Privacy

Website Data and Analytics

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). Our website uses a custom, cookieless analytics system to collect anonymous, aggregate data about how visitors interact with our site. This helps us improve user experience and site performance without tracking individuals or requiring consent banners.

What Data Do We Collect?

We collect only technical, non-personal information through server-side processing:

  • Pageviews and Events: URLs visited, referrer sources, and interaction events (e.g., clicks on links, form submissions, scroll depth, time spent on pages).
  • Device and Browser Info: Anonymized user-agent strings (e.g., browser type, operating system) and hashed IP addresses (using SHA-256 for one-way encryption—no IP addresses are stored in readable form).
  • Session Data (if enabled): A random, temporary session ID generated client-side (stored only in browser memory during the session) to group events from the same browsing session. This expires when you close your browser and is not linked to any personal identifiers.

No personal data is collected, including names, emails, locations, or any identifiable information. We do not use cookies, tracking pixels, fingerprinting, or third-party scripts.

How Do We Use This Data?

The data is used solely for internal analytics purposes:

  • Analyzing website traffic, popular pages, and user engagement.
  • Identifying technical issues (e.g., via error events) to improve site reliability.
  • Measuring the effectiveness of content and features (e.g., conversion rates on calls-to-action).

All data is aggregated (e.g., total unique visitors per month) and cannot be used to profile or target individuals.

Figma Plugin Data and Analytics

Our Figma plugin, Pinner, also uses a custom, privacy-focused analytics system to help us improve its features and performance. This system is designed to be anonymous and collects only the data necessary to understand how the plugin is used.

What Data Does the Plugin Collect?

We collect the following anonymous information from the plugin:

  • Anonymous User ID: To distinguish between unique users without storing personal data, we create an anonymous identifier. If you are logged into Figma, we use a one-way SHA-256 hash of your Figma user ID. This creates a persistent anonymous ID without revealing your actual Figma ID. If you are not logged in, a random UUID is generated and stored locally.
  • Events: We track interaction events within the plugin, such as 'plugin_started', 'api_call', or 'user_converted'. These events help us understand feature usage.
  • Event Details: For some events, we may include non-personal details. For example, for an 'api_call' event, we log the endpoint that was called. We never send personally identifiable information (PII) or any content from your Figma files in these details.
  • Plugin Version: We collect the version of the plugin you are using to help diagnose issues and track updates.

No personal data from your Figma account or your designs is ever collected, stored, or transmitted.

How Do We Use This Plugin Data?

This anonymous data is used exclusively for internal purposes to enhance the plugin:

  • Understanding which features are most popular to guide future development.
  • Identifying and fixing bugs or errors.
  • Monitoring the number of users who upgrade to a paid plan for financial reconciliation and business planning.

Legal Basis for Processing

Under GDPR Article 6(1)(f), we process this data based on our legitimate interest in optimizing our website and providing a better user experience. This processing is necessary for our business operations and does not override your privacy rights. If you object, you can use browser tools to block requests to our analytics endpoint (see "Your Rights" below).

Data Retention

Data is retained for a maximum of 30 days, after which it is automatically deleted via server-side pruning. This short retention period minimizes risk and ensures compliance with data minimization principles (GDPR Article 5(1)(e)).

Data Sharing and Security

We do not share, sell, or transfer this data to third parties. All processing occurs on our secure servers (hosted in the EU/US with encryption). Access is limited to authorized personnel for analytics purposes only. We implement technical safeguards, including hashing, rate limiting, and regular security audits, to protect against unauthorized access.

Your Rights Under GDPR

As an EU resident (or if GDPR applies to you), you have the following rights regarding this data:

  • Right to Access: Request a copy of any data we hold about you (though, due to anonymization, this is unlikely to contain personal details).
  • Right to Erasure: Request deletion of any data (we can delete based on hashed IP if provided).
  • Right to Object: Object to processing for legitimate interests (we will stop if your objection outweighs our needs).
  • Right to Restriction: Limit processing in certain cases.
  • Data Portability: Request data in a machine-readable format (if applicable).

To exercise these rights or if you have questions, contact us at support@azolla.studio. We will respond within 30 days. If you're in the EU, you can also lodge a complaint with your local data protection authority.

How to Opt Out

If you prefer not to contribute to our analytics:

  • Use browser extensions like uBlock Origin to block requests to our analytics subdomain (e.g., analytics.yoursite.com).
  • Clear your browser's local storage if session tracking is enabled (this only affects future sessions).

California Consumer Privacy Act (CCPA) Compliance

If you are a California resident, the CCPA provides additional rights regarding your personal information. Our analytics system is designed to be privacy-first, collecting only anonymous, aggregate data. We do not collect, retain, or sell personal information that can be used to identify you. Below, we explain how CCPA rights apply to our practices.

Categories of Personal Information Collected

We collect the following categories of information (as defined by CCPA), but all data is immediately anonymized:

  • Identifiers: IP addresses are hashed (SHA-256) upon collection and not stored in readable form. For the plugin, Figma user IDs are similarly hashed. Session IDs are random and temporary.
  • Internet or Other Electronic Network Activity Information: Aggregated event data (e.g., pageviews, clicks, plugin actions) without linking to individuals.

No personal data is retained that could be associated with you.

Purposes of Collection and Use

Data is used only for aggregate analytics to improve our site and plugin.

Your Rights Under CCPA

  • Right to Know: As detailed above, we collect minimal, anonymized data. No personal profiles are created.
  • Right to Delete: Since we do not retain identifiable personal information, there is no data to delete. If you request deletion, we can confirm that no such data exists.
  • Right to Opt-Out: We do not sell personal information, so no opt-out is required. If you wish to avoid contributing to analytics, use the opt-out methods below.
  • Right to Non-Discrimination: We do not discriminate against users who exercise CCPA rights.

To exercise any rights, contact us at support@azolla.studio. We will respond within 45 days. You can also designate an authorized agent to make requests on your behalf.

Other Privacy Laws

If you are located in other jurisdictions, additional privacy laws may apply:

  • Canada (PIPEDA): We comply with the Personal Information Protection and Electronic Documents Act. You have rights to access, correct, or withdraw consent for your data.
  • Brazil (LGPD): Under the Lei Geral de Proteção de Dados, you have rights to confirm data processing, access, correct, anonymize, block, or delete your data.
  • Singapore (PDPA): We adhere to the Personal Data Protection Act, including consent requirements and data minimization.
  • Other Regions: If applicable, we follow local laws (e.g., Australia's Privacy Act). Contact us for region-specific details.

For all laws, our practices (anonymous collection, short retention, no sharing) ensure compliance. If you have questions, reach out.

Copyright Notice:

Images of pins shown on this website are retrieved from Pinterest via their official API for demonstration purposes only. We respect intellectual property rights and do not endorse or claim ownership of any content. Users are responsible for ensuring their use complies with applicable laws. If you believe your work is infringed, please contact us or Pinterest directly. Contact us at support@azolla.studio

This policy was last updated on December 17, 2025. We may update it occasionally—check back for changes.