//legal

Privacy Policy

Privacy Policy

ANTONI SHKRABA STUDIO / AI25.STUDIO
Business address: ul. Jana Pawła Woronicza 31/155, 02-640 Warsaw, Poland
VAT (NIP): PL5214113655 | REGON: 541449095 Production brand: AI25.STUDIO

Last updated: 29.05.2026

1. Introduction

This Privacy Policy explains how ANTONI SHKRABA STUDIO (hereinafter "the Company", "we", "us", or "our") processes personal data in connection with our website, services and communications operating under the brand AI25.Studio (the "Service"). Our data processing is governed by Regulation (EU) 2016/679 (GDPR), the Polish Act of 10 May 2018 on the Protection of Personal Data, and where applicable, Regulation (EU) 2024/1689 (EU AI Act).

By accessing or using our Service you confirm that you accept this Privacy Policy and consent to our processing of your personal data as described herein.

In Poland, the General Data Protection Regulation ("GDPR") is commonly referred to as "RODO" ("Rozporządzenie o Ochronie Danych Osobowych"). RODO is the Polish term for the GDPR, which applies directly across all EU Member States. The GDPR is supplemented in Poland by the national Act of 10 May 2018 on the Protection of Personal Data, which regulates the functioning of the supervisory authority (UODO) and provides additional procedural rules.

Our services and content are primarily directed to business entities and professionals (B2B context). We do not target our website or services toward individual consumers unless otherwise specified.

2. Data Controller

The data controller for personal data processed in connection with the Service is:

ANTONI SHKRABA STUDIO Operating under the brand AI25.STUDIO ul. Jana Pawła Woronicza 31/155 02-640 Warsaw, Poland VAT (NIP): PL5214113655 REGON: 541449095 E-mail: hello@ai25.studio

For any questions about this Policy, or to exercise your rights as a data subject, please contact us at the above email address.

3. Legal Basis and Processing Principles

3.1 Legal Basis

We process personal data only when we have a lawful basis under Article 6 of the GDPR. These include:

  • The data subject's consent (Art. 6(1)(a) GDPR) — e.g., for marketing communications, analytics cookies or optional profiling;

  • Necessity for performance of a contract or to take steps prior to entering into a contract (Art. 6(1)(b));

  • Compliance with a legal obligation to which the Company is subject (Art. 6(1)(c));

  • Our legitimate interests (Art. 6(1)(f)), provided these do not override the rights and freedoms of the data subject.

3.2 Principles of Processing

In accordance with Article 5 GDPR, we adhere to the following principles:

  • lawfulness, fairness and transparency;

  • purpose limitation — personal data collected for specified, explicit and legitimate purposes and not further processed incompatibly;

  • data minimisation — only data adequate, relevant and limited to what is necessary;

  • accuracy — we take reasonable steps to keep personal data accurate and up to date;

  • storage limitation — personal data kept identifiable no longer than necessary;

  • integrity and confidentiality — appropriate security of personal data;

  • accountability — we are responsible for, and able to demonstrate, compliance with these principles.

4. Categories of Personal Data Collected

4.1 Data You Provide

  1. Identification and contact data: name, surname, company name, address, e-mail, telephone number, position/role.

  2. Billing and invoicing data: company, VAT/NIP, REGON, registered address.

  3. Project data: information about the project you wish to commission, including briefs, references, brand assets, scripts, and any materials you submit in connection with the engagement.

  4. Form data: information provided when you fill forms on our Service, request quotes, subscribe to newsletters or contact us.

4.2 Data Collected Automatically

  1. Technical / usage data: IP address, browser type and version, operating system, pages visited, referral URL, date/time of visit, device identifiers.

  2. Cookies and other tracking technologies (see Section 8).

  3. Analytics data: we use third-party analytics services, such as Google Analytics, to collect pseudonymised data regarding user behaviour on our website, including page visits, duration, referrer URL and browser information. Analytics data are used to improve user experience and website performance.

4.3 Data from Third Parties

  1. Data obtained from analytics platforms, advertising networks, payment processors, hosting providers and other business partners.

