Privacy Policy
How Nolly Studio collects, uses, and protects information when you visit the site, book a call, or work with us.
Effective July 14, 2026
This Privacy Policy explains how Nolly Studio (“we,” “us,” or “our”), operated by Jordan Gilliam, handles information when you visit https://www.nolly.studio, contact us, book a scope call, or engage us for services. We keep this short and specific to how the studio actually operates.
Who we are
Nolly Studio is an AI-native product studio. The data controller for personal information described here is Jordan Gilliam doing business as Nolly Studio.
Contact: dev@nolly.studio. Location: North Carolina, United States. We work with clients remotely worldwide.
Information we collect
We collect only what we need to run the site, respond to inquiries, and deliver engagements.
- Contact details you send us — name, email address, company, and the content of messages you email or DM us.
- Booking details when you schedule a scope call through Cal.com (or a similar scheduling tool), including your name, email, timezone, and any notes you provide.
- Engagement information if we work together — project requirements, credentials you choose to share, invoices, and contract details — under a separate proposal or agreement.
- Usage data collected automatically — pages viewed, approximate location derived from IP, browser/device type, referrer, and timestamps. On production we use Vercel Analytics for aggregate traffic insights.
- Technical logs from our hosting provider (Vercel) that may include IP address and request metadata for security and reliability.
We do not run an account system on this website. We do not intentionally collect sensitive categories of personal data (for example health, biometric, or government ID data) through the marketing site.
How we use information
We use personal information to:
- Respond to inquiries and run scope calls.
- Prepare proposals, deliver services, and communicate during an engagement.
- Send transactional messages related to scheduling, invoices, or project work (not a marketing newsletter unless you opt in later).
- Understand how the site is used so we can improve content, performance, and conversion paths.
- Protect the site against abuse, spam, and security incidents.
- Comply with legal obligations and enforce our Terms.
Legal bases (EEA/UK visitors)
If you are in the European Economic Area or United Kingdom, we process personal data under one or more of: performance of a contract or steps prior to contract (inquiries and engagements); legitimate interests (securing and improving the site, responding to business inquiries); consent where required (for example certain non-essential cookies if we add them later); and legal obligation when applicable.
Cookies and similar technologies
The marketing site is designed to work with minimal tracking. Vercel Analytics is configured for privacy-oriented, aggregate measurement and does not use advertising cookies to build cross-site profiles for us.
Your browser may still send standard technical data to our host. Third-party tools you open from our site — for example Cal.com when you book, or social/profile links — set and read their own cookies under their policies. We do not control those cookies.
You can block or delete cookies in your browser settings. Blocking essential or third-party booking cookies may break scheduling flows.
Sharing and processors
We do not sell personal information. We share data only with service providers that help us operate, and only as needed:
- Vercel — hosting, delivery, and analytics for this website.
- Cal.com — scheduling for scope calls (subject to Cal.com’s privacy policy).
- Email and messaging providers — to receive and send communications.
- Payment or invoicing tools — if we bill you under an engagement (disclosed in the proposal).
- Professional advisors or authorities — when required by law or to protect rights and safety.
If we engage subcontractors on a client project, we will share only what is necessary to perform the work and under confidentiality obligations appropriate to the engagement.
International transfers
We are based in the United States. If you contact us from elsewhere, your information will be processed in the U.S. and potentially in other countries where our processors operate. Where required, we rely on appropriate transfer mechanisms provided by those processors.
Retention
Inquiry and booking records: kept as long as needed to respond and for a reasonable follow-up period, then deleted or archived unless a longer retention is required for an active or completed engagement, accounting, or legal reasons.
Engagement files: retained for the life of the project and a commercially reasonable period afterward (typically aligned with warranty, tax, and dispute windows stated in the proposal).
Analytics and logs: retained according to our host/analytics defaults, generally in aggregate or short-lived form.
Your rights
Depending on where you live, you may have rights to access, correct, delete, or export personal information; object to or restrict certain processing; and withdraw consent where processing is consent-based. California residents may have additional rights under the CCPA/CPRA, including the right to know, delete, and correct personal information, and to opt out of “sale” or “sharing” as those terms are defined by law. We do not sell personal information, and we do not share it for cross-context behavioral advertising.
To exercise a privacy right, email dev@nolly.studio with “Privacy request” in the subject. We may need to verify your identity before acting. You may also lodge a complaint with your local supervisory authority if applicable.
Children
This site and our services are directed at businesses and professionals. We do not knowingly collect personal information from children under 16. If you believe we have, contact us and we will delete it.
Security
We use reputable hosting, HTTPS, and access practices appropriate for a small studio. No method of transmission or storage is perfectly secure. Please use unique credentials and share secrets through agreed secure channels during engagements.
Third-party links and products
Our site links to projects and products we build or recommend (for example Cult UI, AI SDK Agents, newcopy). Those properties and any third-party sites have their own privacy practices. This policy applies only to nolly.studio unless we say otherwise.
Changes
We may update this policy as the studio, tools, or laws change. We will revise the “Last updated” date at the top of this page. Continued use of the site after changes means you acknowledge the updated policy. For material changes that affect an active client engagement, we will notify the client contact on file when practical.
Contact
Privacy questions: dev@nolly.studio. Postal inquiries can be requested by email; we will provide a mailing address for formal notices when needed.
This page describes Nolly Studio’s practices and engagement terms for transparency. It is not individualized legal advice.