Privacy,
plainly.

FunkyRabbit, an independent design studio. For any privacy request you can reach us at [email protected].

Information you provide

If you contact us through the contact form, we receive the name, email address, and message body that you submit. We use this information solely to reply to your enquiry. The form is protected by Cloudflare Turnstile, which performs a privacy-preserving check to detect automated submissions and does not profile you.

Information collected automatically

Like most websites, our hosting provider and CDN log technical request data — IP address, user agent, timestamp, and the URL you accessed — for security, abuse prevention, and traffic statistics. These logs are retained for a short, rolling period and are not used to identify individual visitors.

When you first visit funky-rabbit.com, our consent banner (powered by CookieYes) asks whether you allow non-essential cookies. Until you accept, all analytics and advertising cookies are blocked at the source via Google Consent Mode v2 — measurement tags receive a denied signal and do not write tracking cookies. You can withdraw or change consent at any time using the floating consent gear in the bottom-left corner of every page.

A full, up-to-date list of cookies — with their domain, duration, and description — is available inside the consent banner under Customise → Cookie Details.

We do not share or sell your personal data to data brokers, advertisers, or any third party other than the operational processors listed below.

Web fonts on funky-rabbit.com are self-hosted. We do not load fonts from fonts.googleapis.com or fonts.gstatic.com, so visiting our pages does not transmit your IP address to Google for font delivery. The same applies to icons, scripts, and stylesheets — almost everything is served from our own domain or via Cloudflare.

• Contact form messages — kept until the conversation is resolved, then deleted within 12 months.
• Server logs — rotated and deleted on a 30-day cycle.
• Analytics data — retained according to GA4’s standard 14-month event-data setting.
• Consent records — kept for one year (the lifetime of the cookieyes-consent cookie) to prove that consent was obtained.

Under GDPR (and equivalent laws in your jurisdiction) you have the rights listed below. To exercise any of them, email [email protected]. We will respond within 30 days.

Cloudflare, Google, and other listed processors operate global infrastructure, which can mean processing outside the EU/EEA. Where this happens, transfers rely on the EU Standard Contractual Clauses or the EU–U.S. Data Privacy Framework, as published by each processor.

The site is served over HTTPS with HSTS enabled, sits behind Cloudflare’s WAF, and uses Wordfence to monitor and block intrusion attempts. Despite reasonable safeguards, no system is 100% secure; we cannot guarantee absolute security of data transmitted over the internet.

We update this Privacy Policy when our tools, processors, or processing purposes change. The “Last updated” date at the top reflects the most recent material change. We recommend reviewing the policy periodically.