  2. If you engage with embedded social media content on our website (Instagram, LinkedIn, Vimeo embeds), the respective platforms may collect data about you according to their own policies.

4.4 Special Categories of Data

We ordinarily do not process special categories of personal data (Art. 9 GDPR), such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric data. Should we ever do so in connection with specific projects (for example, when a client provides imagery containing identifiable individuals), we will explicitly inform you and rely on the applicable legal basis, including obtaining explicit consent where required.

5. Purposes of Processing, Retention and Profiling

5.1 Purposes

We use personal data for the following purposes:

  • providing our Services, fulfilling contractual obligations and responding to enquiries;

  • managing client relationships, billing/invoicing, accounting and tax obligations;

  • administering and improving our website and services, including analytics, research and development;

  • communicating with you regarding the Service, updates, changes or offers (where consented or otherwise permitted);

  • marketing communications where consent has been given or permitted under law;

  • ensuring IT, network and information security, fraud prevention and detection;

  • legal compliance, defence of legal claims and dispute resolution.

5.2 Profiling & Automated Decision‑Making

If we engage in any automated processing including profiling which produces legal effects or similarly significant effects concerning you, we will notify you, provide meaningful information about the logic and envisaged consequences, and offer the right to human intervention (Art. 22 GDPR). At present we do not carry out such processing activities.

5.3 PROCESSING USING ARTIFICIAL INTELLIGENCE TOOLS & Retention & MARKETING AND REMARKETING

As an AI-native production studio, we use generative AI models and tools as part of our production workflows. In doing so:

  • We use only licensed AI tools and models that permit commercial use of generated outputs;

  • Where personal data are processed using AI tools as part of a client project (for example, when a client provides imagery containing identifiable individuals), processing is governed by the specific project agreement and applicable data protection law;

  • We comply with the transparency requirements of Regulation (EU) 2024/1689 (EU AI Act), including documentation of AI systems used in our production workflows;

  • We do not use client-submitted personal data to train public AI models;

  • AI tools used in our workflows may be operated by providers within or outside the EEA. Where AI processing involves transfers outside the EEA, we apply the safeguards described in Section 6.

  1. We retain personal data for as long as necessary for the relevant purpose or to satisfy legal, accounting or tax obligations. After expiry of the retention period, data are securely deleted or anonymised.

  2. We may use personal data — such as IP addresses, cookie identifiers and email addresses — for remarketing and behavioural advertising campaigns using platforms such as Google Ads, Meta (Facebook) Ads or similar. These platforms may display targeted advertisements based on previous interactions with our website. This processing is based on your prior consent under Article 6(1)(a) GDPR. You can withdraw consent or manage preferences via our cookie banner or directly in your advertising account settings.

Data Category

Legal Basis

Invoicing / Accounting

5 years from end of year

Tax law (Art. 74 of UoR)

Contact form submissions

1 year from last contact

Legitimate interest (Art.6(1)(f))

Project files and materials

Duration of project + 3 years

Contract performance and defence of claims

Analytics (e.g. Google)

14 months

Consent (Art. 6(1)(a))

Email marketing opt-ins

Until consent withdrawn

Consent (Art. 6(1)(a))

Data Category

Legal Basis

Invoicing / Accounting

5 years from end of year

Tax law (Art. 74 of UoR)

Contact form submissions

1 year from last contact

Legitimate interest (Art.6(1)(f))

Project files and materials

Duration of project + 3 years

Contract performance and defence of claims

Analytics (e.g. Google)

14 months

Consent (Art. 6(1)(a))

Email marketing opt-ins

Until consent withdrawn

Consent (Art. 6(1)(a))

6. Recipients and Data Transfers

6.1 CATEGORIES OF RECIPIENTS

We may disclose personal data to:

  • Service providers (processors) acting on our behalf, including:

  • Hosting and website infrastructure: Framer

  • Analytics: Google Analytics

  • Advertising platforms: Google Ads, Meta Ads

  • Communication and productivity: Google Workspace, Slack, Notion

  • AI production tools: providers of generative AI models used in our workflows (e.g., Veo, Sora, Kling, Runway, Midjourney, ComfyUI, Higgsfield and others)

  • Payment, billing and accounting providers

  • CRM and project management platforms

  • Legal, tax, accounting, regulatory or law enforcement authorities where required by law;

  • In the event of business restructuring, sale, merger or asset transfer — to the acquiring entity, subject to appropriate safeguards.

