Legal

Privacy Policy

Last updated: 1 June 2026

This Privacy Policy explains how Miracle Development Studio (“we”, “us”, the “studio”) collects, uses, and protects personal data when you contact us or work with us. We are a small, remote software development team based in the European Union. We keep this policy plain and short on purpose, because a privacy policy you cannot read does not protect anyone.

We act as the data controller for the personal data described below. Our handling of personal data is governed by the EU General Data Protection Regulation (GDPR).

1. Data we collect

We only collect what we need to talk to you and deliver your project:

  • Contact details. Your name or username and the contact information you give us, such as a Discord handle or email address, when you reach out.
  • Project information. The brief, requirements, and any materials you share with us during an engagement so we can scope and build your project.
  • Server logs. Basic technical data such as IP address and browser user-agent, recorded automatically by our hosting infrastructure and retained for a maximum of 30 days.

2. Why we process it, and our legal basis

  • To deliver your project. We process your contact and project data to communicate with you, prepare quotes, and carry out the work. Legal basis: performance of a contract, Article 6(1)(b) GDPR.
  • To keep our services secure. We process short-lived server logs to operate, secure, and debug our website. Legal basis: our legitimate interests, Article 6(1)(f) GDPR.

3. Cookies and tracking

We use only strictly necessary cookies required for the website to function. We do not use Google Analytics, the Facebook Pixel, advertising networks, or any cross-site tracking or fingerprinting. Because we set no non-essential cookies, there is nothing to opt into or out of beyond your browser settings.

4. Sharing and sub-processors

We never sell your data, and we never share it with third parties for marketing. We share data only with the service providers we rely on to operate, and only as far as needed:

  • Our hosting provider, which stores the website and its server logs.
  • Payment processors (PayPal and cryptocurrency networks) when you pay for a project. Data you submit to them is also governed by their own privacy policies.

5. International transfers

We keep personal data within the EU and EEA wherever possible. Where a provider processes data outside the EEA, we rely on the European Commission’s Standard Contractual Clauses, or an equivalent legal safeguard, to protect it.

6. How long we keep it

We retain project data for the duration of the engagement plus 12 months, so we can support follow-up requests and meet our records obligations. Contact data is deleted on request. Server logs are kept for a maximum of 30 days. We do not hold personal data longer than we need it.

7. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected (rectification);
  • have your data erased;
  • restrict how we process your data;
  • receive your data in a portable format (portability);
  • object to processing based on our legitimate interests.

To exercise any of these, contact us on Discord. We respond within 30 days.

8. Complaints

If you believe we have mishandled your personal data, you have the right to lodge a complaint with the data protection supervisory authority in your EU or EEA member state. We would appreciate the chance to resolve your concern first, so please consider reaching out to us before you do.

9. Changes to this policy

We update this policy when our practices change. Material changes are announced on this website, and the “last updated” date above always reflects the current version.

10. Contact

Questions about this policy, or about your data? Reach us on Discord.