Privacy

As of April 20, 2026. Minimal and honest. No trackers, no ad IDs, no fingerprinting.

Controller

Willy Kramer, Zossener Str. 47, 10961 Berlin, Germany.
Email: info@snicklink.de

What data, why, on what legal basis

• Checkout (Stripe): When you buy, Stripe Payments Europe, Ltd. (Ireland) passes your payment details (card, name, optionally address, IP) to Stripe Inc. (US). We never see card data. Basis: Art. 6(1)(b) GDPR — contract.
• Confirmation email (Resend): After purchase we email you the unlock link and PDF downloads via Resend Inc. (US). We send your email address and order ID. Basis: Art. 6(1)(b) GDPR.
• Order database (Supabase): We store order ID, email, amount, currency, locale, unlock token at Supabase Inc. (US, servers in EU region). Basis: Art. 6(1)(b) + (c) — contract and statutory retention (10 years under German tax law).
• Unlock cookie: A strictly necessary cookie mw_unlock (HttpOnly, signed, 2-year lifetime) remembers that you purchased access. No tracking. Basis: Art. 6(1)(b) — delivery of the book you paid for.
• Hosting (Vercel): The site runs on Vercel Inc. (US). Access logs (IP, user-agent, time) are retained briefly for debugging and DDoS mitigation. Basis: Art. 6(1)(f) — legitimate interest in operational security.
• Media (Cloudflare R2): Videos and PDF downloads live at Cloudflare, Inc. (US). On fetch, Cloudflare sees IP and user-agent. Basis: Art. 6(1)(b) / (f).

Transfer to the US

Stripe, Resend, Supabase, Vercel and Cloudflare are US companies. Transfers rely on EU Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework (EU Commission adequacy decision, July 2023).

Retention

• Order records: 10 years (§ 147 AO, HGB — German tax code).
• Email delivery logs at Resend: up to 30 days.
• Server logs at Vercel: typically 7–30 days.
• Unlock cookie: 2 years or until you clear it.

Your rights

• Access (Art. 15 GDPR)
• Rectification (Art. 16) and erasure (Art. 17), subject to retention obligations
• Restriction of processing (Art. 18)
• Data portability (Art. 20)
• Objection to processing based on legitimate interest (Art. 21)
• Complaint to a supervisory authority — for Berlin: Berliner Beauftragte für Datenschutz und Informationsfreiheit

For any request: info@snicklink.de.

What we don’t do

• No Google Analytics, no Meta Pixel, no advertising trackers.
• No selling or sharing your data for marketing.
• No newsletter sign-up without double-opt-in (there’s no newsletter right now).