, device type, geographic region, and session activity. We do not use this data to identify you personally.
| Data | Purpose | Legal basis (GDPR) |
|---|---|---|
| Page views, session data | Understanding website usage | Consent (Art. 6(1)(a)) |
| Device and browser type | Technical optimization | Consent (Art. 6(1)(a)) |
| Approximate location (country/region) | Geographic analysis | Consent (Art. 6(1)(a)) |
2.3 Technical and server data
When you visit our website, our infrastructure automatically logs basic technical data including your IP address, browser type, referring URL, and pages visited. This data is retained for a short period for security and operational purposes and is not used to identify or profile you personally.
| Data | Purpose | Legal basis (GDPR) |
|---|---|---|
| IP address, access logs | Security and infrastructure monitoring | Legitimate interests (Art. 6(1)(f)) |
3. Cookies and tracking technologies
We use cookies and similar technologies on this website. You can read our full Cookies Policy at rewake.studio/cookies.
In summary: we use strictly necessary cookies for the website to function, and optional analytics cookies only with your explicit consent. We do not use advertising or tracking cookies. You can withdraw your consent at any time through our cookie settings, accessible in the footer of every page.
4. Who we share your data with
We do not sell, rent or trade your personal data to third parties.
To operate this website and its services, we use third-party providers that may process personal data on our behalf or independently under their own privacy policies. We have listed our current providers below by category. The nature of the relationship, applicable data processing terms, and geographic scope vary by provider.
| Provider | Category | Purpose | Location |
|---|---|---|---|
| Supabase | Infrastructure | Database and authentication | EU / US |
| Vercel | Infrastructure | Website hosting and deployment | US / global CDN |
| Resend | Transactional email delivery | US | |
| Tally | Form collection | Beta access form | EU |
| Google Analytics 4 | Analytics | Website usage analytics — consent-gated, not loaded without explicit consent | US |
| Microsoft Clarity | Analytics | Session behavior analytics — consent-gated, not loaded without explicit consent | US |
Each provider operates under its own terms and applicable data protection frameworks. We will update this list as our infrastructure changes. Questions about specific providers: privacy@rewake.studio.
5. International data transfers
Some of our providers are located outside the European Economic Area (EEA) or use infrastructure hosted in non-EEA countries, including the United States. Where personal data is transferred outside the EEA, we seek to ensure that appropriate safeguards are in place as required by GDPR Chapter V.
Depending on the provider, applicable safeguards may include Standard Contractual Clauses (SCCs) adopted by the European Commission, reliance on adequacy decisions, or participation in recognized transfer frameworks such as the EU-US Data Privacy Framework. The applicable mechanism varies by provider and we have not uniformly verified each provider’s current transfer basis.
If you have questions about international transfers or wish to understand the safeguards applicable to a specific provider, contact us at privacy@rewake.studio and we will do our best to provide the relevant information.
6. How long we retain your data
| Data type | Retention period |
|---|---|
| Beta access request (email and form data) | Until you request deletion, or until we conclude the beta program — we will notify you before deletion |
| Analytics data (GA4) | Up to 14 months — subject to the retention settings configured in our GA4 property |
| Analytics data (Clarity) | Up to 13 months — per Microsoft Clarity default retention |
| Server / infrastructure logs | Short-term operational retention — typically days to weeks depending on the provider |
| Email communication | For the duration of the beta relationship and a reasonable period thereafter |
We do not retain personal data longer than necessary for the purpose for which it was collected. You may request deletion at any time — see Section 7.
7. Your rights
Depending on your location and applicable law, you may have the following rights regarding your personal data. To exercise any right, contact us at privacy@rewake.studio. We will respond within the timeframe required by applicable law — typically one month under GDPR, and 45 days under CCPA/CPRA (extendable in certain circumstances). We may need to verify your identity before fulfilling a request.
| Right | What it means | Applicable under |
|---|---|---|
| Right to access | Request a copy of the personal data we hold about you | GDPR, CCPA |
| Right to rectification | Request correction of inaccurate personal data | GDPR |
| Right to erasure | Request deletion of your personal data | GDPR, CCPA |
| Right to restrict processing | Request that we limit how we use your data | GDPR |
| Right to data portability | Receive your data in a structured, machine-readable format | GDPR |
| Right to object | Object to processing based on legitimate interests | GDPR |
| Right to withdraw consent | Withdraw consent at any time without affecting prior lawful processing | GDPR, CCPA |
| Right to opt out of sale/sharing | We do not sell or share personal data — this right is not applicable | CCPA |
| Right not to be discriminated against | Exercising privacy rights will not affect your access to Rewake | CCPA |
If you are located in the EU/EEA and believe we have violated your privacy rights, you have the right to lodge a complaint with your local supervisory authority. A full list of EU data protection authorities is available at edpb.europa.eu.
If you are located in California and wish to exercise your CCPA rights, contact us at privacy@rewake.studio. We do not discriminate against users who exercise their privacy rights.
8. Data security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction or alteration. These measures include:
- Encryption of data in transit (HTTPS/TLS)
- Encryption of data at rest (Supabase infrastructure)
- Access controls limiting who can access personal data
- Database-level access controls
- Periodic review of our security practices as the product develops
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it, as required by GDPR Article 33. Where required, we will also notify affected individuals directly.
9. Children
Rewake is not directed at minors. We do not knowingly collect personal data from individuals under the minimum age required by applicable law — generally 16 in the EU, 13 in the US (with parental consent), and varying by jurisdiction elsewhere. If you believe we have inadvertently collected data from a minor, please contact us at privacy@rewake.studio and we will delete it promptly.
10. California residents (CCPA/CPRA)
This section applies specifically to residents of California. Under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- We do not sell personal information as defined under the CCPA.
- We do not share personal information for cross-context behavioral advertising.
- We do not collect sensitive personal information beyond what is described in Section 2.
- We do not use automated decision-making that produces legal or similarly significant effects.
California residents may exercise the rights listed in Section 7 by contacting us at privacy@rewake.studio. We will not discriminate against you for exercising these rights.
Because Rewake is currently in private beta with limited users and no revenue, we do not believe we currently meet the statutory thresholds that trigger mandatory CCPA/CPRA compliance obligations (annual gross revenue over $25 million, or data of 100,000 or more California residents). However, we provide these protections as a matter of policy, and will update this section if our circumstances change.
11. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically.
If you have provided us with your email address and we make material changes that affect how we use your data, we will notify you by email.
12. Contact
For any questions, concerns or requests related to this Privacy Policy or the handling of your personal data, contact us at: