Privacy Policy: Caipora Studio Newsletter

Last updated: July 6th, 2026

1. Who is responsible (Controller)

The party responsible for processing your data in connection with this newsletter ("Controller" under Art. 4(7) GDPR) is:

Jonas Silva Queiroga, trading as Caipora Studio Rennbahnstr. 22, 13086, Berlin Germany Email: [email protected]

I have not appointed a Data Protection Officer, as I am not legally required to do so (§ 38 BDSG).

2. Scope

This policy explains how your personal data is handled when you subscribe to and receive the Caipora Studio newsletter (development updates, demo and launch announcements, and related news). It does not cover any other processing.

3. What data I process

When you sign up, I process:

  • Your email address (required — without it I cannot send the newsletter).

  • Technical confirmation data: the date, time, and IP address of your sign-up and of your confirmation click. This is stored to document that you validly consented (Art. 7(1) GDPR).

  • Interaction data from the newsletter itself — see Section 7.

4. Purpose and legal basis

Your data is processed solely to send you the newsletter you requested.

The legal basis is your consent under Art. 6(1)(a) GDPR. Logging the confirmation data described above is additionally based on my obligation to demonstrate consent and on my legitimate interest in defending against unfounded claims (Art. 6(1)(f) GDPR).

Providing your data is voluntary. If you do not provide it, you simply will not receive the newsletter; there is no other consequence.

5. Double opt-in

Sign-up uses a double opt-in procedure. After you enter your email address, I send a confirmation email containing a link. Your address is only added to the list once you click that link. If you do not confirm, the pending entry is automatically deleted after 30 days.

6. Email service provider (Processor)

The newsletter is sent using MailerLite, MailerLite Limited, an Irish registered company at 88 Harcourt Street, Dublin 2, D02 DK18, Ireland, if the Customer's billing address on the applicable Order Form is located in the EEA, UK or Switzerland. The Provider processes your data on my behalf as a processor under Art. 28 GDPR, on the basis of a data processing agreement I have concluded with them. Your data is stored on the Provider's servers for the purpose of sending and analysing the newsletter.

The Provider processes your data on servers within the European Union / EEA. No transfer to a third country takes place.

7. Success measurement (open and click tracking)

The newsletter contains a small tracking pixel and encoded links that allow me to see whether and when an email was opened and which links were clicked. This helps me understand what content is useful and improve future issues. This analysis is based on your consent (Art. 6(1)(a) GDPR), which also covers the access to information on your device required for this measurement (§ 25(1) TDDDG). You consent to this tracking as part of subscribing; you can withdraw it at any time by unsubscribing (Section 9).

8. How long data is stored

Your data is stored for as long as you remain subscribed. When you unsubscribe, your address is removed from the active list without undue delay.

Records documenting your consent and unsubscription may be retained for up to [3 years] afterwards, solely to demonstrate that the newsletter was sent lawfully, before being deleted.

9. Your rights

You can withdraw your consent at any time, with effect for the future (Art. 7(3) GDPR). The simplest way is the unsubscribe link at the bottom of every newsletter; you may also email me at [email protected]. Withdrawal does not affect the lawfulness of processing carried out before it.

Under the GDPR you also have the right to:

  • access your data (Art. 15),

  • rectification of inaccurate data (Art. 16),

  • erasure (Art. 17),

  • restriction of processing (Art. 18),

  • data portability (Art. 20), and

  • object to processing (Art. 21).

To exercise any of these, contact me using the details in Section 1.

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The authority responsible for me is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI) Alt-Moabit 59–61, 10555 Berlin

You may also contact the supervisory authority in your own EU country of residence.

10. Data security

My Provider and I use appropriate technical and organisational measures — including TLS-encrypted transmission — to protect your data against unauthorised access, loss, or misuse.

11. No automated decision-making

Your data is not used for automated decision-making or profiling within the meaning of Art. 22 GDPR.

12. Changes to this policy

I may update this policy to reflect changes in the newsletter or in legal requirements. The current version is always the one published at this location, marked with the "Last updated" date above.