All processors are bound by Data Processing Agreements (DPA) and provide adequate guarantees in compliance with Article 28 GDPR.

6.2 Transfers within the EEA & TRANSFERS OUTSIDE THE EEA

Transfers of personal data within the European Economic Area (EEA) are subject to harmonised EU rules and are considered adequately protected.
Some of our service providers — particularly hosting, analytics, advertising and AI production tools — may operate or store data outside the EEA, including in the United States, the United Kingdom and other jurisdictions. Where such transfers occur, we ensure appropriate safeguards under Chapter V of the GDPR, including:

  • Adequacy Decisions of the European Commission (e.g., the EU-U.S. Data Privacy Framework for certified U.S. providers);

  • Standard Contractual Clauses (SCC) approved by the European Commission;

  • Binding Corporate Rules of multinational groups, where applicable;

  • Additional technical and organisational safeguards where required.

You may request information about the specific safeguards in place by contacting us at hello@ai25.studio.

6.4 Supervisory Authority Reporting

In the event of a personal data breach, the Company cooperates with and reports to the relevant supervisory authority — in Poland, the Office for Personal Data Protection ("UODO") — in accordance with Polish and EU law.

7. Data Subject Rights

Under Articles 15–22 of the GDPR you have the following rights:

  • Right of access (Art. 15) — to obtain confirmation whether personal data are processed and access to such data;

  • Right to rectification (Art. 16) — to request correction of inaccurate or incomplete data;

  • Right to erasure ("right to be forgotten") (Art. 17) — in certain circumstances you may request deletion of personal data;

  • Right to restriction of processing (Art. 18);

  • Right to data portability (Art. 20) — where processing is based on consent or contract and carried out by automated means;

  • Right to object (Art. 21) — including to processing for direct marketing or our legitimate interests;

  • Right to withdraw consent at any time when processing is based on consent (Art. 7(3));

  • Right not to be subject to automated decision-making (Art. 22), where applicable.

To exercise your rights, please contact us at hello@ai25.studio. We respond within the timeframe required by law — generally one month, extendable by two months in complex cases.

If you believe your rights have been violated, you may lodge a complaint with UODO (contact details in Section 14).

If you are located outside the European Economic Area (EEA), we process your personal data in accordance with this Privacy Policy and applicable EU data protection standards. If local laws grant you additional rights, we will take reasonable steps to respect them.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to provide, maintain and improve our Service:

  • Strictly necessary cookies — essential for operation of the website;

  • Performance / analytics cookies — to collect anonymous usage data and improve our Service;

  • Functional cookies — to remember user preferences;

  • Marketing / advertising cookies — subject to prior consent.

Pursuant to Polish and EU law — including the Act on the provision of services by electronic means — we obtain informed consent prior to using non-essential cookies. We provide clear information about cookie categories and how to manage your settings.

You may disable or delete cookies via your browser settings, but this may affect functionality of our website.

9. Security of Personal Data

We implement appropriate technical and organisational measures to safeguard personal data (Art. 32 GDPR), including:

  • encryption and pseudonymisation where feasible;

  • access controls and authentication procedures (multi-factor authentication, role-based access);

  • regular security reviews, vulnerability assessments and incident response procedures;

  • secure backup, data segmentation, network protection and monitoring;

  • data protection by design and by default (Art. 25 GDPR) — integrating data protection into our systems and processes from the earliest stage.

In the event of a personal data breach resulting in a risk to the rights and freedoms of individuals, we notify the competent supervisory authority without undue delay and, where feasible, within 72 hours.

10. Data Protection Impact Assessment (DPIA)

Where intended processing is likely to result in a high risk to the rights and freedoms of individuals — for example, introduction of new technologies, large-scale processing of special categories of data, or systematic monitoring — we carry out a Data Protection Impact Assessment (DPIA) pursuant to Art. 35 GDPR, taking into account guidance from the European Data Protection Board and UODO.

