Privacy Policy

Effective date: April 26, 2026

1. Introduction

This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you visit our website digitalkitty.studio (the "Site") or otherwise interact with us. This Policy is issued in accordance with Regulation (EU) 2016/679 (the "GDPR"), Portuguese Law No. 58/2019 of 8 August (which implements the GDPR in Portugal), and other applicable EU and Portuguese data protection legislation.

If you do not agree with this Policy, please do not use the Site.

2. Data Controller

The Data Controller responsible for the processing of personal data is:

  • Denis Kosolapov, trabalhador independente in Portugal
  • NIF: 323 689 051
  • Address: Rua Dr. Manuel de Arriaga, 1, 2.º D, 2780-132 Oeiras, Portugal
  • Phone: +351 936 918 302
  • Email: hello@digitalkitty.studio
  • Website: digitalkitty.studio

3. Data Protection Contact

For questions about personal data or this Policy, contact us at hello@digitalkitty.studio.

4. Personal Data We Process

We process the following categories of personal data:

  • Identification and contact data, provided voluntarily: name, organisation name and position, email address, phone number, messenger handles (Telegram, WhatsApp, LinkedIn), country.
  • Communication data: content of inquiries, emails, calls, meeting notes, contracts, and project documentation.
  • Billing and transaction data: invoice details, billing address, VAT number (for B2B clients), payment method information (we do not store full card numbers — these are handled by payment processors).
  • Technical and analytics data, collected when visiting the Site: pageviews, device and browser category, approximate country, and Core Web Vitals (LCP, INP, CLS, FCP, and TTFB). Our current analytics configuration does not use cookies or identify individual visitors.

We do not process special categories of personal data within the meaning of Article 9 of the GDPR (data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation).

5. Purposes and Legal Bases for Processing

We process personal data for the following purposes, on the following legal bases under Article 6(1) of the GDPR:

PurposeLegal basis
Responding to inquiries and providing requested informationArt. 6(1)(b) — steps prior to entering into a contract at the data subject's request
Performing service agreements with clients (development, CRM implementation, consulting, support)Art. 6(1)(b) — performance of a contract
Issuing invoices and complying with Portuguese tax, accounting, and SAF-T reporting obligationsArt. 6(1)(c) — compliance with a legal obligation
Site analytics and performance improvementArt. 6(1)(f) — legitimate interest of the Controller in operating and improving the Site
Establishing, exercising, or defending legal claimsArt. 6(1)(f) — legitimate interest
Preventing fraud and ensuring information securityArt. 6(1)(f) — legitimate interest

Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

6. Source of Personal Data

We collect personal data primarily directly from you, when you:

  • submit forms on the Site;
  • contact us by email, phone, or messenger;
  • enter into a service agreement with us;

In limited cases we may collect personal data from public sources (LinkedIn, company websites, business directories) for B2B outreach activities, in compliance with Article 14 of the GDPR.

7. Recipients of Personal Data

The Site and our enquiry and payment workflows use the following confirmed services:

  • Vercel — website hosting and delivery.
  • Google Workspace — email and business communication.
  • Attio — Contact form enquiry and relationship management.
  • Umami Cloud — aggregate website analytics and Core Web Vitals.
  • Revolut Pro — payment services where used for a client transaction.

We may also disclose information to professional advisers or public authorities where reasonably necessary or legally required.

8. International Transfers

Vercel, Google Workspace, Attio, Umami Cloud or Revolut Pro may process data outside Portugal or the European Economic Area, depending on their service configuration. Such processing is subject to the provider's applicable terms and data-protection arrangements and to applicable data-protection law. Contact hello@digitalkitty.studio if you need more information about a particular service used for your data.

9. Retention Periods

We retain personal data only for as long as it is needed for the relevant purpose:

  • enquiry data is kept for the time needed to respond, discuss a potential project and protect legitimate interests;
  • client and project information is kept while needed to provide services, manage the relationship and address contractual or legal matters;
  • invoice and accounting records are kept for the mandatory period under applicable Portuguese law;
  • analytics retention follows the actual Umami configuration in use.

When data is no longer needed, we delete or anonymise it where reasonably possible, subject to legal obligations.

10. Data Subject Rights

Under Articles 15–22 of the GDPR, you have the following rights:

  • Right of access (Art. 15) — to obtain confirmation of whether we process your personal data, and a copy of that data.
  • Right to rectification (Art. 16) — to correct inaccurate or incomplete data.
  • Right to erasure (Art. 17, "right to be forgotten") — to request deletion of your data, subject to legal retention obligations.
  • Right to restriction of processing (Art. 18) — in certain circumstances.
  • Right to data portability (Art. 20) — to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller.
  • Right to object (Art. 21) — to processing based on legitimate interest, including direct marketing.
  • Right not to be subject to automated decision-making (Art. 22) — we do not engage in automated decision-making producing legal effects on you.
  • Right to withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, contact us at hello@digitalkitty.studio. We will respond within one month, as required by Article 12(3) of the GDPR. This period may be extended by up to two further months for complex requests, in which case we will inform you within the first month.

Right to lodge a complaint with a supervisory authority: If you believe our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the Portuguese supervisory authority — Comissão Nacional de Proteção de Dados (CNPD), Av. D. Carlos I, 134, 1.º, 1200-651 Lisbon, Portugal — www.cnpd.pt. You may also lodge a complaint with the supervisory authority of your habitual residence in the EU.

11. Website Analytics

We use Umami Cloud to understand aggregate Site usage and performance. It records pageviews, broad device and browser categories, approximate country, selected non-personal sales events, and Core Web Vitals (LCP, INP, CLS, FCP, and TTFB).

The current Umami configuration does not use cookies, local-storage identifiers, session replay, heatmaps, or user identification. We do not send Contact form content, names, email addresses, company details, workflow descriptions, phone numbers, or messenger identifiers to Umami.

Contact form information is processed separately through Attio so that we can respond to the enquiry. It is not included in analytics event payloads. Because the current analytics configuration does not store information on the visitor's device, we do not show an analytics cookie banner.

12. Provision of Personal Data — Statutory or Contractual Requirement

Provision of personal data via the Site is generally voluntary. However, certain data is necessary to enter into and perform a service agreement (e.g., name, billing details, VAT number for B2B invoicing). Failure to provide such data may prevent us from concluding or performing the agreement.

13. Security

The Site uses HTTPS, and access to enquiry and business information is limited to the people and services that need it for the purposes described in this Policy. No internet service can be guaranteed to be completely secure. If you have a security or privacy concern, contact hello@digitalkitty.studio.

14. Children

The Site is intended for business users and is not directed at children under 16. We do not knowingly process personal data of minors. If you believe a minor has provided personal data, please contact us so we can delete it.

15. Changes to This Policy

We may update this Policy. The current version is published at digitalkitty.studio/privacy-policy with the effective date at the top. Material changes will be notified via the Site and, where appropriate, by email.

16. Contact Information

For any questions or to exercise your rights under this Policy: