Privacy Policy
Last updated: June 2026This Privacy Policy explains how Figrio Studio ("we", "us", "our") collects, uses, stores, and protects data when you visit figrio.com, interact with security protections, send us a contact inquiry, or sign up for our newsletter. Data processing is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and the EU rules on terminal equipment storage.
1. Who we are
Figrio Studio is a jewellery micro-manufacturer based in Hungary (Kaposvár, Somogy County, Hungary), operating within the European Union. We act as the data controller for the processing activities described in this notice. For any privacy-related enquiries, please contact us at: [email protected]
2. What data we collect
We collect or process the following categories:
- Email address — when you sign up for our newsletter and exclusive updates
- Name, email address, message content, and technical request/security data — when you send the contact form
- Newsletter consent status and technical request data needed to send, confirm, secure, and troubleshoot subscriptions, including Turnstile verification tokens and server security logs
- Aggregated website usage and performance data through Cloudflare Web Analytics or Cloudflare RUM. According to Cloudflare, these services do not use cookies, localStorage, or visitor personal data for analytics.
We do not use advertising, profiling, social media tracking, Google Analytics, Meta Pixel, TikTok Pixel, or similar marketing trackers.
3. Cookies, local storage and security technologies
Across figrio.com - both the marketing pages and the shop storefront at figrio.com/shop - only essential, security, or user-requested first-party browser storage is used. The shop entries below are set only when you use the storefront; the shop's account, order, and payment data processing is described in detail in the shop's own privacy notice. Each entry lists its storage type and lifetime:
| Name | Type | Category | Duration | Provider | Purpose |
|---|---|---|---|---|---|
| cf_clearance | Cookie (HttpOnly, Secure) | Strictly necessary | Cloudflare-managed (challenge passage period) | Cloudflare | Proves your browser passed Cloudflare security checks and reduces repeated bot challenges. Set by the Cloudflare Challenge Platform on the live site. |
| __cf_bm, _cfuvid, cf_chl_rc_* | Cookie | Strictly necessary | Cloudflare-managed (session / short-lived) | Cloudflare | Set only if the related bot-management, rate-limit, or challenge feature is active; used for security, diagnostics, and rate limiting. |
| figrio_privacy_notice_ack | Local storage | Functional (user-requested) | 180 days | First-party (site) | Set only after you press the notice button, so the cookie notice is not shown again. The legacy figrio_cookie_ok value is removed by the current site code. |
| Cloudflare Web Analytics / RUM | Cookie-free (no client storage) | Analytics | None | Cloudflare | Aggregated, cookie-free analytics and performance measurement. Per Cloudflare, no client-side storage or visitor personal data is used. |
| Cloudflare Turnstile | Anti-abuse token | Strictly necessary | One-time token | Cloudflare | Loaded on the newsletter and contact forms to prevent automated abuse; creates a one-time verification token and may use Cloudflare security signals. |
| figrio_locale | Cookie | Functional | 180 days | First-party (shop) | Stores your selected shop language; it does not set product currency or market pricing. |
| figrio_auth_seen | Local storage | Functional | Until cleared | First-party (shop) | Keeps the account UI stable while your sign-in status is checked. |
| figrio_cart_count | Local storage | Functional | Until cleared | First-party (shop) | Shows the cart item count without waiting for a network response. |
| figrio_cart_changed_at | Local storage | Functional | Until cleared | First-party (shop) | Signals cart changes between shop views. |
| figrio_checkout_billing | Session storage | Functional | Session (until tab close) | First-party (shop) | Holds your checkout billing details during the current session. |
| figrio_pending_coupon | Local storage | Functional | 7 days | First-party (shop) | Carries a coupon code from the account or cart into checkout. |
| figrio_wishlist_items | Local storage | Functional | Until cleared | First-party (shop) | Stores wishlist items locally before or alongside account sync. |
| figrio_market_shipping_country | Local storage | Functional | Until cleared | First-party (shop) | Remembers your selected market and shipping-country context. |
| figrio_perks_config_v1 | Local storage | Functional | 1 hour | First-party (shop) | Caches gift and perk configuration for a faster account experience. |
| figrio_turnstile_bypass | Local storage | Strictly necessary | Until cleared | First-party (shop) | A trusted-device or test helper for the anti-abuse (Turnstile) flow, used only when enabled by the environment. |
Because these technologies are essential security measures, user-requested acknowledgement storage, or cookie-free analytics, the site does not present optional marketing or analytics consent categories. If optional cookies or tracking tools are added later, they must be blocked until consent is given.
