Privacy Policy
How Radar AI Studio collects, uses, shares, retains, and protects your personal data when you visit radaraistudio.com or engage our services. We respect the Macau SAR Personal Data Protection Act (Law No. 8/2005) and treat your data accordingly.
§ 01Who we are
"We", "us", and "our" refer to Radar AI Studio, a Macau/Macao-based digital and AI studio.
Macau / Macao
Privacy contact: info@radaraistudio.com
General enquiries: info@radaraistudio.com
For the purposes of the Macau SAR Personal Data Protection Act (Law No. 8/2005), Radar AI Studio is the data controller for the personal data we collect through this website and from prospective clients. Where we process personal data on behalf of a Client under a signed Statement of Work, Radar AI Studio acts as data processor and the Client is the data controller; that relationship is governed by our Terms and Conditions and any Data Processing Addendum.
§ 02Scope of this policy
This Privacy Policy applies to:
- Visitors of radaraistudio.com (including the Traditional Chinese version at radaraistudio.com/zh-hant);
- Prospective clients who submit enquiries through our contact forms, by email, or by phone;
- Clients and authorised users of any Radar AI Studio service.
This Policy does not cover:
- Third-party websites or services we link to from our site (they have their own policies);
- Personal data processed under a client engagement — that processing is governed by the relevant Statement of Work and Data Processing Addendum.
§ 03Information we collect
We minimise what we collect. We split what we receive into three buckets: what you give us, what we collect automatically, and what we collect during a project engagement.
3.1 What you give us (contact form & email)
When you submit our contact form on radaraistudio.com or send us an email, we receive:
| Field | Why we ask |
|---|---|
| Name | To address you correctly. |
| To reply to your enquiry. Also used as the reply-to address so we can receive a response. | |
| Business name | Optional. To understand your context before our reply. |
| Phone number | Optional. Only used if you ask us to call you. |
| Business type, project type, budget, business stage, demo type | Optional. Helps us route your enquiry to the right person and prepare a relevant reply. |
| Preferred contact method & preferred day | Optional. So we reach you the way you prefer. |
| Main problem / what you need built, fixed, or improved | Required. This is the substance of your enquiry. |
| Locale | We detect en or zh-Hant from the page you submitted the form on, to send the auto-reply in the right language. |
We collect only the fields above. Our contact form contains a hidden anti-spam field ("website") that, if filled in by a bot, tells our server to silently discard the submission without storing it.
3.2 What we collect automatically (server logs & CDNs)
When you visit our site, the following infrastructure providers automatically process technical information needed to deliver the page and protect the site:
- IP address — used by our edge network and CDN to route your request and protect against abuse.
- User-agent — identifies the browser and operating system so the page renders correctly.
- Referrer — the page that linked you here (when present).
- Requested URL, response code, response size, and timestamp.
We do not use any first-party analytics on this site (no Google Analytics, Meta Pixel, Plausible, Fathom, or Vercel Web Analytics). The only cookies that may be set during a normal visit come from our infrastructure providers and are described in §11.
3.3 What we collect during a project engagement
When you become a Client under a signed Statement of Work, we additionally process:
- Client Materials, brand assets, source files, and any other content you give us to deliver the project;
- Inputs that you (or we, on your instruction) submit to an AI Model in the course of AI Services, including any personal data those Inputs contain;
- Invoices, payment records, and the correspondence needed to operate the engagement.
Project data is governed by our Terms and Conditions and any Data Processing Addendum, which take precedence over this Policy for the duration of the engagement.
§ 04How we use your information
We use personal data only for the purposes described below.
| Purpose | Data used |
|---|---|
| Respond to your enquiry | Contact-form fields |
| Send an automatic acknowledgement of your enquiry | Name, email, your message |
| Prepare and send a quote or proposal | Contact-form fields plus any follow-up correspondence |
| Operate the website and keep it secure | Server logs, IP, user-agent |
| Defend against abuse (bots, scraping, DDoS) | IP, request metadata, browser signals |
| Manage the client relationship, deliver services, and handle billing | Project data, invoices, correspondence |
| Comply with legal, tax, and accounting obligations | Invoices, payment records, and records required by Macau law |
We do not use your data for automated decision-making that produces legal effects or similarly significant effects on you. We do not sell your personal data, and we do not share it with advertising networks.
