Privacy Policy
Last updated: March 2026
1. Data Controller
Makoto Inoue / Studio R.O.B 8
Eberswalder Straße 20, 10437 Berlin, Germany
Email: studio.rob8@gmail.com
2. Data We Collect
- Account data: email address, password (hashed)
- Subscription data: plan type, store count, usage counters
- Payment data: processed by Stripe; we do not store card details
- Usage data: CSV files uploaded for analysis (processed in memory, not stored)
- Technical data: IP address, browser type, access logs
3. Purpose and Legal Basis
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing the service | Art. 6(1)(b) – Contract |
| Payment processing | Art. 6(1)(b) – Contract |
| Security & fraud prevention | Art. 6(1)(f) – Legitimate interest |
| Legal obligations (VAT, invoicing) | Art. 6(1)(c) – Legal obligation |
4. Third-Party Services
- Supabase (authentication & database) — servers in EU. Privacy Policy
- Stripe (payment processing) — PCI DSS compliant. Privacy Policy
- Anthropic / Claude API (AI analysis) — CSV data is sent for processing and not retained. Privacy Policy
- Vercel (hosting) — infrastructure provider. Privacy Policy
5. Data Retention
- Account and subscription data: retained for the duration of the contract plus 10 years (German tax law)
- CSV files: processed in memory only; not stored on our servers
- Access logs: deleted after 30 days
6. Your Rights
Under GDPR, you have the right to:
- Access your personal data (Art. 15)
- Rectification of inaccurate data (Art. 16)
- Erasure ("right to be forgotten") (Art. 17)
- Restriction of processing (Art. 18)
- Data portability (Art. 20)
- Object to processing (Art. 21)
To exercise these rights, contact us at studio.rob8@gmail.com. You also have the right to lodge a complaint with the Berlin data protection authority (BlnBDI).
7. Cookies
We use only technically necessary cookies for authentication (session management via Supabase). We do not use tracking or advertising cookies.
8. Contact
For privacy-related inquiries: studio.rob8@gmail.com