Last updated: July 17, 2026
Privacy policy
We built this site to show our work, not to harvest your data. This page explains exactly what we collect, why, and what we never do — in plain language, as the GDPR intends.
Who we are
alt-shift is a product design studio operated from Hviezdoslavova 6, 040 01 Košice, Slovakia. For this website, we are the data controller under the EU General Data Protection Regulation (GDPR).
Anything privacy-related — questions, requests, complaints — reaches us at [email protected]. We answer ourselves; there is no ticket queue.
Anonymous analytics
We use two privacy-focused analytics tools —Umami andPlausible— to understand how the site is used: which pages are viewed, where visitors come from, browser and device type, country, and which interactive elements get played with. Both tools receive the same events and data, so each interaction is recorded once in each. Our event names are things like “Project shots: Flick” — they describe the interaction, never the person.
Both tools work without cookies and without building visitor profiles. Data is anonymized and aggregated before it is stored; neither we nor either provider can identify you or follow you to other websites. Your IP address is processed briefly to derive a country-level location and is not stored. The analytics scripts are served from our own domain, which means your browser talks to us, not to a third-party ad network.
Legal basis: our legitimate interest (Art. 6(1)(f) GDPR) in understanding how our portfolio performs. Because this data is anonymous and cookie-free, no consent banner is required — which is why you didn't see one.
Match stats on your device
The playful “match stats” in our footer (time on ice, shots on goal, your player archetype) are computed and stored entirely in your browser's session storage. They never leave your device, and they are erased the moment you close the tab.
When you contact us
If you email us, we receive your email address and whatever you choose to write. We use it to reply and to prepare a potential engagement — nothing else. Legal basis: taking steps prior to entering a contract (Art. 6(1)(b) GDPR) and our legitimate interest in responding to inquiries.
If you book an intro call, scheduling runs through Cal.com, which collects your name, email address, and chosen time slot on our behalf and under its own privacy policy. We use those details solely to hold the meeting.
What we never do
No advertising or marketing cookies. No cross-site or cross-device tracking. No fingerprinting. No selling, renting, or trading of data. No profiling with legal or similarly significant effects, and no automated decision-making. Fonts and assets are served from our own infrastructure, so no font or CDN provider watches you read this page.
Who processes data for us
A small set of service providers process data on our behalf, each bound by a data processing agreement:
- Cloudflare — hosts and delivers the site. It processes IP addresses transiently for security and delivery, and may set a strictly necessary security cookie for bot protection, which is exempt from consent.
- Umami Software, Inc. — stores the anonymized, aggregated analytics described above.
- Plausible Insights OÜ — stores the same anonymized, aggregated analytics described above.
- Cal.com, Inc. — handles call scheduling when you book a meeting.
- Our email provider — stores correspondence you send to us.
Some of these providers are based in the United States. Where personal data is transferred outside the EEA, it is protected by the EU–US Data Privacy Framework or the European Commission's Standard Contractual Clauses.
How long we keep things
Analytics data is anonymous and aggregated, so it is retained as long-term statistics that cannot be tied back to anyone. Email correspondence is kept for as long as it is relevant to our conversation or a subsequent engagement, then deleted. Session stats vanish when you close the tab — we couldn't retain them if we wanted to.
Your rights
Under the GDPR you can ask us for access to your personal data, correction, deletion, restriction of processing, portability, and you can object to processing based on our legitimate interests (Art. 21 GDPR). Email us and we'll act on it without drama.
One honest caveat: our analytics are anonymous, so we can't find “your” records in them — the rights above apply in practice to correspondence and booking data.
You also have the right to lodge a complaint with a supervisory authority — in Slovakia, the Office for Personal Data Protection of the Slovak Republic (dataprotection.gov.sk), or the authority in your own EU member state.
External links
The site links out to places like LinkedIn, Dribbble, Threads, Cal.com, and various AI assistants. Once you follow a link, the destination's privacy policy applies — we don't control what happens there.
Changes to this policy
If we change how the site handles data, we update this page and the date at the top. No dark patterns, no silent edits that matter.


