Privacy, Terms
& Security.
Plain language legal documents for our clients and visitors. Last updated June 2026.
What we do with your data.
Who we are
Lemio Studio is a senior product engineering studio. We design and ship custom software, AI systems, and cloud infrastructure for B2B clients. References to “Lemio Studio”, “we”, “us”, or “our” in this document refer to Lemio Studio. Our primary contact address is hello@lemiostudio.com.
What we collect and why
We collect only what we need to respond to enquiries and deliver projects. There are two contexts:
Contact form submissions. When you submit our contact form we collect your name, email address, company name, and the message you write. This information is used solely to respond to your enquiry and scope a potential engagement.
Project work. Once a project begins, additional information (access credentials, technical specifications, business data) is shared under a separate Statement of Work and treated as confidential per the terms below.
How we use your information
- To reply to your contact form message and discuss your project.
- To send you project-related communications you have requested.
- To invoice you for agreed services.
- We will never sell, rent, or share your personal data with third parties for marketing purposes.
- We will not add you to any mailing list without your explicit consent.
Third-party processors
We use a minimal set of processors to operate our business:
Each processor is contractually bound to handle data in accordance with applicable data-protection law.
Cookies and tracking
This website does not use analytics cookies, tracking pixels, or advertising trackers. We do not use Google Analytics, Meta Pixel, or similar. The only browser storage we write is what Next.js requires for performance (no persistent identifiers).
Data retention
Contact form data is retained for 12 months from receipt, or for the duration of any resulting business relationship, whichever is longer. You may request deletion at any time and we will act within 30 days.
Your rights
Under GDPR and similar frameworks you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request erasure of your data (the “right to be forgotten”).
- Restrict or object to our processing in certain circumstances.
- Receive your data in a portable format.
- Withdraw consent at any time where we rely on consent as the legal basis.
To exercise any of these rights, email hello@lemiostudio.comwith the subject line “Data request”. We respond within 30 days.
How we work together.
These terms govern all engagements between Lemio Studio and its clients. By signing a Statement of Work (SoW) or paying a deposit you accept these terms in full.
Services
Lemio Studio provides bespoke product engineering services including custom software development, AI systems, cloud infrastructure, automation, and architecture consulting. The specific deliverables, timeline, and fees for each engagement are defined in a separate SoW agreed in writing before work begins.
Proposals and agreements
- Written proposals are valid for 30 days from the date of issue.
- Work begins only after both parties have signed the SoW and the agreed deposit has been received.
- Scope changes are handled via written change orders. Out-of-scope work is quoted and approved before execution.
- Timelines stated in the SoW assume timely feedback and resource access from the client. Delays caused by the client extend timelines proportionally.
Intellectual property
Client IP. Upon receipt of full payment for a deliverable, all intellectual property rights in that specific deliverable transfer to the client.
Our IP. We retain all rights to our pre-existing tools, frameworks, libraries, methodologies, and know-how. Where generic tooling is incorporated into a deliverable we grant the client a perpetual, royalty-free licence to use it within that deliverable.
Open-source components. Deliverables may incorporate third-party open-source software. We disclose such components in the SoW and their licences apply.
Confidentiality
Both parties agree to keep confidential any non-public information received from the other party. This obligation survives the termination of any engagement. Neither party will disclose the other's confidential information to third parties without prior written consent. Client names may be used by Lemio Studio in portfolio listings unless the client requests otherwise in writing.
Payment
- Invoices are issued on milestones defined in the SoW.
- Payment terms are net-15 from invoice date unless stated otherwise.
- Overdue invoices accrue interest at 1.5 % per month.
- Work may be paused if an invoice is more than 30 days overdue.
- All fees are exclusive of VAT or applicable taxes, which the client is responsible for.
Termination
Either party may terminate with 14 days' written notice. On termination, the client pays for all work completed to date at the agreed rate, and receives all deliverables produced and paid for. Deposits for uncompleted milestones are non-refundable to cover committed capacity.
Limitation of liability
To the maximum extent permitted by law, Lemio Studio's total liability arising out of or in connection with any engagement is limited to the total fees paid by the client in the six months preceding the claim. We are not liable for indirect, consequential, or punitive damages, loss of profits, or loss of data.
We warrant that services will be performed with reasonable skill and care by qualified senior engineers. We do not warrant that deliverables will be entirely error-free, but we commit to addressing material defects within a reasonable timeframe post-launch.
Governing law
These terms are governed by the laws of Spain. Any disputes shall be resolved in the courts of competent jurisdiction in Spain, unless both parties agree to an alternative forum in writing.
How we protect your data.
Our practices
- All data in transit is encrypted via TLS 1.2 or higher.
- Access to client credentials and sensitive data is restricted on a need-to-know basis.
- We use password managers and hardware security keys for all shared accounts.
- Credentials shared for project work are stored in encrypted vaults (1Password Teams) and rotated at project close.
- We never store client secrets in source code, logs, or unencrypted documents.
Responsible disclosure
If you discover a security vulnerability on our website or in deliverables we have built, we ask that you report it to us privately before disclosing it publicly. Email hello@lemiostudio.com with the subject line “Security disclosure” and we will acknowledge within 48 hours and aim to resolve within 14 days.
We appreciate responsible security research and will credit researchers in our acknowledgements unless they prefer to remain anonymous.
Incident response
In the event of a data breach affecting client or visitor data we will notify affected parties within 72 hours of becoming aware, consistent with GDPR Article 33 obligations. Notification will include the nature of the incident, the data affected, and steps taken to contain and remediate.
If you have questions about any of these documents, reach us directly. We write clear contracts for a reason — no ambiguity.
hello@lemiostudio.com →