Privacy Policy
Last updated: [DATE]
This policy is provided in English for all of Europe. It explains what personal data we collect when you reserve accounts on PROJECT VESPER, why we collect it, and the rights you have under the General Data Protection Regulation (GDPR).
1. Who is responsible
The data controller is [COMPANY NAME], [ADDRESS], [COUNTRY], registration number [REGISTRATION NUMBER]. For anything related to your personal data, contact [EMAIL].
2. What we collect
- Reservation details: your full name, email address, phone number, selected country and number of accounts.
- Optional details: postal code, address and city, if you choose to provide them.
- Payment status: whether your payment succeeded, the amount, and a payment reference from Stripe. Your card or bank details go directly to Stripe; we never receive or store them.
- Language preference: stored only in your own browser (localStorage), never sent to us.
3. Why we use it
- To register and manage your reservation (performance of a contract).
- To contact you about the reveal, activation of your accounts, and any refunds (performance of a contract).
- To enforce the limit of 5 accounts per person and keep the distribution fair (legitimate interest).
- To meet legal obligations such as bookkeeping and consumer law.
We do not use your data for advertising, we do not sell it, and we do not send marketing emails.
4. What the public can see
The website only ever shows anonymous, aggregated information: how many accounts remain per country, and a feed of recent reservations showing only the country, the number of accounts and the time. Your name, email address and other personal details are never visible to anyone but us, and are shielded at the database level.
5. Who we share it with
- Stripe Payments Europe, Ltd. (Dublin, Ireland): processes your payment.
- Supabase: hosts our database where reservations are stored.
- No other parties, unless we are legally required to.
6. How long we keep it
We keep your reservation data for as long as the release and activation process runs, plus any period required by law (for example, tax law requires us to keep payment records for several years). If your reservation is refunded or never completed, we remove or anonymise your data once those legal periods allow it.
7. Your rights
Under the GDPR you can ask us at any time to access, correct, delete or export the personal data we hold about you, or object to how we use it. Email [EMAIL] and we will respond within one month. You also have the right to lodge a complaint with the data protection authority in your country.
8. Security
Reservation data is stored in a database with row-level security, so that it is technically inaccessible from the public website. Payments run entirely through Stripe's secured environment. Access to personal data is limited to the people who need it to run the release.
9. Contact
[COMPANY NAME] · [ADDRESS] · [EMAIL]