Privacy policy.

This policy explains what personal data MoriMake collects when you visit morimake.com, why we collect it, and what we do with it. It does not cover personal data we process on behalf of clients in the websites or systems we build for them — that processing is governed by a separate Data Processing Addendum agreed with each client (see Terms, section 8). We aim to keep this policy short and honest — no legalese for its own sake.

1. Who we are

2. What we collect

From the contact form ("brief builder"): your name, your email address, your company name (optional), the project description and timeline you choose to share. We collect this only when you submit it. We use it to reply to your enquiry and discuss your project.

Server logs: our hosting provider records standard server access logs (IP address, user-agent, timestamp, requested URL). These are kept for up to 30 days for security and debugging, and are never used to profile visitors.

Analytics (with your consent): if you accept the cookie banner, we load Google Analytics 4. It records anonymised usage data — pages viewed, approximate location, device and browser type, time on page — using cookies set by Google in your browser. Google Analytics 4 does not record full IP addresses; data is processed in line with the EU–US Data Privacy Framework. If you reject the banner, no analytics scripts or cookies are loaded at all.

AI assistant chats: messages you send to the chat widget are processed in real time by Anthropic's Claude API to generate a reply. Conversations are kept in your browser only (sessionStorage); we don't store them on the server.

3. Cookies

Strictly necessary — we store your cookie-banner choice in `localStorage` for 12 months so we don't keep asking. This is not a tracking cookie and doesn't require consent.

Analytics (only after you click Accept) — Google Analytics 4 sets cookies named `_ga` and `_ga_<measurement-id>` (typically a 2-year lifetime). These let Google distinguish unique visits and aggregate usage. If you click Reject, none of these are set.

Calendly — the contact page loads Calendly's booking widget so the popup can open instantly when you click. If you interact with the popup, Calendly may set its own cookies under its privacy policy (calendly.com/privacy). We don't read or store any of those.

You can change your cookie choice at any time via the Manage cookies link in the footer.

4. Third-party services

Google Analytics 4 (Google LLC, US) — loaded only after you accept the cookie banner. Receives anonymised page-view and interaction data and stores cookies in your browser. Google's privacy policy: policies.google.com/privacy. Data is transferred to the United States under the EU–US Data Privacy Framework adequacy decision.

Anthropic (Anthropic PBC, US) — when you send a message to the AI assistant, the message and recent conversation history are sent to Anthropic's Claude API to generate a reply. Anthropic does not train its models on this data and retains it only as needed for safety and abuse review. Anthropic privacy policy: anthropic.com/legal/privacy.

Calendly — our contact page uses Calendly's popup to let you book a 30-minute intro without leaving the site. Calendly is a separate company with its own privacy policy. When you open the popup, Calendly receives standard request data (IP address, browser version, page URL); if you actually book, the name, email, and any message you enter into the popup are processed by Calendly, and we receive a copy as a calendar notification.

5. Who we share data with

Nobody — unless required by Lithuanian law, a binding court order, or to defend legal claims. We do not sell, rent, or share enquiry data with marketers, advertisers, or data brokers.

For day-to-day operations, your enquiry data may be processed by:

• Hostinger — our hosting provider, which serves the website and stores server logs. Hostinger is a Lithuanian company with EU data centres.
• Email provider — when we reply to you, we use standard email delivery infrastructure. The contents of those replies live in our mailbox until deleted.

6. Where data is processed

All processing happens within the European Union or European Economic Area. We do not transfer your personal data to countries outside the EU/EEA.

7. How long we keep it

• Brief-builder submissions: kept while we discuss your project, and for up to 24 months after our last interaction. After that, we delete them unless you have become a paying client (in which case they are kept for invoicing purposes for as long as Lithuanian tax law requires — typically 10 years for invoices).
• Server logs: up to 30 days.
• Analytics data: aggregated, indefinite, contains no personal data.

8. Your rights under GDPR

If you are in the EU/EEA, you have the right to: access the data we hold about you; correct it if it's wrong; have it deleted; restrict or object to processing; receive a copy in a portable format; and lodge a complaint with the Lithuanian State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija).

To exercise any of these rights, email hello@morimake.com. We'll respond within 30 days.

9. Security

Data is transferred over HTTPS and stored on managed European infrastructure. We follow reasonable, industry-standard practices, but no system is 100% secure. If we ever discover a breach affecting your data, we will notify you without undue delay as required by GDPR Article 33.

10. Changes to this policy

We may update this policy as the site evolves. Material changes will be flagged on this page with a new "last updated" date. Older versions are available on request.