Last updated: 2026-04-30

Privacy Policy

This policy explains what personal data ArchVisualizations (UAB ArchVisualizations) collects when you visit https://archvisualizations.com or send us a project brief, what we do with it, and what rights you have. Written in plain language and aligned with the EU GDPR.

1. Who is the data controller

UAB ArchVisualizations (registered in Lithuania, reg. no. 305918724), trading as ArchVisualizations. Address: Gedimino pr. 35, LT-01109 Vilnius, Lithuania. Privacy contact: privacy@archvisualizations.com.

2. What data we collect

• Contact and brief data: name, email, company, phone, the project brief and any files you upload through the contact form or by email.
• Project files: CAD plans, sketches, mood references, brand assets, anything you send to inform the render. Stored only for active projects and 90 days post-delivery, unless you ask us to archive.
• Invoicing data: billing address, VAT number, company registration. Held for 10 years per Lithuanian accounting law.
• Site analytics: aggregated, anonymised page-view counts via privacy-friendly analytics. No third-party cookies, no cross-site tracking.

3. Why we process the data

• Engagement performance (legal basis: contract): we need contact details, brief and project files to do the work you hired us to do.
• Invoicing and bookkeeping (legal basis: legal obligation): tax and accounting law in Lithuania requires us to keep invoicing records for 10 years.
• Direct response to enquiries (legal basis: legitimate interest): when you write to us with a question, we use your contact details to reply.
• Site analytics (legal basis: legitimate interest): aggregated, no individual identification.

4. Who we share data with

We do not sell personal data. We share data only with the processors we need to run the studio:

• Cloud storage and email: Google Workspace (EU servers), end-to-end-encrypted upload provider for sensitive files.
• Hosting: Cloudflare Pages, EU edge.
• Payment processors: Wise, our bank, Stripe (for card payments only). PCI-DSS compliant by design.
• Accounting: a Lithuanian-licensed accountant under written confidentiality agreement.

Each processor is bound by a Data Processing Agreement (DPA) under GDPR Article 28.

5. International transfers

Where data is processed outside the EU/EEA (mainly with Google as a sub-processor in the US), transfers are covered by the EU-US Data Privacy Framework or Standard Contractual Clauses with appropriate technical safeguards.

6. How long we keep data

• Project files: duration of the project plus 90 days, then deleted from primary storage. Backups rotate out within 180 days.
• Invoicing and accounting: 10 years (legal obligation under Lithuanian Republic of Accounting Law).
• Email correspondence: retained while the relationship is active, plus 24 months for reference.
• Site analytics: 14 months aggregated, anonymised.

7. Your rights

Under GDPR you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion (subject to legal-retention exceptions like the 10-year accounting rule).
• Object to or restrict processing.
• Receive your data in a portable format.
• Lodge a complaint with the State Data Protection Inspectorate of Lithuania (vdai.lrv.lt) or your local supervisory authority.

To exercise any of these rights, write to privacy@archvisualizations.com. We respond within 30 days.

8. Security

Files are encrypted in transit (TLS 1.3) and at rest. Access to project files is limited to the artist working on your engagement and the producer. We use 2FA on all accounts that touch client data. We have not had a breach notifiable under GDPR Article 33 since incorporation.

9. Children

The site is intended for B2B audiences. We do not knowingly collect personal data from children under 16.

10. Changes to this policy

We update this policy when something material changes. The last-updated date at the top of the page is the canonical date. Substantive changes are also notified to active clients by email.