Privacy Policy
Last updated: June 2026
1. Who We Are
Justido Design ("we," "us," or "our") operates the justido.design marketing site for AI-native web design through two legal entities: Justido GmbH (Kurfürstendamm 37, 10719 Berlin, Germany — Handelsregister Amtsgericht Charlottenburg, HRB 250605 B, USt-IdNr. DE285976038) is the data controller for visitors and customers in the EU/EEA and DACH region. Justido LLC (251 Little Falls Drive, City of Wilmington, Delaware 19808, USA) is the data controller for visitors and customers in the United States. Full entity details are available on our Impressum. Our website is https://justido.design. General contact: office@justido.design. As a small enterprise, we are not legally required to appoint a Data Protection Officer (cf. Art. 37 GDPR, § 38 BDSG). For data-protection questions, contact us at privacy@justido.design.
2. Information We Collect
We collect information you provide directly, including your name, business name, email address, phone number, and any details you submit through our contact form or while interacting with our AI chat demo in your browser. We may also collect usage data through analytics tools (such as page views and referral sources) and conversation data when you interact with our AI chat demo.
3. Purposes and Legal Bases
We process your information for the following purposes and on the following legal bases under Art. 6(1) GDPR: operating and securing the site, including server logs (legitimate interests, Art. 6(1)(f)); responding to your inquiries, scheduling and confirming a discovery call, and taking pre-contractual steps at your request (performance of a contract or pre-contractual measures, Art. 6(1)(b), or your consent under Art. 6(1)(a) where applicable); sending appointment-related SMS messages (your consent, Art. 6(1)(a), for EU/EEA/DACH recipients, captured at the booking-form checkbox described in Section 4; a transactional / customer-care basis for US recipients); cookieless analytics (legitimate interests, Art. 6(1)(f)); and complying with our legal, accounting, and tax obligations (Art. 6(1)(c)). We do not sell your personal information to third parties.
4. SMS / Text Messaging
If you choose to receive text messages from us, you give consent by checking the dedicated SMS-consent checkbox on our discovery-call booking form. This checkbox is unticked by default, is separate from any other agreement, and is not part of the on-site AI chat demo (which never collects phone numbers). Providing your mobile number and ticking this box is optional and is not a condition of booking a call. The same opt-in is alternatively available on our dedicated SMS-updates page (justido.design/en/sms-updates) — a standalone form with the identical unticked-by-default consent checkbox and the same disclosures. If you opt in, we send transactional, customer-care messages only — appointment confirmations and reminders relating to a discovery call you booked; we do not send promotional or marketing texts. We do NOT sell or share your SMS opt-in or mobile information with third parties or affiliates for marketing or promotional purposes; your number is used solely to deliver these appointment messages and is shared only with the sub-processors that operate our booking and messaging infrastructure (GoHighLevel / LeadConnector and Twilio — see the Sub-processors page). Text-messaging originator opt-in data and consent will not be shared with any third parties. Message frequency varies with your booking activity, and message and data rates may apply. You can opt out at any time by replying STOP to any message, and reply HELP for help. For EU/EEA/DACH recipients, these messages are sent on the basis of your separately-given consent under Art. 6(1)(a) GDPR, captured at the same checkbox.
5. Cookies and Tracking
We use two strictly-necessary cookies on this site. The first is a NEXT_LOCALE functional cookie set by our internationalization framework (next-intl) to remember whether you prefer English or German. The second is a jd_currency cookie that remembers whether you chose to see prices in euros or US dollars. Both expire after one year. Storing this information on your device is strictly necessary to deliver the language- and currency-preference features you have explicitly requested, so it requires no consent under § 25(2) no. 2 TDDDG; the downstream processing of those preferences is based on Art. 6(1)(b) and (f) GDPR. For analytics we use Plausible Analytics — a privacy-friendly, cookieless, EU-hosted alternative to Google Analytics — which tracks aggregate pageviews and outbound link clicks without setting any cookies, without recording personal data, and without cross-site tracking. Plausible operates as our sub-processor on the legitimate-interest basis of Art. 6(1)(f) GDPR (operating and improving the website) and does not require a consent banner under EU guidance. The discovery-call booking calendar on our booking page is provided by GoHighLevel (LeadConnector) and is consent-gated: it does not load until you accept our cookie banner (or click to accept directly on the booking page). Your choice is stored in your browser (a jd_cookie_consent localStorage entry) so we can remember it across visits. Once the calendar loads, GoHighLevel / LeadConnector sets its own analytics cookies (for example session and page-visit tracking) and the embedded form may invoke Google reCAPTCHA (a US service) for spam protection — see the Sub-processors page for details. You can disable the language- or currency-preference cookies in your browser settings; with those disabled, we simply won't remember those choices across visits.
6. Third-Party Sub-processors
We engage third-party sub-processors to deliver this site — including hosting, AI inference for the chat demo, CRM, and analytics. Some of these providers are based outside your country of residence (primarily the United States). Where we transfer personal data internationally, we rely on appropriate safeguards, such as the EU Standard Contractual Clauses (SCCs) and equivalent mechanisms under applicable law (e.g., GDPR Art. 44 ff.). For the complete and up-to-date list — with each provider's purpose, location, and safeguard — see our Sub-processors page.