§ 05Legal basis (Macau PDPA)
Under the Macau SAR Personal Data Protection Act (Law No. 8/2005), we rely on the following legal bases:
- Consent — when you submit a contact form or send us an email, you give us consent to process the data you provide for the purposes stated in §4. You may withdraw consent at any time (see §10).
- Performance of a contract — to deliver services under a signed Statement of Work.
- Legitimate interests — to operate and secure this website, defend against abuse, and keep basic business records. We balance these interests against your privacy and apply reasonable minimisation.
- Legal obligation — to comply with tax, accounting, and other statutory record-keeping obligations under Macau law.
§ 06How we share your information
We do not sell your personal data. We share it only with the parties below, only as needed to provide our services, and only under written agreements that require appropriate safeguards.
6.1 Service providers (sub-processors)
| Provider | Role & data handled | Location |
|---|---|---|
| Resend, Inc. | Sends the inbound enquiry email to us and the automatic acknowledgement to you. Processes contact-form fields during transit. | United States |
| Vercel Inc. | Hosts the website and runs the contact-form API. Processes server logs, contact-form submissions in memory, and outbound API calls to Resend. | United States (with global edge) |
| Cloudflare, Inc. | Provides DNS, CDN, and DDoS / bot protection. Processes IP, request metadata, and may set the cookies described in §11. | Global (anycast) |
| Google LLC | Provides the web fonts we link to. Processes your IP and user-agent when the font CSS and font files load in your browser. We do not send personal data to Google Fonts. | United States |
AI sub-processors. When a Statement of Work includes AI Services, AI providers (e.g. OpenAI, Anthropic, Google, Mistral) receive Inputs you supply (or that we supply on your instruction) and return AI Outputs to us. Those providers act as sub-processors for that specific engagement; they are listed in the Third Party Services schedule of our Terms and may be substituted as described in §10.4 of the Terms. We do not use your Inputs or Outputs to train any general-purpose AI Model without your written consent (see Terms §10.6).
6.2 Other parties
- Professional advisers. Auditors, lawyers, and accountants under confidentiality duties.
- Payment processors. If we invoice you online, the payment processor handles payment data under its own terms.
- Regulators, courts, and law enforcement. Where we are legally required to disclose information, or to defend a legal claim.
- Successors in business. If we sell, merge, or restructure, we may transfer personal data to the acquirer under the same protections described here.
6.3 What we never do
- We do not sell your personal data.
- We do not share your data with advertising networks.
- We do not allow third parties to use your data for their own purposes.
§ 07International transfers
We are based in the Macau SAR, but several of the service providers listed in §6 are located in other jurisdictions, including the United States. Accordingly, your data may be transferred to and processed in:
- The Macau SAR (our headquarters);
- The United States (Vercel, Resend, Google Fonts);
- Other jurisdictions where our sub-processors operate edge points of presence (Cloudflare).
Where your data leaves the Macau SAR, we rely on the safeguards described in §9 and the contractual commitments of our sub-processors. By using our website or engaging our services, you acknowledge that your data may be transferred outside the Macau SAR in this way.
§ 08How long we keep your information
We keep personal data only for as long as we need it for the purpose it was collected, then we delete or anonymise it. The specific retention windows we currently apply are:
| Category | Retention period | Reason |
|---|---|---|
| Contact-form enquiries that don't become a project | 12 months from your last interaction | To follow up on late replies and improve our service |
| Client project data (deliverables, files, communications) | Per the Statement of Work, then deleted within 30 days after termination, unless you request it earlier (see Terms §23) | Performance of contract and reasonable re-engagement buffer |
| Invoices and payment records | Minimum 5 years from the date of issue, or longer where required by Macau tax law | Legal and tax obligations |
| Server logs (IP, user-agent, request metadata) | Up to 30 days, as set by our hosting provider's default | Security, debugging, and abuse defence |
| Correspondence related to legal claims or disputes | Until the matter is finally resolved, plus the statutory limitation period under Macau law | Defence of legal claims |
At the end of the retention period we delete or irreversibly anonymise the data. Anonymised data may be retained indefinitely for statistical purposes.
