CM Studio+ logo
Login

CM Studio, LLC Global Privacy Policy

Effective Date: 01/01/2024

1. Introduction

Welcome to CM Studio, LLC (“we,” “our,” or “us”). We provide a comprehensive cosmetic formulation web application that empowers businesses and individuals to manage proprietary formulas, raw material inventory, client relationships, production lifecycles (including batches and samples), testing procedures, regulatory documentation, and AI-driven formulation suggestions (collectively, the “Services”).

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Services. This policy applies to all users globally, with specific provisions for residents of the United States and the European Economic Area (EEA), United Kingdom (UK), and Switzerland.

2. Information We Collect

We collect information directly from you, automatically through your use of the Services, and through third-party integrations.

  • Account & Contact Information: Name, email address, phone number, physical address, and company name.
  • Financial Information: We use Stripe to process payments and subscriptions. We do not directly store your full credit card numbers; this data is securely handled by Stripe.
  • User Content & Production Data: Files, raw material data, proprietary formulas, production batch records, sample tracking, testing results, and regulatory documentation you upload or generate.
  • Client Management Data: Information you input regarding your own clients or customers (e.g., names, contact info, project briefs) to manage them within our platform. (Note: For our B2B users, we process this specific data strictly on your behalf as a “Data Processor” according to our Data Processing Agreement).
  • AI Interaction Data & Chat History: Prompts, queries, and parameters you input into our AI formulation assistant. We securely store logs of your AI conversations within your account so you can view your past sessions and reference previous work at any time.
  • Usage & Device Data: IP address, browser type, interaction metrics, and device identifiers.

3. Artificial Intelligence & OpenAI

Our Services utilize artificial intelligence powered by the OpenAI API to provide formulation suggestions and regulatory insights. We treat your proprietary formulation data with the highest level of security.

  • Your Chat History is Stored by Us: To provide you with a seamless experience, CM Studio, LLC securely stores your AI conversation history within our own databases (hosted on Google Cloud) so you can access your past formulation logs whenever you log in.
  • No Data Training: We do not use your proprietary User Content, formulas, or chat history to train our own foundational AI models. Your data is never stored or used by OpenAI to train their public or private models.

4. How We Use Your Information & Legal Basis

For users in the EU/UK, the GDPR requires us to state our legal basis for processing. We use your data for the following purposes:

Data Category Purpose of Processing EU Legal Basis (GDPR)
Account & Financial Info To provide the platform, process subscriptions via Stripe, and manage your account. Performance of a Contract
User Content, Production & Client Data To host your files, facilitate batch tracking, manage your client CRM features, and provide AI formulation suggestions. Performance of a Contract
Contact Information To send transactional emails, support replies, and marketing updates via Omnisend. Legitimate Interest / Consent (for marketing)
Usage & Device Data To monitor platform stability, security, and analytics via Google Analytics. Legitimate Interest
All Categories To comply with legal obligations, tax laws, and court orders. Legal Obligation

5. How We Share Your Information & Subprocessors

We do not sell your personal information for monetary compensation. We share your information solely with trusted third-party service providers (subprocessors) necessary to run our platform:

  • Cloud Hosting & Storage: Google Cloud (stores platform data, user-uploaded files, and your saved AI chat history).
  • Payment Processing: Stripe.
  • Email & Marketing: Omnisend.
  • AI & Machine Learning: OpenAI (API processing only via Zero Data Retention).
  • Analytics & Advertising: Google Analytics and LinkedIn.

6. Retargeting and the “Sale” or “Sharing” of Data (US State Laws)

While we do not sell your data for money, we use cookies and tracking pixels (specifically Google Analytics and the LinkedIn Pixel) to serve you retargeted advertisements after you leave our site.

Under certain US state laws (including the California Privacy Rights Act – CPRA, and similar laws in VA, CO, TX, etc.), sharing data with advertising platforms for cross-context behavioral advertising is considered “selling” or “sharing” data.

  • Your Right to Opt-Out: US residents have the right to opt out of this sharing. You can do so by adjusting your cookie preferences.

7. International Data Transfers

CM Studio, LLC is hosted in the United States via Google Cloud. If you are accessing our Services from outside the US (including the EEA or UK), your data will be transferred to, stored, and processed in the US. We rely on legally provided mechanisms, such as Standard Contractual Clauses (SCCs) or the EU-US Data Privacy Framework (DPF), to ensure your data is adequately protected.

8. Your Privacy Rights

A. US State Privacy Rights

Depending on your US state of residence, you have the right to:

  • Know/Access: Request a copy of the personal information we hold about you.
  • Delete: Request the deletion of your personal information.
  • Correct: Request corrections to inaccurate data.
  • Opt-Out: Opt out of targeted advertising via our cookie manager.

B. European (GDPR) Privacy Rights

If you are located in the EEA, UK, or Switzerland, you have the right to:

  • Access & Portability: Receive your data in a structured, machine-readable format.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your data.
  • Restrict/Object: Object to our processing or restrict how we use your data.
  • Withdraw Consent: Withdraw consent for marketing emails at any time.

To exercise any of these rights, please email us at support@cmstudioplus.com. We will respond within 30 to 45 days as required by applicable law.

9. Data Security and Retention

We implement industry-standard security measures, leveraging Google Cloud’s secure infrastructure, to protect your data, intellectual property (formulas), and client records. We retain personal information only for as long as your account is active or as needed to provide you Services, comply with our legal obligations, resolve disputes, and enforce our agreements.

10. Contact Us

If you have questions regarding this Privacy Policy, please contact us at:

CM Studio, LLC
1213 S 30th Ave, Hollywood, Fl, USA
support@cmstudioplus.com