7. International Data Transfers
Some of our sub-processors are located in the United States or otherwise outside the EEA, so delivering this site can involve transferring personal data to a third country. We rely on the following safeguards for each provider: Anthropic — the EU 2021 Standard Contractual Clauses, the UK International Data Transfer Addendum, and the Swiss adaptations; Vercel — certification under the EU-US Data Privacy Framework, supplemented by the EU SCCs and the UK IDTA; GoHighLevel (LeadConnector) — self-certification under the EU-US Data Privacy Framework (including the UK Extension and the Swiss-US DPF), supplemented by the EU SCCs and the UK IDTA; Twilio — self-certification under the EU-US Data Privacy Framework (EU-US, UK Extension, and Swiss-US), supplemented by the EU 2021 SCCs, the UK IDTA, and binding corporate rules; Upstash (rate-limiting infrastructure) — the EU 2021 Standard Contractual Clauses, incorporated through the Upstash Data Processing Agreement. Plausible Analytics processes data exclusively within the European Union, so no third-country transfer takes place. The current safeguard for each provider is listed on our Sub-processors page.
8. Data Retention
We keep personal data only as long as necessary for the purpose it was collected for or as required by law. Server logs are retained for 7 days, except where a longer period is needed to investigate a specific security incident. If your inquiry or booking does not lead to a client engagement, we erase the related contact data 3 years after our last contact with you (a buffer aligned with the statutory limitation periods under §§ 195, 199 BGB). Accounting- and booking-relevant documents are retained for 8 years to meet statutory obligations (§ 147 AO, § 257 HGB — reflecting the reduction from ten to eight years that took effect in 2025). Text you type into the AI chat demo is transient and is not persisted by us beyond the live session (typically purged within about 24 hours). SMS opt-in and consent records are kept for the duration of our relationship and for 3 years afterwards, and for at least 4 to 5 years where US TCPA rules require the longer period. Plausible analytics data is aggregate, contains no personal data, and is not subject to a fixed retention limit. You may request erasure of your data at any time by contacting privacy@justido.design.
9. Your Rights
Depending on your jurisdiction, you may have rights to access, correct, delete, restrict processing of, or port your personal data, as well as the right to object to certain processing and to withdraw any consent you have previously given. Under the GDPR specifically, these rights include access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), objection (Art. 21), and withdrawal of consent (Art. 7(3)). To exercise these rights, contact us at privacy@justido.design. EEA, UK, and Swiss residents also have the right to lodge a complaint with a supervisory authority. The authority competent for Justido GmbH is the Berliner Beauftragte für Datenschutz und Informationsfreiheit, Alt-Moabit 59–61, 10555 Berlin, +49 30 13889-0, mailbox@datenschutz-berlin.de, datenschutz-berlin.de; you may also contact the supervisory authority of your habitual residence. If you are a US resident, there is no single national authority; oversight rests with the Federal Trade Commission and state attorneys general, and — depending on your state — you may have rights under laws such as the CCPA/CPRA (California), the VCDPA (Virginia), or the CPA (Colorado), including rights to know, access, delete, correct, and opt out of the sale or sharing of personal information. We honor Global Privacy Control signals where feasible.
10. AI Processing
The AI chat demo on our site uses Claude, provided by Anthropic via the Anthropic API, to generate responses to the messages you type. The demo does not ask for or collect phone numbers and is not used to capture SMS consent. Your conversation text is processed transiently to generate a reply and is not persisted by us beyond the live session. Inputs and outputs are not used to train Anthropic's foundation models under the Anthropic API terms. Please do not enter confidential, sensitive, or special-category personal data into the chat demo.
11. Security
We apply technical and organizational measures appropriate to the risk, including encryption in transit (HTTPS/TLS) and at rest with our providers, access controls and least-privilege access, request rate-limiting and bot protection on form and API endpoints (short-lived, IP-based counters processed by our sub-processor Upstash — see the Sub-processors page), sandboxing of the third-party booking embed, and routine monitoring and backups. No method of transmission or storage is completely secure, but we work to protect your data in line with current good practice.
12. Children
This site is intended for businesses and is not directed to children. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact privacy@justido.design and we will delete it.
13. Changes to This Policy
We may update this Privacy Policy periodically. The current version date appears beneath the title, and we will notify you of significant changes by posting a notice on our website. Continued use of our services after changes constitutes acceptance of the updated policy. For privacy-related questions, email us at privacy@justido.design.
14. Contact
For all data-protection matters, contact us at privacy@justido.design. The competent controller is Justido GmbH (Kurfürstendamm 37, 10719 Berlin, Germany) for visitors in the EU/EEA, the UK, Switzerland, and the DACH region, and Justido LLC (251 Little Falls Drive, Wilmington, Delaware 19808, USA) for visitors in the United States. Full provider and contact details are set out in our Impressum. For general (non-privacy) inquiries, email office@justido.design.