We conduct DPIAs where applicable in connection with new AI tools, workflows or production technologies introduced into our pipeline.

11. Monitoring, Employee Data and Internal Processing

Where employees, contractors or other persons act on behalf of the Company and are subject to internal processing of their personal data, such processing is carried out in accordance with Polish labour law, supplementary national regulations and GDPR principles. Any monitoring of staff (IT, CCTV) is implemented only with legitimate basis, appropriate safeguards and full transparency.

12. International and Cross‑Border Processing

Where our operations, service providers or clients are located outside Poland, we may engage in cross-border processing. In such cases:

  • appropriate safeguards under Chapter V GDPR are in place (see Section 6.3);

  • transfers are documented;

  • data subjects are informed of the transfer and applicable safeguards;

  • we comply with applicable EU and Polish law on international transfers.

13. Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy at any time. Changes may be required due to updates to our services, legal or regulatory obligations, new technologies or business developments. We will publish the updated version on our website and update the "Last updated" date at the top of this Policy. Continued use of the Service after changes constitutes your acceptance of the amended Policy.

14. Contact and Complaints

For any questions or to exercise your rights, contact:

Email: hello@ai25.studio Postal address: ANTONI SHKRABA STUDIO, ul. Jana Pawła Woronicza 31/155, 02-640 Warsaw, Poland

If you believe that our processing of your personal data does not comply with applicable law, you may lodge a complaint with the supervisory authority:

Office for Personal Data Protection (UODO) ul. Stawki 2, 00-193 Warsaw, Poland Website: https://uodo.gov.pl

15. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of Poland and applicable EU regulations, including the GDPR and the EU AI Act. Any disputes arising in connection with this Policy are subject to the competent courts of Poland, unless mandatory procedural rules dictate otherwis

8. COOKIES AND TRACKING TECHNOLOGIES

8.1 WHAT ARE COOKIES

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work efficiently, remember user preferences and provide information to website owners. Similar technologies include local storage, pixels, tags and tracking scripts — referred to collectively in this Policy as "cookies".

8.2 LEGAL BASIS

We use cookies in accordance with:

  • Regulation (EU) 2016/679 (GDPR);

  • Directive 2002/58/EC (ePrivacy Directive) as amended by Directive 2009/136/EC;

  • The Polish Act of 16 July 2004 — Prawo telekomunikacyjne (Art. 173);

  • Guidance from the European Data Protection Board (EDPB) and the Polish supervisory authority (UODO).

Strictly necessary cookies are placed on the basis of our legitimate interest (Art. 6(1)(f) GDPR). All other cookies — analytics, functional, marketing — are placed only after obtaining your explicit consent (Art. 6(1)(a) GDPR), expressed through our cookie banner.

8.3 CATEGORIES OF COOKIES WE USE

Strictly necessary cookies These are essential for the operation of our website. They enable basic functions such as page navigation, security, load balancing and session management. The website cannot function properly without these cookies. Consent is not required.

Performance and analytics cookies These cookies collect anonymous or pseudonymised information about how visitors use our website — pages visited, time spent, navigation patterns, referral sources. We use this data to improve our website performance and user experience. Provider examples: Google Analytics. Consent required.

Functional cookies These cookies remember choices you make to personalise your experience — language preferences, region, display settings. Consent required.

Marketing and advertising cookies These cookies are used to deliver advertisements relevant to you and your interests across third-party platforms. They may also be used to measure the effectiveness of advertising campaigns and to limit the number of times you see an advertisement. Provider examples: Google Ads, Meta (Facebook) Ads, LinkedIn Ads. Consent required.

Third-party embed cookies When pages on our website contain embedded content from third-party platforms — such as Vimeo, Instagram, LinkedIn or YouTube — those platforms may set their own cookies according to their own policies. Consent required where applicable.

