This policy explains how we process personal data under the General Data Protection Regulation (GDPR). We process only the data needed to operate the site, fulfil orders, and provide support.
Data controller
The controller is the entity named in the imprint.
What we process
- Order data: name, shipping and billing address, email, order contents.
- Payment data is handled directly by Stripe; we do not store full card details.
- Newsletter: email address and confirmation status (double opt-in).
- Server logs and cookieless statistics without personal profiles.
Legal bases
Performance of a contract (Art. 6(1)(b) GDPR) for orders, consent (a) for the newsletter, and legitimate interest (f) for security, operations, and cookieless audience measurement that uses no device identifiers.
Processors and services
- Supabase — Database, authentication, and file storage (EU region).
- Vercel — Application hosting and delivery (EU region, fra1).
- Stripe — Payment processing (cards, SEPA, Klarna).
- Telegram — Customer support chat (third party under its own terms).
- Vercel Web Analytics — Cookieless usage statistics — no device identifiers, no cross-site tracking.
- Email service provider — Double opt-in newsletter delivery (when enabled).
Your rights
You have the right to access, rectification, erasure, restriction, portability, and objection, as well as the right to withdraw consent and to lodge a complaint with a supervisory authority.
Contact
For privacy requests, use the contact details in the imprint.
