Privacy Policy

This privacy policy explains the nature, scope and purpose of the processing of personal data when visiting and using coloreo.shop in accordance with the General Data Protection Regulation (GDPR).

1. Controller

FZ-Capital GmbH
【 PLATZHALTER – vor Go-Live durch echte Angaben ersetzen 】
Managing Director: 【 PLATZHALTER – vor Go-Live durch echte Angaben ersetzen 】
Email: hallo@coloreo.shop

2. Data processed, purposes and legal bases

a) Purchase & delivery. On purchase we process your email address, order data (products, order number, amount) and payment data handled by our payment provider. Purpose: contract performance, provision of the download link, order confirmation. Legal basis: Art. 6(1)(b) GDPR; for tax retention Art. 6(1)(c) GDPR.

b) Personalized watermark. Each delivered PDF is marked with your email address and order number as a visible watermark to prevent unauthorized sharing. Legal basis: Art. 6(1)(b) and (f) GDPR (legitimate interest in protecting our digital products).

c) Customer account / "My Library". Optionally you can create an account via magic link (passwordless login). We process your email address and the link to your orders. Legal basis: Art. 6(1)(b) GDPR.

d) Newsletter & free sample pages. If you subscribe or request free samples, we process your email via double opt-in. Legal basis: Art. 6(1)(a) GDPR (consent). You can unsubscribe at any time via the link or by emailing hallo@coloreo.shop.

e) Server log files. Technically required data (IP address, date/time, requested resource, browser/device data) is processed by our host. Legal basis: Art. 6(1)(f) GDPR.

f) Support chatbot. For our AI support assistant your chat inputs are processed to answer your request. Please do not enter sensitive data. Legal basis: Art. 6(1)(b)/(f) GDPR.

3. Processors

Hosting: Vercel Inc., USA.
Database, authentication & file storage: Supabase (EU region).
Payments: Stripe Payments Europe, Limited, Ireland (card & PayPal). We do not store full card data.
Email delivery: ALL-INKL.COM – Neue Medien Münnich, Germany.
AI support chatbot: Anthropic PBC, USA.
Analytics: PostHog (EU hosting) – consent only, see section 5.

4. Transfers to third countries

Some services (e.g. Vercel, Anthropic, Stripe group) may process data in the USA. Where no adequacy decision applies, transfers are based on the EU Standard Contractual Clauses (Art. 46 GDPR) and additional safeguards.

5. Cookies & analytics

Technically necessary cookies (cart, login) are used under Art. 6(1)(f) GDPR / § 25(2) TDDDG. Analytics via PostHog (EU hosting) only takes place with your consent via the cookie banner (Art. 6(1)(a) GDPR). No session recordings. You can withdraw consent at any time.

6. Retention

We keep personal data only as long as necessary. Order and invoice data are subject to statutory retention periods (typically 6–10 years). Newsletter data is kept until consent is withdrawn.

7. Your rights

You have the right to access, rectification, erasure, restriction, data portability and objection, and to withdraw consent at any time. Contact: hallo@coloreo.shop. You also have the right to lodge a complaint with a supervisory authority.