Your details, held lightly.

This site is run by Mihiri de Silva, the potter, from the studio at 120/5a Jubilee Mawatha, Mirihana 10250, Colombo, Sri Lanka. She is the data controller for everything described below. The studio is not aimed at children under sixteen and we do not knowingly collect their details. For a privacy question (a copy, a correction, a deletion), write to redcocoonpottery@gmail.com.

Only what you send us. If you write through the contact form, we receive your name, email, and message. If you use the hospitality dossier, we also receive your company, phone (optional), and project notes. If you sign up for the studio letter, we receive your email and the day you subscribed. The site sets only strictly-necessary cookies: a sign-in session on the admin panel, and a forgery token on forms. No advertising cookies and no third-party trackers. We use Vercel's built-in privacy-friendly analytics, which counts page views and basic visit signals without cookies, without storing your IP address, and without any personal identifiers.

To reply. Nothing else. Contact messages are read by the potter and answered; inquiry forms route to the studio inbox; the letter goes out a few times a year when there is something worth saying. We rely on your consent for the letter (which you can withdraw at any time by unsubscribing) and on a legitimate interest in answering people who write in. We do not sell, rent, or share your details for marketing, including as defined by California law.

The site runs on a handful of tools that process data on our behalf. Each sees only what it needs to do its job.

• Supabase: stores submissions, the subscriber list, and the studio database. Hosts admin authentication.
• Cloudflare R2: stores product photographs and media files. No visitor data flows here.
• Vercel: hosts the website and keeps short-lived server logs (request metadata, not form contents). Vercel Web Analytics and Speed Insights are enabled to count page views and measure load performance. Both are cookieless, do not store IP addresses, and never receive personal data.
• Google Gemini: processes photos uploaded in the admin panel to suggest alt-text and category tags. Used only by the studio; your visit to the public site is never sent to Google.
• Upstash Redis: rate-limits the inquiry and signup forms to prevent spam. It receives only a hashed IP address; form contents are never stored there.
• Resend: delivers the welcome email when you subscribe, and notifies the studio when a hospitality inquiry arrives.
• Meta (Instagram): provides the Instagram feed shown on the homepage via the Instagram Graph API. The feed shows public posts only; no visitor data is sent to Meta by this integration.

These services operate in the United States, the European Union, and the United Kingdom. Where data moves across those borders, the transfer is made under the European Commission's Standard Contractual Clauses.

Hospitality inquiry messages are kept as a business record so we can reply and follow up. Request deletion at any time via WhatsApp or email. Letter subscribers stay on the list until they unsubscribe using the link in any email we send, or request removal. Your IP address is briefly noted when you submit a form to prevent spam. It expires automatically within minutes and is never stored in the studio database. Server logs roll off after thirty days. Admin session cookies last until the editor signs out.

You can ask for a copy of what we hold, ask us to correct it, ask us to delete it, or withdraw consent for the letter at any time. Reach the studio via WhatsApp or redcocoonpottery@gmail.com and we will do it, usually the same week. Letter subscribers can also unsubscribe directly from the link at the bottom of any email. If you are in the EU, you can complain to your national data protection authority; in the UK, the ICO; in Sri Lanka, the Data Protection Authority. We would rather hear from you first.

Anything unclear, write in. The contact page is the shortest route for general questions; for privacy specifically, redcocoonpottery@gmail.com goes straight to the potter. She reads every message.