§ 09Security
We implement reasonable technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. These measures include:
- HTTPS (TLS 1.2+) for all traffic between your browser and our servers;
- Environment-variable storage of API keys and database credentials — never committed to source control;
- Least-privilege access to production systems;
- Regular patching of dependencies and the underlying platform;
- Spam and bot filtering at the form and edge layer.
No security measures are perfect. Where we transfer personal data to a sub-processor, we require that sub-processor to maintain comparable protections under our written agreement.
If we become aware of a security incident that materially affects your personal data, we will notify you without undue delay, in accordance with our Terms §14.
§ 10Your rights
Subject to the Macau SAR Personal Data Protection Act, you have the right to:
- Access the personal data we hold about you;
- Correct inaccurate or incomplete data;
- Delete data that we are not required to keep by law;
- Restrict or object to certain processing (for example, where you have withdrawn consent);
- Withdraw consent at any time, where processing is based on consent;
- Receive a copy of your data in a portable, commonly used format, where technically feasible;
- Lodge a complaint with the Office for Personal Data Protection (Gabinete para a Protecção de Dados Pessoais, GPDP) if you believe we have breached the PDPA.
If you are based outside the Macau SAR, you may have additional rights under your local law (for example the GDPR, UK GDPR, or LGPD). We honour substantively equivalent requests regardless of where you reside.
§ 11Cookies and similar technologies
We do not set any first-party cookies on this website.
Our own JavaScript does not use cookies,
localStorage, or sessionStorage.
11.1 Cookies that may be set by our infrastructure providers
When you load any page on radaraistudio.com, your request is routed through our DNS, CDN, and bot-protection providers. These services may set their own strictly functional cookies. We do not control these cookies; their purpose is to operate and protect the site.
| Provider | Cookie (typical) | Purpose | Duration |
|---|---|---|---|
| Cloudflare | __cf_bm |
Distinguishes bots from humans. | 30 minutes from set |
| Cloudflare | cf_clearance |
Stores clearance after a security challenge is passed. | Up to 30 days |
| Vercel | Various session tokens | Routing, caching, and request integrity. | Per request |
You can clear or block these cookies in your browser at any time without affecting your ability to use the site. The only practical consequence is that bot-detection may show you a challenge more often.
11.2 Browser controls
You can set your browser to block all cookies, accept only first-party cookies, or notify you before a cookie is set. Most modern browsers also support a "Do Not Track" or "Global Privacy Control" signal; we honour these to the extent required by applicable law.
§ 12Children's privacy
Our website and services are not directed to children under the age of 14. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact info@radaraistudio.com and we will delete it as soon as possible.
§ 13Third-party links
Our website may link to third-party websites we do not control (for example, demo sites built for clients, or a provider's marketing page). When you follow a third-party link, you leave our site and the privacy practices of that third party apply. We encourage you to read the privacy notice of every site you visit.
§ 14Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Effective" date at the top of this page, and, where the change is material, we will notify active clients by email. The previous version is available on request — email info@radaraistudio.com.
§ 15Contact us
For any privacy question, complaint, or rights request, contact our privacy team:
Macau / Macao
Email: info@radaraistudio.com
General enquiries: info@radaraistudio.com
If you are not satisfied with our response and you are based in the Macau SAR, you may lodge a complaint with the Gabinete para a Protecção de Dados Pessoais (Office for Personal Data Protection, GPDP) at gpdp.gov.mo.
Related
Terms and Conditions —
the agreement that governs the services we provide to you.
繁體中文私隱政策 —
Traditional Chinese version of this Privacy Policy.