Privacy Policy

Effective date: Dec. 15, 2025
Data controller:
Mark Julien Hahn / Softdrive Foundry
Görlitzer Straße 52, 10997 Berlin, Germany
Email: privacy@softdrivefoundry.com

We are not required to appoint a Data
Protection Officer under Art. 37 GDPR.
For all privacy-related inquiries, please
contact us at privacy@softdrivefoundry.com.

1. What data we collect

Personal data you provide:

• Name, email, billing/shipping address, and payment information for purchases.
• Account information if you register on our website.
• Newsletter or email communication signups. You can unsubscribe from our newsletters or marketing emails at any time by clicking the unsubscribe link in any email or by contacting us at privacy@softdrivefoundry.com.
  
  

Data collected automatically (with your consent):

• IP address and browser/device information (collected for security and technical purposes).
• Pages you visit, clicks, and other interaction data (collected anonymously for analytics and site improvement).
• Cookies for session, cart, and preferences (essential for site functionality).
  

Analytics data:

• We collect anonymized analytics data via Umami, a privacy-focused analytics tool. Umami does not use cookies, does not track individual users, and all data is anonymized. No personal data is stored or shared.

Data from third parties:

• Payment data processed by Stripe (we do not store full credit card numbers).
• Email delivery handled by Resend for newsletters or order confirmations. Resend is a US-based service, and data is transferred to the United States under Standard Contractual Clauses to ensure GDPR compliance.

2. Purpose of data processing

We use your data to:

• Process orders and deliver font licenses.
• Send order confirmations and customer support communications.
• Send newsletters or transactional emails via Resend.
• Improve our website via anonymized analytics.
• Comply with legal obligations (taxes, accounting).

3. Legal basis for processing

• Contract fulfillment: Payment processing and license delivery (Art. 6(1)(b) GDPR).
• Consent: Newsletter and non-essential cookies (Art. 6(1)(a) GDPR).
• Legal obligation: Tax and accounting requirements (Art. 6(1)(c) GDPR).
• Legitimate interest: Analytics and website optimization (Art. 6(1)(f) GDPR).
  
  Our legitimate interest is to improve user experience and website functionality. We only process data that is necessary and consider the impact on your privacy.

4. Sharing data with third parties

We may share your data with:

• Stripe – for payment processing.
• Resend – for sending newsletters or transactional emails.
• Vercel / hosting provider – for secure hosting.
• Umami – for anonymized website analysis.

Some of our processors may transfer data to countries outside the EU/EEA. We ensure adequate safeguards, such as Standard Contractual Clauses, are in place for such transfers. We never sell your personal data to third parties.

5. Cookies and tracking

We use cookies to:

• Enable shopping cart functionality and login sessions.
• Store user preferences.

We do not use tracking cookies for analytics or advertising. Umami analytics does not use cookies or collect personal data.

Note: Users can disable cookies in their browser, but this may affect functionality.

6. Data retention

• Order & invoice data: at least 10 years for tax purposes.
• Email subscription data: until unsubscribed.
• Analytics data: anonymized and retained only as necessary for site improvement.

7. Your rights

You have the right to:

• Access your personal data (Art. 15 GDPR)
• Rectify inaccurate data (Art. 16 GDPR)
• Request deletion (“right to be forgotten”) (Art. 17 GDPR)
• Restrict processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Withdraw consent at any time
• Lodge a complaint with a supervisory authority

Contact for privacy requests:
privacy@softdrivefoundry.com

We will respond to your request within one month of receipt.

8. Security measures

• HTTPS for secure communication
• Tokenized payments via Stripe
• Secure hosting on Vercel
• We implement technical and organizational measures to protect your data, including access controls, encryption, and regular security reviews.

9. Changes to this Privacy Policy

We may update this policy from time to time. We will notify you of any changes by posting the new policy on this page and, where appropriate, by email. The effective date at the top of this policy indicates when it was last updated.