Your data protection rights under the General Data Protection Regulation
Request a copy of all personal data we hold about you, including how it's used and who it's shared with.
Correct any inaccurate or incomplete personal data we hold about you.
Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
Request that we limit how we process your data in certain circumstances.
Receive your data in a structured, machine-readable format to transfer to another service.
Object to processing based on legitimate interests or direct marketing.
To exercise any of your GDPR rights:
We will respond to your request within 30 days as required by GDPR. We may need to verify your identity before processing your request.
Below is a comprehensive list of how we process your data and the legal basis for each activity:
| Activity | Data Used | Legal Basis |
|---|---|---|
| Account Management | Name, email, password, profile details | Contract |
| Payment Processing (Stripe) | Payment details, billing address, VAT number | Contract |
| Stripe Connect Payouts | Bank details, tax ID, business info | Contract |
| Crowdfunding Escrow | Pledge amounts, backer info, campaign details | Contract |
| AI Content Generation (OpenAI) | Product details, category, user prompts | Consent |
| Platform Analytics (PostHog) | Usage data, device info, anonymized IP | Consent |
| Email Communications (SendPulse) | Email, name, notification preferences | Contract |
| Affiliate Tracking (Trackdesk) | Referral data, click IDs, conversions | Consent |
| Collaboration Tools | Messages, files, shared projects | Contract |
| Student Verification | Student ID documents, enrollment proof | Consent |
| Marketing Communications | Email, name, preferences | Consent |
| Fraud Prevention & Security | IP address, transaction patterns, device fingerprint | Legitimate Interest |
| Tax Compliance | VAT numbers, transaction records, invoices | Legal Obligation |
| Two-Factor Authentication | Email, verification codes (temporary) | Legitimate Interest |
We share your data with the following trusted processors:
🔒 Stripe (USA) - Payment Processing & Payouts
PCI-DSS Level 1 certified. EU-US Data Privacy Framework participant.
Stripe Privacy Policy →🤖 OpenAI (USA) - AI Content Generation
GPT-4o for descriptions, policies, terms. Data retained 30 days for abuse monitoring, then deleted.
OpenAI Privacy Policy →📊 PostHog (USA/EU) - Privacy-Focused Analytics
GDPR-compliant analytics. EU cloud hosting available. Only with your consent.
PostHog Privacy Policy →📧 SendPulse (USA) - Email Delivery
Transactional emails, 2FA codes, order confirmations. GDPR-compliant.
SendPulse Privacy →📈 Trackdesk (EU) - Affiliate Tracking
EU-based affiliate platform. Only active if you opt-in to affiliate program.
Trackdesk Privacy →You can manage cookie preferences:
Questions about cookies? Email us at privacy@flence.com