Privacy Policy
How we process personal data under the GDPR. Placeholder copy pending legal review.
Data we process
Order data (name, address, email), payment metadata, and anonymous usage signals. We do not sell personal data.
Lawful basis
Performance of the sales contract (orders), consent (non-essential cookies), and legitimate interest (fraud prevention, service improvement).
Processors
Vercel (hosting), Neon (database), Stripe (payments + tax), Resend (transactional email), and our contracted 3PL (fulfilment). Each processes data on our behalf under a data-processing agreement.
Your rights
Access, rectification, erasure, portability, and objection. Contact the trader (see Imprint) to exercise them.
Retention
Order and tax records are kept as required by law; other data no longer than necessary.