Legal

Privacy Policy

Last updated April 2026. We wrote this policy ourselves, in plain English, because the templated version most studios use describes a business they don't run. This describes what we actually do.

The short version

When you book a call or email us, we receive the information you choose to share — usually a name, an email, and some context about your situation. We use it to respond to you and prepare for our conversation. We don't sell it. We don't share it with marketers. We don't track you across the internet. If you want to know more about what we collect or want us to delete something, email hello@cauldronstudio.com.

The longer version follows.

Who we are

This policy applies to cauldronstudio.com, operated by Cauldron Studio LLC, a New York limited liability company. References to "we," "us," and "our" mean Cauldron Studio LLC. References to "you" mean any visitor to this website or person who contacts us through it.

What we collect

We collect information in three ways: when you contact us directly, when you use our booking system, and through standard web analytics.

When you contact us

If you email us at any of our published addresses (hello@cauldronstudio.com, contact@cauldronstudio.com, etc.), we receive whatever you choose to include in that email. Typically: your name, your email address, a description of your business or the situation you're writing about. We receive this information through Google Workspace, our email provider.

When you book a call

Our booking page uses Cal.com, a scheduling service. When you book a time, Cal.com collects the information you provide on the booking form (name, email, optional notes about your situation) and shares it with us. Cal.com may also store your booking history with us for the purpose of preventing duplicate bookings and supporting future scheduling.

Cal.com has its own privacy policy, available at cal.com/privacy. We selected Cal.com in part because of their stated privacy posture, but you should review their policy yourself if it concerns you.

Standard web analytics

We use privacy-respecting analytics to understand how the site is used in aggregate — how many people visit, which pages they read, how they arrived. We do not use Google Analytics. We do not use cookies for analytics. We do not track individuals across visits or across other sites.

The specific analytics tool we use is noted in our cookies disclosure below.

Information we don't collect

We don't collect: payment information (we invoice clients separately, never through this website); precise location data; biometric data; information about your visits to other websites; demographic information beyond what you choose to share; or any "special category" personal data under GDPR.

How we use the information

We use the information you share with us for these specific purposes:

  • To respond to you. If you email us or book a call, we use your contact information to respond and prepare for the conversation.
  • To deliver services to you, if you become a client. If you hire us, we use your business information to deliver the engagement you've signed for. The terms of that engagement are governed by the Master Services Agreement and Statement of Work we sign with you separately.
  • To improve our work and our writing. Anonymized patterns from conversations we have with operators inform our Field Studies and other writing. We never share specific client information in this writing without explicit permission, and our Field Studies are explicitly composite — drawn from patterns observed across multiple engagements rather than reproducing any single client's situation.
  • To understand site usage in aggregate. Web analytics help us see which writing resonates and where the site needs improvement.

We do not use your information for advertising, marketing automation, lead scoring, retargeting, or sale to third parties. We have never done these things and don't plan to.

Who we share information with

We share information only with the service providers we use to operate the studio. Specifically:

  • Google Workspace — our email provider. Your emails to us are stored in Gmail.
  • Cal.com — our scheduling provider. Booking information is stored on their platform.
  • Cloudflare — our DNS and CDN provider. Standard request data (IP addresses, request paths) passes through their network as part of normal site delivery.
  • Vercel — our website host. Standard hosting telemetry.
  • Our analytics provider (privacy-respecting; named in the Cookies section below).

Each of these providers has its own privacy practices. We've chosen them in part for their stated privacy posture. We don't share information with marketing platforms, ad networks, data brokers, or third parties not directly involved in operating the site or studio.

We may disclose information if required by law (a subpoena, court order, or other legal process). We will notify you of such a request unless legally prohibited from doing so.

Cookies and tracking

This site uses a small number of cookies, all of which fall into the category of "strictly necessary" or "functional":

  • Cloudflare's essential security cookies (such as __cf_bm, __cflb) — used to distinguish humans from bots and to load-balance traffic. These do not track you across sites.
  • Cal.com cookies — set only if you actually open the booking widget. Used to preserve booking state during the scheduling flow.

We do not use advertising cookies, tracking pixels, or third-party analytics that profile visitors. If we ever change this — for example, if we add a new tool that requires consent — we will update this policy and add a cookie consent banner before the change takes effect.

How long we keep information

We keep different categories of information for different periods:

  • Email correspondence: Indefinitely, unless you ask us to delete it. Our email is searchable history we use to maintain context across conversations.
  • Booking records: Cal.com retains booking history per its own retention policy.
  • Aggregated analytics: Indefinitely, in aggregate form that doesn't identify individuals.
  • Client engagement records: For seven years after the engagement ends, for legal, tax, and reference purposes. Specifics are governed by our Master Services Agreement with each client.

You can ask us to delete information at any time (see "Your rights," below).

Your rights

Depending on where you live, you may have specific legal rights regarding your personal data. We honor these rights regardless of where you live, on the principle that privacy rights shouldn't depend on jurisdiction.

You can:

  • Ask what we have. Email hello@cauldronstudio.com and we'll send you the personal data we hold about you.
  • Ask us to correct it. If something is inaccurate, tell us and we'll fix it.
  • Ask us to delete it. Email and ask. We'll do it within 30 days, retaining only what we're legally required to keep (such as financial records for clients).
  • Ask us to stop processing it. Particularly relevant if you've changed your mind about our using anonymized patterns from conversations.
  • Object to specific uses. Tell us what you object to and why. We'll honor reasonable objections.
  • Request data portability. If you want your data in a structured format to take elsewhere, we'll provide it.

If you're in the EU, EEA, UK, or California (or any other jurisdiction with comparable laws), the rights above are not granted by us — they're already yours. We follow them because it's the right thing to do.

To exercise any of these rights, email hello@cauldronstudio.com. We'll respond within 30 days.

Children's privacy

This site is not directed at children under 13. We don't knowingly collect personal information from children. If you believe we've inadvertently collected information from a child, please email us and we'll delete it.

Where data is processed

Cauldron Studio is based in the United States. Our service providers (listed above) operate primarily in the US, with some international infrastructure (Cloudflare's CDN is global, for example). If you're outside the US, your information may be transferred to and processed in the US. We rely on the standard contractual clauses and other appropriate safeguards required for international data transfers.

Security

We take reasonable measures to protect the information we hold. This includes: two-factor authentication on all critical accounts, encrypted connections (HTTPS) for all site traffic, password managers for credential management, and limiting access to client data to people who need it for their work.

No system is perfectly secure. If we ever experience a data breach affecting your information, we'll notify you within 72 hours of becoming aware of it, as required by law and as is right.

Changes to this policy

We may update this policy from time to time. When we do, we'll update the "Last updated" date at the top. Significant changes — particularly any change that broadens what we collect or how we use it — will be announced separately, either by email to active clients or via a notice on the site.

This policy is versioned in our website's source code repository. If you ever want to see what's changed historically, the git history is the canonical record.

Contact

For privacy questions, requests, or concerns:

hello@cauldronstudio.com

By postal mail:

Cauldron Studio LLC
New York

(Specific street address available on request. We don't publish it to reduce spam.)