PRIVACY POLICY

1. INTRODUCTION

This Privacy Policy explains how [Your Business Name] ("we," "us," or "our") collects, uses, processes, and protects personal data when you use BrickInventory Insights (the "Service") at brickeada.com.

We comply with the General Data Protection Regulation (GDPR) and all applicable data protection laws Drata. This policy applies to all users of our Service, regardless of location.

Data Controller:

• [Your Full Legal Name]
• [Your Business Address]
• Email: [Your Contact Email]
• Phone: [Your Phone Number]

2. DATA WE COLLECT

2.1 Account Information

When you create an account, we collect:

• Name and email address
• Business name (if applicable)
• Account credentials (password - stored encrypted)
• Country/region of operation

2.2 BrickLink Integration Data

When you connect your BrickLink account:

• BrickLink username and store information
• Sales data, inventory data, and order information
• Product catalogs and pricing information
• This data is retrieved via BrickLink API with your authorization

2.3 Usage Data

We automatically collect:

• IP address and browser type
• Device information and operating system
• Pages visited and features used
• Date and time of access
• Referring/exit pages

2.4 Cookies and Tracking Technologies

We use essential cookies for:

• Session management and authentication
• Security and fraud prevention
• Service functionality

We do not currently use analytics or marketing cookies during the beta phase.

3. LEGAL BASIS FOR PROCESSING

We process your personal data based on the following legal grounds under GDPR Article 6(1) Privacy Policy Generator:

4. HOW WE USE YOUR DATA

We use your personal data to:

4.1 Service Delivery

• Create and manage your account
• Process and analyze your BrickLink sales data
• Generate analytics, reports, and insights
• Provide customer support

4.2 Service Improvement

• Improve Service functionality and user experience
• Develop new features
• Perform testing and quality assurance
• Fix bugs and technical issues

4.3 Communication

• Send service-related notifications
• Respond to inquiries and support requests
• Notify you of important changes to Terms or Privacy Policy
• Send beta testing updates (during beta phase)

4.4 Security and Legal

• Detect and prevent fraud and abuse
• Ensure Service security
• Comply with legal obligations
• Enforce our Terms and Conditions

5. DATA SHARING AND TRANSFERS

5.1 Third-Party Service Providers

We share data with carefully selected service providers who assist us:

5.2 Legal Disclosures

We may disclose your data when required by law:

• In response to valid legal processes
• To protect our rights, property, or safety
• To comply with regulatory obligations

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your data may be transferred. You will be notified of any such change.

5.4 No Data Sales

We never sell your personal data to third parties.

6. INTERNATIONAL DATA TRANSFERS

All data is stored on servers located in Germany within the European Union. If we transfer data outside the EU in the future, we will use Standard Contractual Clauses or other approved mechanisms Drata to ensure adequate protection.

7. DATA SECURITY

We implement appropriate technical and organizational measures to protect your data:

7.1 Technical Measures

• SSL/TLS encryption for data transmission
• Encrypted password storage
• Regular security updates and patches
• Firewall and intrusion detection systems
• Secure database access controls

7.2 Organizational Measures

• Access controls and authentication
• Employee training on data protection
• Regular security audits
• Incident response procedures

7.3 Beta Status Notice

During the beta phase, the Service may be less stable than production software. We cannot guarantee 100% data availability. We strongly recommend maintaining your own backups of important data.

8. DATA RETENTION

We retain your personal data only as long as necessary:

Active Accounts:

• Account data: For the duration of your account plus 30 days after deletion
• Usage logs: 90 days from collection
• Support communications: 3 years

Deleted Accounts:

• Most data is permanently deleted within 30 days
• Some data may be retained longer for legal or security purposes (e.g., fraud prevention logs retained for 12 months)

Legal Retention:

Tax and accounting records are retained for the periods required by German law (currently 10 years).

9. YOUR RIGHTS UNDER GDPR

You have the following rights regarding your personal data Drata:

• 9.1 Right of Access (Article 15): You can request a copy of all personal data we hold about you.
• 9.2 Right to Rectification (Article 16): You can request correction of inaccurate or incomplete data.
• 9.3 Right to Erasure (Article 17): You can request deletion of your data ("right to be forgotten"), subject to legal retention requirements.
• 9.4 Right to Restriction (Article 18): You can request limitation of processing in certain circumstances.
• 9.5 Right to Data Portability (Article 20): You can request your data in a structured, machine-readable format.
• 9.6 Right to Object (Article 21): You can object to processing based on legitimate interests.
• 9.7 Right to Withdraw Consent (Article 7): Where processing is based on consent, you can withdraw it at any time.

9.8 Right to Lodge a Complaint

You can file a complaint with your local data protection authority:

10. EXERCISING YOUR RIGHTS

To exercise any of these rights:

• Email: [Your Contact Email]
• Subject Line: "Data Privacy Request - [Your Name]"

We will respond to your request within one month of receipt. In complex cases, we may extend this by two additional months and will inform you.

Identity Verification: To protect your privacy, we may request additional information to verify your identity before processing requests.

11. CHILDREN'S PRIVACY

The Service is intended for business users only. We do not knowingly collect data from individuals under 18 years of age. If we become aware that we have collected such data, we will delete it promptly.

12. AUTOMATED DECISION-MAKING

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

13. DATA BREACH NOTIFICATION

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Drata.

14. COOKIES POLICY

14.1 Essential Cookies

These cookies are necessary for the Service to function:

14.2 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may prevent you from using the Service.

14.3 Future Cookie Use

If we implement analytics or marketing cookies in the future, we will:

• Update this Privacy Policy
• Obtain your consent where required
• Provide clear opt-in/opt-out mechanisms

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy to reflect changes in:

• Our data processing practices
• Legal requirements
• Service features

Notification of Changes:

We will notify you of material changes by:

• Email to your registered address
• Prominent notice on the Service
• At least 30 days before changes take effect

Your continued use of the Service after changes constitutes acceptance.

16. CONTACT US

For questions about this Privacy Policy or our data practices:

• Email: [Your Contact Email]
• Mail:
• [Your Full Name]
• [Your Business Address]
• Germany

Response Time: We aim to respond within 48 hours during business days.

17. SPECIFIC PROVISIONS FOR EU USERS

Data Protection Officer:

As a small business, we are not required to appoint a Data Protection Officer. All privacy inquiries should be directed to the contact information above.

EU Representative:

As we are based in Germany (EU), we do not require an EU representative.

Legal Framework:

This Privacy Policy is governed by GDPR (Regulation (EU) 2016/679) and German Federal Data Protection Act (BDSG).