GDPR Compliance

General Data Protection Regulation Compliance

We aim to handle personal data responsibly and in line with applicable data protection laws, including GDPR and UK GDPR where relevant.

Our Role & Responsibilities

Data Controller

World Studio acts as a Data Controller for:

  • Account registration information
  • Billing and payment data
  • Usage analytics and logs
  • Customer support communications

Data Processor

World Studio acts as a Data Processor for:

  • 3D models and project data you upload
  • Metadata associated with your projects
  • Shared content and collaboration data

Legal Basis

Depending on context, processing may rely on consent, contract, legitimate interests, legal obligations, or other lawful bases permitted by applicable law.

Your Rights

Right to Access (Article 15)

You can request a copy of all personal data we hold about you. We'll provide this within 30 days in a commonly used electronic format.

Right to Rectification (Article 16)

You can correct any inaccurate personal data through your account settings or by contacting us.

Right to Erasure (Article 17)

You can request deletion of your personal data. We'll comply unless we have a legal obligation to retain it.

Right to Restrict Processing (Article 18)

You can request that we limit how we use your data while disputes are resolved.

Right to Data Portability (Article 20)

You can export your data in a structured, machine-readable format to transfer to another service.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making (Article 22)

We do not use automated decision-making that produces legal effects concerning you.

Data Protection Measures

Technical Measures

  • End-to-end encryption for data transfers
  • Encryption at rest for all stored data
  • Regular security audits and penetration testing
  • Access controls and authentication systems
  • Pseudonymization where applicable

Organizational Measures

  • Data protection training for all staff
  • Data Protection Impact Assessments (DPIAs)
  • Privacy by Design principles
  • Incident response procedures
  • Regular compliance reviews

International Transfers

Data may be processed in multiple regions. We use appropriate safeguards as required by law.

Sub‑Processors

We work with trusted providers for hosting, payments, authentication, and processing. Their policies apply when they act on our behalf.

Data Breach Procedures

In the event of a personal data breach:

  • We will notify the ICO within 72 hours if required
  • We will notify affected users without undue delay
  • We maintain breach logs and documentation
  • We implement measures to prevent recurrence

Data Retention

Retention Periods

  • Active Accounts: Data retained while account is active
  • Deleted Accounts: Personal data deleted within 30 days
  • Legal Records: 7 years for tax/accounting purposes
  • Anonymized Data: May be retained indefinitely for analytics

Privacy by Design

We implement privacy by design principles:

  • Data minimization - we only collect necessary data
  • Purpose limitation - data used only for stated purposes
  • Default privacy settings favor user protection
  • Transparent data practices and clear consent
  • Regular privacy impact assessments

Your Consent & Control

Marketing Communications

You can opt out of marketing emails at any time through:

  • Unsubscribe links in emails
  • Account preferences settings
  • Contacting support@worldstudio.app

Cookies & Tracking

We use only essential cookies by default. Optional analytics cookies require explicit consent.

Children's Privacy

World Studio is not intended for children under 16. We do not knowingly collect data from children. If we discover such data, we delete it immediately.

Data Protection Officer

Contact our Data Protection Officer for any GDPR-related matters:

Email: support@worldstudio.app
Response Time: Within 30 days

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority:

UK: Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113

EU: Your local Data Protection Authority
List available at: edpb.europa.eu

Updates to This Policy

We review and update this GDPR compliance information regularly. Material changes will be communicated via email or platform notifications.

Data Processing Agreement

Enterprise customers can request a Data Processing Agreement (DPA) by contacting support@worldstudio.app