GDPR Rights

Last updated:

1. Data we collect

We only collect data necessary to operate the ebook storefront and process payments:

• Email address — provided during checkout for order confirmation and receipts.
• Order details — items, prices, and timestamps to fulfill purchases.
• Payment metadata — minimal identifiers from payment providers for transaction matching.
• Basic analytics — page views and clicks to improve the site (optional, via cookies).

2. Legal basis for processing

• Contract performance — to process and deliver your ebook orders.
• Legitimate interest — to improve site performance and prevent fraud.
• Consent — for non-essential analytics and marketing cookies.

3. Your GDPR rights

• Access — request a copy of your data.
• Rectification — correct inaccurate data.
• Erasure (“right to be forgotten”) — request deletion of your data.
• Portability — receive your data in a structured, machine-readable format.
• Object — object to processing based on legitimate interest.
• Restrict — limit processing in certain circumstances.

4. How to exercise your rights

Email us at the address shown on the website with “GDPR Request” in the subject. We will respond within 30 days and may request verification to protect your privacy.

5. Data retention

• Order data — retained for 7 years for accounting and legal compliance.
• Analytics data — retained for 13 months (cookies) or 24 months (server logs).
• Email marketing — until you unsubscribe.

6. Sub-processors (payment and technical services)

For payment processing we use the following sub-processors, which may process your email, order reference, and transaction data:

• Stripe — card payments (USA; adequacy / SCCs).
• PayPal — PayPal and card payments (USA / EU; adequacy / SCCs).
• Cryptomus — cryptocurrency payments.
• FreeKassa — regional payment gateway when configured.
• Dodo Payments — card and alternative payments when configured.

We ensure appropriate data protection agreements or safeguards (e.g. standard contractual clauses) where they process personal data. A more complete list and retention details are in our Privacy Policy.

7. International transfers

Some service providers may process data outside the EEA. We ensure appropriate safeguards (e.g. adequacy decisions, standard contractual clauses) and, where required by law, your consent.

8. Cookies and tracking

• Essential cookies — required for site operation (e.g., cart persistence).
• Analytics cookies — optional, used to understand site usage.
• You can manage preferences via the consent banner or browser settings.

9. Data breaches

If a breach occurs that may affect your rights and freedoms, we will notify you without undue delay and in line with legal requirements.

10. Supervisory authority

If you believe your rights are not respected, you may lodge a complaint with your local data protection authority.

11. Contact

For GDPR questions or requests, contact us using the email provided on this website.