4. Why we collect your data
Your newsletter email address is collected solely for the purpose of sending you updates about new collections, exclusive offers, and studio news. Contact form data is used solely to answer your inquiry, custom order request, support request, or press message. We will not use your contact form data for newsletter or marketing purposes unless you separately sign up for those communications.
5. Legal basis for processing
We process newsletter subscriptions on the basis of freely given, specific, and informed consent (Article 6(1)(a) GDPR). We process contact form inquiries on the basis of steps requested before entering into a contract where the inquiry concerns a custom order or purchase discussion (Article 6(1)(b) GDPR), and otherwise on our legitimate interest in responding to messages and operating the studio (Article 6(1)(f) GDPR). We process essential security, anti-abuse, delivery, logging, and cookie-free analytics data on the basis of our legitimate interest in operating and securing the website (Article 6(1)(f) GDPR). Strictly necessary terminal storage is used only where needed for transmission, security, a service requested by the visitor, or a notice acknowledgement requested by the visitor. You may withdraw newsletter consent at any time; withdrawal does not affect the lawfulness of processing carried out before withdrawal.
6. How we store your data
Newsletter email addresses are stored securely in a PostgreSQL database accessed via Cloudflare Hyperdrive, with infrastructure located within the European Economic Area (EEA). Contact form messages are not stored in the website database; they are sent by email through Resend to Figrio Studio's mailbox so we can respond. Cloudflare and Resend act as service providers/data processors for the relevant infrastructure and delivery tasks. Your data is protected by industry-standard encryption in transit and, where stored by our providers, at rest.
7. How long we keep your data
We will retain your email address until the earliest of the following occurs:
- You unsubscribe or request deletion of your data
- We discontinue our newsletter service
Contact form messages are kept only as long as needed to respond and manage the inquiry, normally up to 12 months, unless a longer period is required for a resulting order, legal obligation, dispute, or fraud/security investigation.
8. Sharing your data
We do not sell, rent, or share personal data with third parties for marketing purposes. Data is accessible only to Figrio Studio and service providers needed to operate the website, contact form, email delivery, newsletter, security, and hosting infrastructure, currently including Cloudflare and Resend. Cloudflare may process security cookie data and network/security telemetry in accordance with its privacy documentation and applicable data transfer safeguards. Resend processes outbound email delivery data needed to send contact and transactional emails.
9. Your rights under GDPR
As an EU data subject, you have the following rights:
- Right to access (GDPR Article 15) — request a copy of the data we hold about you
- Right to rectification (GDPR Article 16) — request correction of inaccurate data
- Right to erasure (GDPR Article 17) — request deletion of your data at any time
- Right to restriction of processing (GDPR Article 18) — request suspension of data processing
- Right to withdraw consent (GDPR Article 7) — unsubscribe at any time without consequence
- Right to lodge a complaint (GDPR Article 77) — with the National Authority for Data Protection and Freedom of Information (NAIH, naih.hu) or the supervisory authority in your country of residence
To exercise any of these rights, please contact us at [email protected] and we will respond within 30 days (GDPR Article 12(3)).
10. Unsubscribing from newsletter
You can request removal of your email address at any time by emailing us at [email protected] with the subject line "Unsubscribe". We will delete your data within 5 business days.
11. Changes to this policy
We may update this Privacy Policy from time to time. Any changes will be reflected on this page with an updated date. In the event of significant changes, we will also notify subscribers by email. We recommend checking this page periodically.
If you have any questions about this Privacy Policy, please contact us at [email protected]