1. Scope

This policy governs all personal data handled by InAir Studio LLC ("InAir," "we," "us," or "our"), whether collected online through our websites, applications, and marketing channels, or offline through consulting engagements, workshops, and other professional services delivered at client sites or via secure transfer.

2. Data We Collect

We collect data solely for specified, explicit purposes and never request more than is necessary.

3. Legal Bases for Processing

We rely on one or more of the following bases, as appropriate:

• Consent — e.g., newsletter sign‑ups.
• Contractual necessity — delivering a Statement of Work or managed service.
• Legitimate interests — securing our platform, preventing fraud, and improving performance, balanced against your rights.
• Legal obligation — compliance with applicable law, subpoenas, or regulatory requests.

4. How We Use Personal Data

• Fulfil & support contracts — deploy, configure, and maintain no‑code/low‑code solutions.
• Operate & secure our websites — analytics, debugging, threat detection.
• Improve our offerings — aggregated insights, product road‑mapping.
• Marketing (opt‑in only) — send thought‑leadership, event invites, and product updates.

5. Offline Data Handling & Client Confidential Information

• Collection — We receive offline data only through secure channels agreed in writing (e.g., encrypted drive, private SFTP, on‑site hand‑off).
• Segregated storage — Offline data is ingested into an encrypted, access‑controlled repository distinct from our general SaaS environment; physical copies are stored in locked cabinets within our Austin, TX office.
• Role‑based access — Access is granted on a least‑privilege basis and logged.
• Retention & return — Unless your Master Services Agreement specifies otherwise, offline client data is returned or securely destroyed within 30 days of project completion. Certificates of destruction are available upon request.
• Third‑party processors — When an engagement requires us to load your data into a platform such as Airtable, we do so under your direction and subject to that platform’s privacy terms (https://www.airtable.com/company/privacy).

6. Cookies & Similar Technologies

We use first‑ and third‑party cookies to keep the site functional, measure performance, and personalize content.
You can manage cookies in your browser; essential cookies may be required for core functions.

7. Disclosures & International Transfers

We do not sell personal data. We disclose it only to:

• Sub‑processors that provide hosting, analytics, support, or security, each bound by a Data Processing Agreement.
• Advisers & auditors under confidentiality.
• Authorities when legally required.
• Where data is transferred outside your jurisdiction, we rely on Standard Contractual Clauses or an equivalent safeguard.

8. Your Privacy Rights

Depending on where you reside, you may have rights to:

• Confirm whether we process your data.
• Access and port a copy.
• Correct inaccuracies.
• Delete data.
• Opt‑out of targeted advertising, profiling, or the sale/sharing of data.
• Limit use of sensitive data.
  
  

8.1  Texas Residents (TDPSA)

Effective 1 July 2024, the Texas Data Privacy & Security Act grants Texas residents all rights above and allows designation of an authorized agent. Requests are answered within 45 days. (texasattorneygeneral.gov)

8.2  California Residents (CCPA/CPRA)

You have additional rights to limit the use of sensitive information and to opt‑out of automated decision‑making. (privacy.ca.gov)

8.3  EEA, UK & Swiss Residents (GDPR/UK‑GDPR)

You also have the right to object to processing and to lodge a complaint with your supervisory authority.

9. Data Security

We maintain an ISO 27001‑aligned security program featuring:

• AES‑256 encryption in transit & at rest;
• Multi‑factor authentication & rotating secrets;
• Continuous vulnerability scanning & annual penetration tests;
• Employee security awareness training;
• Physical access controls for our Texas facility and any co‑location sites.
  

10. Data Retention

We retain personal data only as long as necessary to fulfil the purposes outlined in this policy or to comply with legal obligations. Specific contractual retention periods supersede this default.

11. Children’s Privacy

Our services are not directed to children under 16. We do not knowingly collect data from children. If we discover such data, we delete it promptly.

12. Changes to This Policy

Material changes will be posted here and, where appropriate, notified via email or website banner. The "Last updated" date reflects the most recent revision.

13. Contact

InAir
9442 Capital of Texas Highway North,Plaza 1, Suite 500, Austin, TX 78759.
📧 privacy@inair.studio
📞 +17373025613

By engaging with InAir, you acknowledge that you have read and understood this Privacy & Data Protection Policy and agree to the practices described herein.