Privacy Policy

The controller responsible for data processing under the GDPR is:

SULDOK UG (haftungsbeschränkt), Uhlandstraße 32, c/o Mindspace, 10719 Berlin, Germany.

Represented by: Yunchang Kang. Email: hello@suldok.com.

Account data: name and email address, plus any details you provide when registering, subscribing to the newsletter, or contacting support.

Order and payment data: order contents, delivery/billing address, payment status (payment details are processed by our payment provider).

Technical data: server-side log data (e.g. IP address, timestamp) for security and stability.

Age verification: confirmation that you are at least 18 years old (JuSchG).

Performance of a contract (Art. 6(1)(b) GDPR): processing orders, managing membership, your account.

Legal obligations (Art. 6(1)(c) GDPR): commercial/tax retention, youth protection.

Legitimate interest (Art. 6(1)(f) GDPR): security, fraud prevention, platform stability.

Consent (Art. 6(1)(a) GDPR): newsletter and any non-essential cookies. You can withdraw consent at any time.

We use carefully selected providers as processors (Art. 28 GDPR):

Stripe (payment processing; third-country transfer based on SCC/EU-US DPF).

Resend (transactional email).

Google Cloud Platform (hosting, storage, and server-side operational logging/tracing via Cloud Logging/Cloud Trace, EU region) and Firebase / Google Identity Platform (authentication).

PostHog (product and reach analytics; EU-hosted via eu.posthog.com, only with your consent; any third-country transfer based on SCC/EU-US DPF).

Account data: until account deletion plus statutory retention periods.

Invoice/accounting data: up to 10 years (Sec. 147 AO, Sec. 257 HGB).

Server-side log data: short-term for security and error analysis.

You have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and objection (Art. 21), as well as the right to withdraw any consent at any time with effect for the future (Art. 7(3)).

To exercise these rights, simply email hello@suldok.com.

You also have the right to lodge a complaint with a supervisory authority, e.g. the Berlin Commissioner for Data Protection and Freedom of Information.

We use necessary cookies on the basis of Sec. 25(2) TDDDG. Non-essential cookies only with your consent (Sec. 25(1) TDDDG).

For reach and usage analytics we use PostHog (EU-hosted) only after your consent (Analytics category); only then is PostHog loaded and sets cookies or local identifiers in your browser. Without consent PostHog is not initialised. Our server-side operational logs (Google Cloud) set no cookies. See our Cookie Policy for details; you can change your choice at any time via cookie settings.

Privacy questions: hello@suldok.com.

A data protection officer will be appointed where legally required (Art. 37 GDPR).