8.4 SPECIFIC PROVIDERS

Our website uses cookies and tracking technologies from the following categories of providers:

  • Hosting and platform: Framer (website hosting, technical session cookies)

  • Analytics: Google Analytics (Google LLC)

  • Advertising and remarketing: Google Ads, Meta (Facebook) Ads, where applicable

  • Embedded media: Vimeo, Instagram, LinkedIn, YouTube (where embedded content is displayed)

Some of these providers operate outside the European Economic Area (EEA), in particular in the United States. Where cookies involve international data transfers, the safeguards described in Section 6.3 of this Policy apply, including Standard Contractual Clauses and, where applicable, certification under the EU–U.S. Data Privacy Framework.

8.5 RETENTION PERIODS

Cookie retention periods depend on the type and provider of the cookie. Session cookies are deleted when you close your browser. Persistent cookies remain on your device for periods ranging from a few minutes to several years, depending on their purpose. Specific retention details for individual cookies are made available through our cookie banner consent interface and through each provider's privacy documentation.

8.6 MANAGING YOUR COOKIE PREFERENCES

You can manage your cookie preferences in several ways:

  • Through our cookie banner — when you first visit our website, you are presented with a banner allowing you to accept, reject or customise non-essential cookies. You can revisit and change your preferences at any time.

  • Through your browser settings — most browsers allow you to view, manage and delete cookies. Instructions are available in the help section of your browser (Chrome, Safari, Firefox, Edge and others).

  • Through provider opt-out tools — for advertising cookies you can use industry opt-out tools, such as the Network Advertising Initiative opt-out (https://optout.networkadvertising.org) or Your Online Choices (https://www.youronlinechoices.eu).

  • Through Google Analytics opt-out — you may install the Google Analytics opt-out browser add-on at https://tools.google.com/dlpage/gaoptout.

Please note that disabling certain cookies may affect functionality of our website.

8.7 WITHDRAWAL OF CONSENT

You may withdraw your consent for non-essential cookies at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal. To withdraw consent, use the cookie banner or change your browser settings.

8.8 CHANGES TO COOKIE USAGE

The cookies we use may change over time as we add or remove tools and services. We update our cookie banner and this section accordingly. We recommend reviewing this Policy periodically to stay informed.


16. Hosting and Technical Infrastructure

Our website AI25.Studio is hosted on the infrastructure of Framer — a third-party website development and hosting provider accessible at https://framer.website.

As part of hosting and platform management, Framer may process certain data — IP addresses, browser types, technical logs and usage statistics — to enable delivery and security of the website. Our contractual relationship with Framer includes appropriate safeguards in line with Article 28 and Chapter V of the GDPR. Framer's servers and sub-processors may be located within the European Economic Area (EEA) or in other jurisdictions with adequate legal protections, including under Standard Contractual Clauses and the EU-U.S. Data Privacy Framework.

For more information, please refer to Framer's Privacy Policy at https://www.framer.com/legal/privacy-statement.

AI25.Studio is an AI-native cinema studio built by people who came from real filmmaking. We see AI differently from most of the industry — not as a shortcut, but as a production layer on top of genuine craft. We don't generate. We produce.

For over 10 years our team has worked in commercial video, 3D and VFX. Today we bring that discipline into AI-driven production for brands and agencies worldwide — trusted across more than 600 delivered projects.

Every project is senior-led and built with intention — camera language, lighting, composition and rhythm. We join early, work as a full-cycle production partner, and care about the result, not just the speed.

AI is the tool. Craft is the foundation.

Based in Warsaw — working worldwide. Let's build something: hello@ai25.studio

© 2026 AI25.STUDIO. All rights reserved.

AI25.Studio is an AI-native cinema studio built by people who came from real filmmaking. We see AI differently from most of the industry — not as a shortcut, but as a production layer on top of genuine craft. We don't generate. We produce.

For over 10 years our team has worked in commercial video, 3D and VFX. Today we bring that discipline into AI-driven production for brands and agencies worldwide — trusted across more than 600 delivered projects.

Every project is senior-led and built with intention — camera language, lighting, composition and rhythm. We join early, work as a full-cycle production partner, and care about the result, not just the speed.

AI is the tool. Craft is the foundation.

Based in Warsaw — working worldwide. Let's build something: hello@ai25.studio

© 2026 AI25.STUDIO. All rights reserved.