frame 1 frame 2 frame 3 frame 4 frame 5 frame 6 frame 7 frame 8 frame 9 frame 10 frame 11 frame 12 frame 13 frame 14 frame 15 frame 16
Compatibility
Masks
Profile Picture

Privacy Policy

Effective date: 2025-09-16

1) Who we are (Controller)

Controller: {{COMPANY_NAME}} (“we”, “us”).

Contact (privacy): {{PRIVACY_EMAIL}}

No Data Protection Officer is appointed.

You can lodge a complaint with your local data protection authority (in NL: Autoriteit Persoonsgegevens).

2) What data we collect

Account & authentication (Firebase Auth)

  • Identifiers: name, email, password hash and/or identity provider IDs (e.g., Google/Apple if used).
  • Security data: session tokens, IP address, device and browser metadata, login timestamps.

Purchases & site interactions

  • Order details and history; delivery/billing details you provide.
  • Personality test inputs and results you choose to generate and store.
  • Future community features: blog comments, likes, bookmarks (if/when enabled).

Usage & diagnostics

  • Analytics events (pages viewed, clicks, session duration, approximate location from IP) via Google Analytics (with consent where required).
  • Experience insights (heatmaps/session replays with masking) via Hotjar (with consent).
  • Performance/error telemetry (e.g., page load, errors) via New Relic.

Files & media (Firebase Storage)

  • Images or other files you upload (if applicable).

Cookies & similar technologies

  • Essential cookies for login, security, and load balancing.
  • Analytics and experience cookies (Google Analytics, Hotjar) only with your consent.
  • Marketing cookies for email or ad performance, only with your consent.

3) How & why we use data (legal bases)

  • Provide the service (create accounts, authenticate, display content, deliver orders). Art. 6(1)(b) GDPR – contract/steps prior to contract.
  • Security & fraud prevention (detect abuse, ensure availability). Art. 6(1)(f) – legitimate interests.
  • Analytics & product improvement (measure usage, fix issues). Art. 6(1)(a) – consent for non-essential cookies; Art. 6(1)(f) for strictly necessary measurements.
  • Communications (service messages, responding to you). Art. 6(1)(b)/(f).
  • Marketing emails (newsletters, updates) via Mailchimp, only if you opt-in; you can unsubscribe anytime. Art. 6(1)(a) – consent.
  • Legal compliance (tax/accounting, lawful requests). Art. 6(1)(c).

4) Sharing & processors

We use service providers that process data on our behalf under contract:

  • Google Firebase (Authentication, Hosting, Firestore/Realtime Database, Storage)
  • Google Analytics (usage analytics; IP anonymization/configurable retention)
  • Hotjar (experience analytics; masking enabled; consent-based)
  • New Relic (performance monitoring and error diagnostics)
  • Mailchimp (email newsletters and subscriber management)

We may also disclose information if required by law, to protect rights and safety, or in connection with a business transaction (e.g., merger or acquisition) with appropriate safeguards.

5) International data transfers

Where processing involves transfers outside the EEA/UK, we rely on an adequacy decision or appropriate safeguards such as the EU Standard Contractual Clauses (SCCs). You can contact us to request information on relevant safeguards.

6) Data retention

  • Account data: retained while your account is active and for up to 24 months after deletion, unless we must keep it longer for legal reasons.
  • Orders & transaction records: retained as required by law (e.g., up to 7 years for tax/accounting records).
  • Authentication & security logs: typically retained for up to 12 months.
  • Analytics (Google Analytics): retained for up to 14 months (configurable).
  • Hotjar: recordings and heatmaps typically retained for up to 12 months (configurable).
  • New Relic telemetry: diagnostics data typically retained for up to 90 days (configurable).
  • Marketing (Mailchimp): retained until you unsubscribe; we keep a minimal suppression record to honor future opt-out requests.
  • User-generated content (e.g., comments): retained until you delete it or your account is removed.

7) Security

We apply technical and organizational measures appropriate to risk, including HTTPS encryption in transit, access controls, monitoring, and regular updates. No method is 100% secure, but we work to protect your data.

8) Your rights (GDPR)

  • Access, rectification, erasure, restriction, portability, and objection to processing.
  • Withdraw consent at any time (for consent-based processing).
  • Lodge a complaint with a supervisory authority (e.g., in NL: Autoriteit Persoonsgegevens).

To exercise your rights, contact us at {{PRIVACY_EMAIL}}. We may need to verify your identity.

9) Children

This service is not intended for children under 16. We do not knowingly allow accounts for children under 16, or a lower age only where permitted by local law with verifiable parental consent. If you believe a child has provided us personal data, please contact us to delete it.

10) Changes to this policy

We may update this policy from time to time. We will post the updated version here and update the “Effective date”.

11) Contact

Questions or requests? Email {{PRIVACY_EMAIL}}. Controller: {{COMPANY_NAME}}.

Company Logo

Masks

The Architects of Reality

The Faces of Flame

The Silent Currents

The Hands of the Earth

Other

Blog

Compatibility

FAQ

Theory

All rights reserved © Copyright