Legal
Privacy Policy
Last updated: May 2026
1. Who We Are
Priyansh Animations (“we”, “us”, or “our”) operates the website at https://www.priyansh.net and is the data controller responsible for your personal information.
To contact us about this policy or any privacy matter, please use the contact page or email [email protected]. We aim to respond within five working days.
2. What Data We Collect and Why
We only collect personal data that is adequate, relevant, and limited to what is necessary. The table below sets out each category of data, why we collect it, and the lawful basis we rely on under the UK GDPR / EU GDPR (Article 6).
| Data & purpose | Lawful basis |
|---|---|
| Name, email address, country — to create your account and communicate with you | Contract performance (Art. 6(1)(b)) |
| Order details, purchase history — to fulfil your order and issue receipts | Contract performance (Art. 6(1)(b)) |
| Payment information — processed by Stripe on our behalf; we never see or store full card numbers | Contract performance (Art. 6(1)(b)) |
| IP address, browser type, pages visited, access times — security, fraud prevention, and service improvement | Legitimate interests (Art. 6(1)(f)) — detecting abuse and improving reliability |
| Order-related emails (confirmations, download links, support replies) | Contract performance (Art. 6(1)(b)) |
| Marketing emails (newsletters, product announcements) — only if you opt in | Consent (Art. 6(1)(a)) — withdrawable at any time |
| Contact-form messages — to respond to your enquiry | Legitimate interests (Art. 6(1)(f)) — handling customer service |
| Financial/transaction records — to comply with tax and accounting law | Legal obligation (Art. 6(1)(c)) |
Where we rely on legitimate interests, we have carried out a balancing test and are satisfied that your interests and fundamental rights do not override those interests. You may object to any such processing — see Section 8.
3. Cookies and Tracking Technologies
We use cookies and similar technologies (pixels, local storage) to keep you signed in, remember your cart, and understand how the site is used.
Essential cookies
Required for the site to function (session authentication, cart state). These cannot be switched off. No consent is required for strictly necessary cookies.
Analytics cookies
Help us understand which pages are popular and how visitors navigate the site. These are only set with your consent via the cookie banner shown on first visit.
Your cookie choices
You can accept or reject non-essential cookies via the cookie banner. You can also change your preferences at any time through your browser settings. Note that blocking all cookies may affect sign-in and cart functionality.
4. How Long We Keep Your Data
- Order and financial records — 7 years from the date of transaction, as required by tax and accounting law.
- Account data — for as long as your account is active, plus 3 years of inactivity, then deleted unless a legal obligation requires longer retention.
- Marketing preferences and email history — until you unsubscribe or withdraw consent, after which we suppress your address so we do not email you again.
- Contact-form messages — 2 years from last correspondence, then deleted.
- Server and security logs — 90 days.
When data is no longer needed, we delete or anonymise it securely. You may request earlier deletion — see Section 8.
5. Who We Share Your Data With
We do not sell, rent, or trade your personal data. We share it only as described below.
Service providers (data processors)
We use carefully selected third-party providers who process data on our behalf under written data-processing agreements:
- Stripe — payment processing (PCI-DSS Level 1 certified)
- Cloudflare — CDN, DDoS protection, image hosting
- Amazon Web Services / SMTP provider — transactional email delivery
- Hosting provider — site infrastructure
Legal disclosure
We may disclose data to law-enforcement agencies, regulators, or courts when required by law or to defend our legal rights, prevent fraud, or enforce our agreements.
Business transfers
If we are involved in a merger, acquisition, or sale of substantially all our assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.
6. International Data Transfers
Some of our service providers are based outside the UK and European Economic Area (EEA). Where we transfer personal data to countries that do not have an adequacy decision, we rely on appropriate safeguards, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission, and where applicable the UK Addendum issued by the ICO.
- Supplementary technical and organisational measures (encryption in transit and at rest, access controls) to ensure an equivalent level of protection.
You may request a copy of the relevant safeguards by contacting us via the contact page.
