Template – finalize a GDPR-compliant privacy policy individually (e.g. via a generator) and have it reviewed.
1. Controller
[Name / company, address, email]
2. What data we process
- Account/order data (e.g. email) for purchase and login
- Payment data is processed exclusively by Tebex – we do not receive full payment data
- Server/log data when the site is accessed
- Support requests, if any (Discord)
3. Purposes & legal bases
- Performance of contract (Art. 6(1)(b) GDPR): purchase, delivery, account
- Legitimate interest (lit. f): secure operation, abuse prevention
4. Services used
- Tebex (payment processing) – see Tebex's own privacy notice
- Hosting / server infrastructure: [provider]
- Email delivery: [SMTP provider]
- Analytics: [e.g. Plausible – cookieless] (if active)
5. Cookies
Technically necessary cookies (e.g. language, session). Optional/tracking cookies only with consent.
6. Retention
Data is stored only as long as necessary for the stated purposes or legal retention periods.
7. Your rights
Access, rectification, erasure, restriction, data portability, objection, and the right to lodge a complaint with a supervisory authority.
Privacy contact: [email]