Privacy Policy
Last updated: May 6, 2026
Serene Sites (“Serene Sites,” “we,” “us,” or “our”) respects your privacy. This policy explains what information we collect when you visit www.serenesites.co (the “Site”), how we use it, who we share it with, and the rights you have over your information — including rights under the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act, as amended by the CPRA (collectively, “CCPA”).
1. Who we are
Serene Sites is a boutique web design and digital brand management studio. The controller of your personal information is Serene Sites. You can reach us at design@serenesites.co.
2. Information we collect
We collect personal information in the following ways:
Information you provide
- Contact form.When you submit our inquiry form, we collect your name, email address, and — if provided — your company, what you’re looking for, your budget, and the contents of your message. Form submissions are delivered to us by email through our email-delivery provider (see “Service providers” below).
- Email correspondence. If you contact us directly at design@serenesites.co, we keep the contents of that correspondence in order to respond and maintain business records.
- Calendar bookings. If you book a discovery call through our scheduling link, the scheduling provider collects your name, email, and any information you choose to share with the meeting.
Information collected automatically
- Server and request logs. Our hosting provider records standard technical information for every request, including IP address, user agent, referrer, requested URL, and timestamp. This is used to operate the Site and protect against abuse.
- Essential local storage.We store your cookie-consent choice in your browser’s local storage so the consent banner does not reappear on every visit. This is strictly necessary for the Site to function as you have configured it and does not require consent.
Cookies and tracking we do not currently use
The Site does not currently load analytics, advertising, or social-media tracking cookies. If we add analytics (for example, privacy-respecting traffic measurement) or other non-essential tracking in the future, those scripts will only load after you grant consent through our cookie banner, and this policy will be updated to describe them.
3. How we use your information
We use personal information to:
- respond to inquiries and provide the services you request;
- operate, secure, and improve the Site;
- maintain business and tax records;
- comply with applicable laws and enforce our terms.
4. Legal bases for processing (EU/UK visitors)
If you are in the European Economic Area or the United Kingdom, we process your personal information on the following legal bases:
- Consent— for any non-essential cookies or marketing communications you opt in to.
- Performance of a contract / pre-contract steps— to respond to your inquiry and deliver requested services.
- Legitimate interests— to keep the Site secure, prevent abuse, and operate our business.
- Legal obligation— to comply with tax, accounting, and other applicable laws.
5. Service providers
We share personal information with a limited set of service providers who process it on our behalf, under contract, and only as needed to provide the Site and our services:
- Hosting and content delivery— Vercel Inc. (United States), which hosts the Site and serves images and assets.
- Email delivery— Resend, Inc. (United States), which transmits inquiry-form submissions to our inbox as email.
- Content management— Sanity.io (Sanity AS, Norway / United States), which stores Site content. Sanity does not receive your inquiry-form data; its role is limited to delivering published content to the Site.
- Scheduling— our calendar/scheduling provider (United States), used when you book a discovery call.
- Email— our email provider, used to send and receive messages when you contact us.
We do not sell or rent personal information, and we do not share it with third parties for their own marketing purposes.
6. International transfers
Serene Sites operates from the United States, and most of our service providers are also based in the United States. If you access the Site from outside the United States, your information will be transferred to and stored in the U.S. Where required, we rely on appropriate safeguards (such as the European Commission’s Standard Contractual Clauses) for transfers from the EEA, UK, or Switzerland.
7. How long we keep information
We keep personal information only as long as we need it for the purposes described in this policy — typically:
- inquiry-form submissions and email correspondence: as long as needed to respond and maintain ordinary business records;
- client records: for the duration of the engagement and as long as needed to meet legal, tax, and accounting requirements;
- server logs: short-term retention by our hosting provider for security and diagnostics.
8. How we protect your information
We use TLS encryption for all traffic to the Site, work with reputable processors, and limit access to personal information to people who need it to do their job. No system is perfectly secure, but we work to apply commercially reasonable safeguards.
9. Your rights (GDPR / UK GDPR)
If you are in the EEA, the UK, or Switzerland, you have the right to: access your personal information; correct inaccurate information; have your information deleted; restrict or object to processing; receive a copy of your information in a portable format; and withdraw consent at any time without affecting the lawfulness of prior processing. You also have the right to lodge a complaint with your local data protection authority.
To exercise any of these rights, email design@serenesites.co. We will respond within 30 days.
10. Your rights (California / CCPA)
If you are a California resident, you have the right to:
- know what categories of personal information we collect, the sources, the purposes, and the categories of third parties we share it with;
- request access to the specific pieces of personal information we hold about you;
- request deletion of your personal information, subject to legal exceptions;
- request correction of inaccurate personal information;
- opt out of the “sale” or “sharing” of personal information — we do not sell or share personal information as those terms are defined under the CCPA;
- not be discriminated against for exercising your rights.
To exercise any of these rights, email design@serenesites.co. We may need to verify your identity before fulfilling your request. You may also designate an authorized agent to make a request on your behalf.
11. Children
The Site is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.
12. Third-party links
The Site may link to third-party websites, including portfolios of client work. Those sites are governed by their own privacy policies, and we are not responsible for their practices.
13. Changes to this policy
We may update this policy from time to time. The “Last updated” date at the top of this page reflects the most recent change. If we make material changes, we will give appropriate notice on the Site.
14. Contact us
Questions or requests about this policy or your personal information:
Serene Sites
design@serenesites.co