The Original. Rebuilt.V2milliondollarhomepage
$8,600

Privacy Policy

How we handle personal data under the EU General Data Protection Regulation (GDPR).

1. Who we are

This site is operated by Status-FY, Inh. Daniel Meier, based in Germany. The full operator details are in our Legal Notice. The operator is the data controller for the purposes of GDPR Art. 4(7).

2. What data we collect

  • Name and email address you provide at checkout
  • Payment data — handled directly by our payment processors; we receive only a confirmation and a payment reference
  • Pixel purchase metadata — block position, dimensions, uploaded image, link URL, and optional label
  • IP address and request metadata in standard server access logs

3. Why we collect it

  • Order fulfillment — displaying your block on the canvas
  • Fraud prevention and abuse mitigation
  • Legal obligations — German tax and commercial record-keeping

Legal bases: GDPR Art. 6(1)(b) (contract performance), Art. 6(1)(c) (legal obligation), Art. 6(1)(f) (legitimate interests in fraud prevention and service security).

4. Third-party processors

  • Stripe, PayPal, Coinbase Commerce — payment processing
  • Hetzner — hosting (servers located in the European Union)
  • Google Vision API — image moderation at upload time

Where transfers occur outside the EU, they are governed by Standard Contractual Clauses and the provider's GDPR data processing terms.

5. Data retention

  • Purchase records — retained for 7 years to comply with German commercial and tax law (§ 257 HGB, § 147 AO)
  • Server access logs — retained for 30 days, then deleted
  • Block content — retained for the lifetime of the canvas, or until removed on a valid request

6. Your rights

Under GDPR Articles 15–20 you have the right to:

  • Access the personal data we hold about you (Art. 15)
  • Have inaccurate data rectified (Art. 16)
  • Request erasure of your data, subject to legal retention duties (Art. 17)
  • Restrict or object to processing (Art. 18, 21)
  • Receive your data in a portable, machine-readable format (Art. 20)
  • Withdraw consent at any time, where consent is the basis

7. Contact for data requests

Send data subject requests to [email protected]. We respond within 30 days as required by GDPR Art. 12(3).

8. Supervisory authority

You have the right to lodge a complaint with your local EU data protection authority. A list is available at edpb.europa.eu.