legal

Privacy Policy

Last updated 2026-05-02. Short, honest, and not padded by the page.

Studio doesn't sell your data. We don't share it. Here's exactly what we collect, why we collect it, and the controls you have over it.

What we collect

What we don't collect

Where it lives

Cloudflare D1 (SQLite-compatible) for primary data, Cloudflare R2 for assets. Both are scoped per workspace. Backups are encrypted at rest. The specific edge region depends on your location.

Multi-tenancy

Every row in our database carries a workspace_id. Every query filters by it. We have automated tests that verify cross-tenant queries return zero rows. This is the core data isolation guarantee.

Bring your own key

When you generate content, Studio sends your prompt to the AI provider you configured, using your stored key. That request is also subject to your provider's privacy terms. We never use your key for anyone else's workspace, and you can rotate or remove it anytime in Settings.

Your rights

Third parties we use

Cookies

We use cookies for session, brand selection, and onboarding state. Functional only; no advertising trackers.

Contact

Privacy questions: privacy@studioapp.io. Data deletion request: same address with subject "DELETE".