Last updated: August 14, 2025

This Privacy Policy explains how Theo Thompson Studio ("we," "us," or "our") collects, uses, and shares information when you visit theothompson.com and any sub‑domains, or interact with our profiles linked from the site (the "Site").

If you have questions, contact: theo@theothompson.com or 41 State Street Suite 112, Albany, NY 12207.

1) Information We Collect

We collect information in three ways:

a) You provide it to us
• Contact details you submit via forms (name, email, message).
• Newsletter sign‑ups.
• Purchases or inquiries you initiate (e.g., through Etsy or other platforms you visit from the Site).

b) Automatically from your device
• IP address, device and browser type, pages visited, timestamps, referring URLs.
• Cookies and similar technologies. See Cookies & Tracking below.

c) From service providers
• Analytics, email service providers, payment and e‑commerce platforms, form processors, hosting/CDN, and security vendors.

We do not intentionally collect sensitive personal data through this Site.

2) How We Use Information

• Provide and maintain the Site.
• Respond to inquiries and provide support.
• Send newsletters or updates if you opt in.
• Analyze Site performance and improve content.
• Protect against fraud, abuse, and misuse.
• Comply with legal obligations.

3) Cookies & Tracking

We use cookies and similar technologies to operate the Site and understand usage. Non‑essential cookies (e.g., analytics/advertising) are used only with your consent where required by law. You can change or withdraw consent at any time via [link/button to cookie settings] and through your browser controls.

If you are in the EEA/UK, non‑essential cookies are not set until you opt in.

Do Not Track / Global Privacy Control: We [select one: do not currently respond to / honor] browser "Do Not Track" signals. If you enable a Global Privacy Control (GPC) signal and we operate in a jurisdiction that recognizes it, we will treat it as an opt‑out of sale/sharing where applicable.

4) Analytics, Email, and Third‑Party Tools

We may use third‑party providers to operate the Site and communications. These may process limited personal data as our processors:

• Analytics: e.g., Google Analytics 4 to measure traffic and usage trends.
• Email: e.g., Mailchimp/ConvertKit to manage newsletters.
• Forms: e.g., Squarespace/Typeform to receive submissions.
• E‑commerce: e.g., Etsy/Shopify/Stripe/PayPal to facilitate purchases and payments (processed by the provider; we do not store card numbers).
• Hosting/CDN/Security: e.g., Squarespace to deliver and secure the Site.

Links to third‑party sites have their own privacy practices. Review their policies.

5) Legal Bases (EEA/UK visitors)

When applicable law requires a legal basis, we process personal data because:
• You gave consent (e.g., for newsletters or non‑essential cookies).
• It is necessary to perform a contract or respond to your requests.
• We have a legitimate interest in operating and improving the Site, and preventing fraud, provided your rights do not override those interests.
• We must comply with legal obligations.

You can withdraw consent at any time. This does not affect prior processing.

6) Sharing

We share information only with:
• Service providers that work on our behalf under contracts limiting their use of the data.
• Parties involved in a business transfer (e.g., merger or sale), subject to safeguards.
• Authorities or others when required by law or to protect rights, safety, or security.

We do not sell personal information for money.

7) Retention

We keep personal data only as long as needed for the purposes above, and as required by law. Typical periods:
• Inquiry and support records: up to 24 months.
• Newsletter lists: until you unsubscribe.
• Analytics data: per provider settings [e.g., 14 months].
• Transaction records: per tax and accounting requirements.

8) Your Privacy Rights

EEA/UK: You may request access, correction, deletion, restriction, portability, or object to processing. You may lodge a complaint with your local data protection authority.
California: If and when we meet the thresholds of the California Consumer Privacy Rights Act (CPRA), California residents will have rights to know, correct, delete, and opt out of certain sharing/sales of personal information. At this time we [do/do not] meet CPRA thresholds. Regardless, you may email us with requests, and we will honor them where feasible.

To exercise rights, contact [contact email]. We may need to verify your identity.

9) Children

This Site is not directed to individuals under 18, and we do not knowingly collect personal data from children.

10) Security

We use reasonable administrative, technical, and physical safeguards to protect personal data. No method of transmission or storage is 100% secure.

11) International Transfers

We may process and store information in countries other than where you live. Where required, we use lawful transfer mechanisms and safeguards.

12) Changes to This Policy

We may update this Policy from time to time. The "Last updated" date shows the latest revision. Significant changes will be noted on the Site.

13) Contact

Theo Thompson
Email: theo@theothompson.com
Postal mail: [mailing address or PO Box]

Appendix A — Our Service Providers

List the vendors you use and link to their privacy pages.

Provider Purpose Data processed Location/Transfer Policy URL Squarespace Site hosting, forms IP, device, form submissions [Country] [link] Google Analytics 4 Analytics IP (truncated), device, usage [Country] [link] Mailchimp/ConvertKit Email Email, name, engagement [Country] [link] Etsy/Stripe/PayPal Transactions Contact, order details [Country] [link] Cloudflare CDN/security IP, usage [Country] [link]

Replace placeholders in brackets and delete rows you do not use. Add any advertising pixels or social plug‑ins if applicable.