7. Data Security
We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, or unauthorised disclosure. These include:
- Encrypted connections (HTTPS/TLS) on all pages
- Encryption of sensitive data at rest
- Least-privilege access controls — staff only access data needed for their role
- Regular security reviews
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and, where required, notify the relevant supervisory authority within 72 hours of becoming aware of the breach.
Please do not send sensitive information (such as passwords or payment card numbers) by email.
8. Your Rights
Depending on where you live, you have some or all of the rights listed below. To exercise any of them, use the contact page. We will respond within 30 days (extendable by a further two months for complex requests, with notice). There is no charge for most requests.
Rights under UK GDPR / EU GDPR
- Access (Art. 15) — obtain a copy of the personal data we hold about you and information about how it is used.
- Rectification (Art. 16) — ask us to correct inaccurate or incomplete data.
- Erasure / “right to be forgotten” (Art. 17) — ask us to delete your data where there is no compelling reason to continue processing it. Note: we may retain certain records to comply with legal obligations.
- Restriction (Art. 18) — ask us to pause processing of your data (e.g. while a rectification request is pending).
- Portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format, or ask us to transmit it to another controller, where technically feasible.
- Object (Art. 21) — object to processing based on legitimate interests or for direct marketing (including profiling). Where you object to direct marketing, we will stop immediately.
- Withdraw consent (Art. 7(3)) — where processing is based on consent (e.g. marketing emails), you may withdraw consent at any time by clicking the unsubscribe link in any email or contacting us. Withdrawal does not affect the lawfulness of processing before withdrawal.
- Automated decision-making (Art. 22) — we do not make solely automated decisions that produce significant legal or similarly significant effects on you.
Right to complain to a supervisory authority
You have the right to lodge a complaint with your local data protection authority at any time. You do not need to contact us first, but we encourage you to raise concerns with us so we can try to resolve them directly.
- UK residents — Information Commissioner’s Office (ICO): ico.org.uk/make-a-complaint
- EU residents — contact the supervisory authority in your EU member state. A list is available at edpb.europa.eu.
California residents (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) grants you the following additional rights:
- Right to Know — request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months, the sources, the business purpose, and the categories of third parties with whom we share it.
- Right to Delete — request deletion of personal information we have collected from you, subject to certain exceptions.
- Right to Correct — request correction of inaccurate personal information we maintain about you.
- Right to Opt-Out of Sale or Sharing — we do not sell or share your personal information for cross-context behavioural advertising and have not done so in the past 12 months.
- Right to Limit Use of Sensitive Personal Information — we do not use sensitive personal information for purposes beyond those permitted under the CPRA.
- Right to Non-Discrimination — we will not discriminate against you for exercising any CCPA rights.
To submit a verifiable consumer request, please contact us via the contact page. We will verify your identity before processing the request. You may designate an authorised agent to submit a request on your behalf.
9. Children's Privacy
This site is not directed at children. In line with the EU GDPR and UK GDPR, we do not knowingly collect personal data from anyone under the age of 16 without verifiable parental or guardian consent. If you are under 16, please do not use the site without a parent or guardian present.
In the United States, we comply with COPPA and do not knowingly collect data from children under 13.
If we discover that we have inadvertently collected data from a child below the applicable age threshold, we will delete it promptly. Please contact us if you believe we have collected data from a child.
10. Third-Party Links
This site may contain links to third-party websites. We are not responsible for the content or privacy practices of those sites. We encourage you to review their privacy policies before submitting any personal data.
11. Changes to This Policy
We may update this policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the “Last updated” date at the top of this page and, where required by law, notify you by email or prominent notice on the site.
We encourage you to review this page periodically. Your continued use of the site after changes are posted constitutes acknowledgement of the updated policy.
12. Contact and Complaints
For any questions, requests, or concerns about this Privacy Policy or how we handle your data, please contact us:
- Online form: priyansh.net/contact
- Email: [email protected]
If we are unable to resolve your concern, you have the right to escalate to your local data protection authority as described in Section 8.