Data Protection

Studio Blueprint — UK GDPR Compliance

Our Commitment

The Studio Blueprint Generator is designed with data minimisation as a core principle. We collect the minimum amount of data necessary to provide the service, we do not store data beyond immediate operational need, and we do not monetise user data in any way.

Data Minimisation by Design

The Tool was built with the following data protection principles embedded in its architecture:

Browser-first processing. Your questionnaire answers are processed entirely in your browser using client-side JavaScript. No data is transmitted to any server during blueprint generation. The blueprint you see on screen never leaves your device.

No accounts required. The Tool does not require registration, login, or account creation. There are no user profiles, no passwords, and no persistent identity.

No analytics or tracking. The Tool does not use Google Analytics, Meta Pixel, Hotjar, or any other analytics or tracking service. No cookies are set. No behavioural data is collected. No fingerprinting techniques are used.

Transient server processing. If you request a PDF, your data is transmitted to our server, used to generate the document, and immediately discarded from application memory. No database stores your answers. No logs contain your questionnaire responses.

Data Flow

The complete data flow for each interaction:

Step 1: You answer questions in the browser. Data stays in your browser.
Step 2: Blueprint generates in your browser. No server involved.
Step 3 (optional): You enter your email and request a PDF.
Step 4: Your answers and email are sent to our Vercel serverless function.
Step 5: The function generates a PDF in memory. No file is saved to disk.
Step 6: The PDF is sent to your email via Resend. Your answers are discarded from memory.
Step 7: Resend retains a delivery log (email address, delivery status) for up to 30 days.

What We Do Not Do

We do not store your questionnaire answers in any database
We do not build profiles of users
We do not use email addresses for marketing (unless separately opted in)
We do not share data with advertisers
We do not use data for AI model training
We do not sell or trade personal data
We do not set cookies or use tracking technologies

Sub-Processors

The following third-party services process data on our behalf:

Vercel Inc. (San Francisco, USA) — Hosts the PDF generation API. Data processed transiently in serverless functions. Standard Contractual Clauses in place.
Resend Inc. (USA) — Email delivery service. Receives email address and PDF attachment. Retains delivery logs for 30 days. Standard Contractual Clauses in place.
Cloudflare Inc. (San Francisco, USA) — Serves the frontend application. Processes standard HTTP request data (IP address, user agent) in transit. No application data stored. Standard Contractual Clauses in place.

Data Subject Access Requests

To make a data subject access request, contact Howard Scott via hsdigital.substack.com. Provide the email address you used (if applicable) and your Blueprint ID. We will respond within 30 days as required by UK GDPR.

Because we do not store questionnaire answers, a DSAR response will be limited to confirming whether your email address exists in delivery logs, and providing a copy of any data held.

Data Breach Procedure

In the event of a personal data breach that presents a risk to individuals' rights and freedoms, we will notify the Information Commissioner's Office within 72 hours and affected individuals without undue delay, as required by Articles 33 and 34 of UK GDPR.

Data Protection Officer

Given the scale and nature of processing (minimal personal data, no special categories, no systematic monitoring), a formal Data Protection Officer is not required under Article 37 of UK GDPR. Data protection queries should be directed to Howard Scott via hsdigital.substack.com.

Supervisory Authority

The relevant supervisory authority is the Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Website: ico.org.uk.

Last updated: February 2026