Privacy Policy

    Last updated: April 27, 2026

    1. Introduction

    SkyMirage Studio("we", "us", "our") respects your privacy. This Privacy Policy explains what information we collect when you visit https://skymirage.com, why we collect it, how we use it, and the rights you have over your personal data — including your rights under the EU/UK General Data Protection Regulation (GDPR).

    For the purposes of the GDPR, the data controller is SkyMirage Studio, located in Lod, Israel. You can reach us at info@skymirage.com for any privacy-related question.

    2. Information We Collect

    We try to collect as little personal data as possible. The exact fields we store are:

    a. Information you give us directly

    • Contact form. Name, email address, subject and message body when you reach out through our contact form.
    • Job applications. Name, email, phone (optional), cover letter (optional), and CV file when you apply for a position.
    • Account data (admins only). Display name, email and a hashed password for authorized staff using our admin dashboard.

    b. Information collected automatically

    If you accept the cookie banner, we record privacy-friendly analytics about your visit. We do not store your IP address, full geolocation, or any directly-identifying identifier. Specifically, we keep:

    • Pages visited and their timestamps.
    • Referrer host (e.g. google.com) — never the full referring URL with its query string.
    • UTM campaign tags if you arrived through a tagged link.
    • User-agent string from your browser, used only to derive aggregate device, browser and OS counts.
    • Country (ISO country code only — e.g. US, DE) derived from your public IP via a third-party lookup service (api.country.is). Your IP is sent to that service for the lookup but is not stored by us. We never receive or store your city, region, or latitude/longitude.
    • Timezone (e.g. Europe/Berlin) reported by your browser, used to render hour-of-day charts in your local time.
    • Random session ID stored in your browser's session storage — used to count unique sessions for the duration of your visit. It is not linked to your identity and is discarded when you close the tab.

    3. How We Use Your Information

    • To respond to messages and inquiries you send us.
    • To evaluate and respond to job applications.
    • To understand, in aggregate, which pages are popular, where visitors come from, and how the site is performing.
    • To detect and prevent abuse and security issues.
    • To meet legal and regulatory obligations.

    We do not sell your personal data, do not use it for behavioral advertising, and do not combine it with data from other sources.

    4. Legal Bases for Processing (GDPR)

    If you are in the European Economic Area (EEA), the United Kingdom, or Switzerland, our legal bases under Articles 6 and 9 of the GDPR are:

    • Consent (Art. 6(1)(a)). For analytics cookies and country lookup. You give consent through the cookie banner and may withdraw it at any time.
    • Contract (Art. 6(1)(b)). When we process job applications you submit to us.
    • Legitimate interests (Art. 6(1)(f)). For replying to inquiries you initiate, securing the site, and keeping minimal admin records. We balance these interests against your rights and freedoms.
    • Legal obligation (Art. 6(1)(c)). When we are required by law to retain or disclose information.

    5. How Long We Keep It

    • Contact messages are kept until they are no longer needed for the conversation or any follow-up, then deleted.
    • Job applications are kept for the duration of the recruitment process and a reasonable period afterwards (typically up to 12 months) so we can contact you about future suitable roles, unless you ask us to delete them sooner.
    • Analytics events are kept in aggregated form. Individual page-view rows can be deleted on request, and admins can wipe the entire analytics table at any time.
    • Audit logs of administrative actions are retained for security purposes for as long as the account is active.

    6. Your Rights Under GDPR

    If GDPR applies to you, you have the following rights — free of charge and exercisable at any time:

    • Access (Art. 15). Ask us for a copy of the personal data we hold about you.
    • Rectification (Art. 16). Ask us to correct inaccurate or incomplete data.
    • Erasure (Art. 17, the "right to be forgotten"). Ask us to delete your personal data when there is no compelling reason to keep it.
    • Restriction (Art. 18). Ask us to limit how we use your data while a question about it is being resolved.
    • Portability (Art. 20). Ask for the data you provided to us in a structured, machine-readable format.
    • Objection (Art. 21). Object to processing based on legitimate interests.
    • Withdraw consent. Where we rely on consent, you can withdraw it at any time without affecting prior lawful processing.
    • Lodge a complaint. You can complain to your local supervisory authority. A list of EU authorities is available at edpb.europa.eu.

    To exercise any of these rights, email us at info@skymirage.com. We respond within 30 days as required by the GDPR.

    7. Cookies and Local Storage

    We use a small number of cookies and similar technologies, all listed in our Cookie Policy. Analytics tracking is only enabled after you click "Accept" on the cookie banner; if you click "Decline", no page-view data is recorded.

    8. Third-Party Services

    We rely on a small number of third-party processors to operate the site:

    • Convex — hosts our database and serverless functions.
    • api.country.is — performs the IP-to-country lookup so we can show country statistics. We pass only the request originating from your browser; the country code is returned and stored, the IP is not retained on our side.
    • Hosting / CDN providers used to deliver the site over the internet.

    Where data is transferred outside the EEA/UK, we rely on adequacy decisions or Standard Contractual Clauses where applicable.

    9. Data Security

    We use modern infrastructure with encryption in transit (HTTPS) and access controls on our admin dashboard. While no system can be 100% secure, we apply the safeguards that a service of this size and type is reasonably expected to use.

    10. Children

    Our website is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

    11. Changes to This Policy

    We may update this Privacy Policy from time to time. Material changes will be highlighted on this page with an updated revision date at the top. Continued use of the site after a change constitutes acceptance of the updated policy.

    12. Contact Us

    For any privacy or data-protection question, including any request to exercise your GDPR rights, email info@skymirage.com.