Information Collected

When working with MUSHIN Design Studio, the following information may be collected:

  • Name, email address, phone number, and company information
  • Project files, images, and documents uploaded through the client portal
  • Third-party credentials voluntarily shared for project work (such as hosting or domain registrar logins)
  • Messages and communication through the portal

Use of Information

All information is used exclusively for:

  • Delivering the services agreed upon
  • Communicating about project work
  • Providing and managing portal access
  • Improving service quality

MUSHIN Design Studio does not sell, rent, or share personal information with anyone.

Credential Handling

When third-party credentials are shared (such as passwords for hosting accounts or domain registrars), those credentials are used only for the specific project tasks agreed upon. Credentials are stored encrypted in the database and are never accessible in plain text. After project completion, or at any time upon request, credentials are permanently deleted.

Data Storage and Security

All data is stored on infrastructure provided by IONOS, a German company subject to GDPR regulations. The server is physically located in the United States. Security measures include:

  • HTTPS/TLS encryption for all data in transit
  • Encrypted database access and encrypted backups
  • Security headers including Content-Type-Options, Frame-Options, Referrer-Policy, and Permissions-Policy
  • Secure, HTTP-only session cookies
  • Regular security updates and monitoring

Access Control

MUSHIN Design Studio is a one-person operation run by Hiro Fukushima. No employees, contractors, or third-party services have access to client data, the server, or the database.

Cookies

This site uses two cookies, both essential for the site to function:

  • Session cookie (Laravel session identifier). Secure and HTTP-only in production.
  • XSRF token (cross-site request forgery protection). Secure and HTTP-only in production.

No tracking cookies, advertising cookies, or analytics cookies are used.

Third-Party Services

The contact page uses the Google Maps API to display the studio location. Google may collect usage data through this integration according to its own privacy policy. No other third-party services are in use. No analytics platform tracks visitor activity.

Data Retention and Deletion

Project files and any shared credentials are deleted after project completion. Earlier deletion is available at any time upon request and will be confirmed in writing.

Client Rights

Every client has the right to:

  • Access the personal data held by MUSHIN Design Studio
  • Request correction of inaccurate information
  • Request deletion of data at any time
  • Request a portable copy of data

To exercise any of these rights, contact hiro@mushin.design. A response will be provided within 7 business days.

Breach Notification

In the unlikely event of a data breach affecting personal information, affected clients will be notified promptly via email with details about what happened, what data was affected, and what steps are being taken.

Changes to This Policy

This privacy policy may be updated from time to time. Changes will be posted on this page with a revised date. Significant changes will be communicated directly to active clients.

Contact

Questions about this privacy policy or data handling practices can be directed to hiro@mushin.design.