1. Who we are
This website is operated by Jan S (Workshift), [YOUR ADDRESS]. Contact: helloworkshift@gmail.com. We are the data controller for any personal data collected via this website.
2. What data we collect and why
2.1 Purchase data (via Stripe)
When you purchase a product, you are directed to Stripe's secure payment page. Stripe collects and processes your payment information (name, email, billing address, card details) directly. We receive from Stripe only: your email address and name, which we use solely to deliver your digital download.
Stripe acts as an independent data controller for payment processing. See Stripe's Privacy Policy.
2.2 Delivery email
After a successful purchase, we send one transactional email to the address you provided at checkout. This email contains your download link. We do not add you to any marketing list without your separate consent.
2.3 Server logs
Our hosting provider (Vercel Inc., 340 Pine Street Suite 700, San Francisco, CA 94104, USA) automatically collects standard server log data (IP address, browser type, pages visited, timestamp) for security and operational purposes. This data is retained for a maximum of 30 days.
3. Cookies
We use strictly necessary cookies required for the site to function. We do not use analytics, advertising, or tracking cookies. When you click “Buy”, you are redirected to Stripe's domain where Stripe may set their own cookies for fraud prevention. We do not control these.
You can manage or delete cookies at any time via your browser settings. Note that disabling cookies may affect site functionality.
4. Legal basis for processing (GDPR)
- Contract performance (Art. 6(1)(b) GDPR) — processing your email to deliver your purchase
- Legitimate interest (Art. 6(1)(f) GDPR) — server logs for security and fraud prevention
- Legal obligation (Art. 6(1)(c) GDPR) — retaining transaction records as required by tax law
5. Data retention
Purchase records (email, transaction ID) are retained for 10 years as required by German tax law (§ 147 AO). Server logs are retained for a maximum of 30 days. Delivery emails are not stored beyond what your email provider retains.
6. Data sharing
We share your data only with the following third parties, strictly as necessary:
- Stripe, Inc. — payment processing
- Vercel, Inc. — website hosting
- Google LLC (Gmail) — transactional email delivery
We do not sell, rent, or trade your personal data. We do not share it with advertisers or data brokers.
7. International transfers
Some of our service providers (Stripe, Vercel, Google) are based in the United States. Data transfers to the US are based on the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) where applicable.
8. Your rights (GDPR)
Under GDPR, you have the right to:
- Access — request a copy of the data we hold about you (Art. 15)
- Rectification — request correction of inaccurate data (Art. 16)
- Erasure — request deletion of your data where legally permitted (Art. 17)
- Restriction — request we limit processing of your data (Art. 18)
- Portability — receive your data in a portable format (Art. 20)
- Object — object to processing based on legitimate interest (Art. 21)
- Withdraw consent — where processing is based on consent, withdraw at any time
To exercise any of these rights, email us at helloworkshift@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.
9. Security
We use HTTPS encryption for all data transmission. Download links are cryptographically signed and unique to each purchase. We do not store credit card details — all payment data is handled exclusively by Stripe.
10. Changes to this policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated date. Continued use of the site after changes constitutes acceptance.
11. Contact
Questions about this privacy policy or your data rights? Contact us at: helloworkshift@gmail.com