How we handle your information.

Publikable is a small multidisciplinary design studio based in Totnes, Devon, United Kingdom. For the purposes of UK GDPR and the EU GDPR, Publikable is the data controller for personal data collected through this website.

You can reach us at studio@publikable.com for any privacy question, request, or concern.

The only personal data we deliberately collect is what you give us:

• Inquiry form. Your name, your email address, and the answers you give about your project (free text, plus your selection between the AI-assisted and single-text-box flows).

Like every website hosted on the public internet, our infrastructure provider also processes a small amount of technical data — your IP address, browser user-agent, and timestamps — to deliver pages and protect against abuse. We don’t use this data for tracking or advertising.

We do not set any cookies on this site, and we do not run ad pixels or social-media trackers. Our hosting provider (Vercel) may set short-lived technical cookies for security and load-balancing.

We do use two cookieless products from Vercel — Web Analytics (aggregate page-view counts) and Speed Insights (Core Web Vitals from real visits). Both run without writing anything to your device: a daily-rotating salt is hashed with your IP and user-agent so we can count unique visits without identifying you, and metrics are sent over sendBeacon. We don’t combine this data with anything else, and we don’t use it for advertising or profiling. You can suppress it with any standard content blocker (uBlock Origin, Privacy Badger), by disabling JavaScript, or by using a browser that sends Global Privacy Control.

Under UK GDPR Art. 6, every use of your personal data needs a lawful basis. Ours are:

• To reply to your inquiry — basis: consent (Art. 6(1)(a)). You give it by submitting the form. You can withdraw it at any time by emailing us; withdrawal doesn’t affect processing already done.
• To suggest the next inquiry question (AI flow only) — basis: consent. You opt into this when you choose “Ask me a few questions.” If you pick the single text box instead, your project description is never sent to an AI service.
• To keep the site running and secure — basis: legitimate interests (Art. 6(1)(f)) in delivering the site and protecting it from attack. You can object to this at any time.
• To understand aggregate traffic and page performance (Vercel Web Analytics, Speed Insights) — basis: legitimate interests (Art. 6(1)(f)) in measuring whether the site works well, balanced against the low impact of cookieless, non-profiling telemetry. You can object at any time.

We use a small number of third-party services as data processors. Each one acts only on our instructions, under a written agreement.

We do not sell your data, and we do not share it with anyone for marketing or advertising. We will only disclose it where the law requires us to.

Our processors above are based in the United States. Where we transfer personal data outside the UK or EEA, we rely on the European Commission’s Standard Contractual Clauses (or the UK International Data Transfer Addendum), and where applicable the EU–US Data Privacy Framework.

We retain inquiry submissions (name, email, and your answers) for up to 24 months after the last contact with you, then delete them. If we go on to work together, the relevant correspondence becomes part of the project file and is kept for the life of the engagement plus six years for accounting and legal purposes.

Server logs held by Vercel are kept for a short period in line with their retention policy (typically days to weeks), and are not used by us for any other purpose.

Our inquiry form offers an optional AI-assisted flow that uses Anthropic’s Claude (model: claude-sonnet-4-6) to decide a thoughtful next question to ask. When (and only when) you opt into that flow, your project answers — never your name or email — are sent to Anthropic’s API.

You always see when an AI is involved before you opt in (per EU AI Act, Art. 50). You can switch to a single text box at any time. We do not use AI to make automated decisions with legal or similarly significant effects on you (UK GDPR Art. 22).

You have the right, free of charge, to ask us to:

• Access the personal data we hold about you.
• Correct anything that’s inaccurate or incomplete.
• Delete your data (“right to be forgotten”).
• Restrict or object to our processing.
• Port your data to another service in a common format.
• Withdraw consent at any time, where we rely on consent.

To exercise any of these, email studio@publikable.com. We aim to respond within 30 days.

You also have the right to complain to a supervisory authority. In the UK that is the Information Commissioner’s Office — ico.org.uk. In the EU it is your local Data Protection Authority.

Inquiry traffic is sent over HTTPS. Our Anthropic and Resend keys live only on the server and never reach the browser. We keep the surface area small on purpose: no analytics, no third-party scripts beyond webfonts, and no advertising trackers.

The site is intended for adults considering a professional engagement. We don’t knowingly collect personal data from anyone under 13 in the UK / 16 in the EU. If you believe we have, write to us and we will delete it.

We’ll update this page when our practices change. The date at the top always reflects the latest revision. Material changes that affect how we use your existing data will be communicated by email where reasonable.