Orb of Notions

Privacy Policy

Effective 1 June 2026 · GDPR (EU Regulation 2016/679)

1. Data controller

Marek Rybář, sole trader (fyzická osoba podnikatel), IČO 19739052, Libštát 116, 512 03 Libštát, Czech Republic. Contact: [email protected].

2. Personal data we collect

Account: email address, display name (optional), session token.

Orders: full name, shipping address, email, phone, order details (product, uploaded image, price, status).

Payments: processed entirely by Stripe or Shopify — your card details never reach our servers.

Technical: server-side IP logs and User-Agent strings for security purposes.

3. Purposes and legal bases

Contract performance (Art. 6(1)(b) GDPR): processing orders, fulfillment, delivery, customer support.

Legitimate interest (Art. 6(1)(f) GDPR): app security, fraud prevention, server logs.

Consent (Art. 6(1)(a) GDPR): non-essential cookies (if used).

Legal obligation (Art. 6(1)(c) GDPR): retention of accounting records (5 years under Czech law).

4. Third-party processors

Printify, Inc. (USA) — receives your shipping address and uploaded image to produce and ship the order. Transfer under EU Standard Contractual Clauses.

Stripe, Inc. (USA) — payment processing. PCI DSS Level 1 certified. Transfer under SCCs.

Shopify Inc. (Canada) — alternative checkout channel. Transfer under EU adequacy decision for Canada.

Railway Technologies, Inc. (USA) — application hosting. Transfer under SCCs.

5. International transfers

All processors outside the EU/EEA are covered by Standard Contractual Clauses or another appropriate safeguard under Art. 46 GDPR.

6. Retention

Order data: 5 years (statutory accounting requirement).

User account: until deletion, then 30 days.

Server logs: 30 days.

7. Your rights

You have the right to access, rectify, erase, restrict, or port your data, and to object to processing. Email [email protected] — we will respond within 30 days.

You may also lodge a complaint with the Czech data protection authority: uoou.cz.

8. Cookies

We use strictly necessary session cookies for authentication. No consent is required for these. If we introduce analytics cookies in the future, we will ask for your consent via a cookie banner first.

9. Changes

We will notify you of material changes by email or website notice at least 14 days in advance.

Controller: Marek Rybář · Libštát 116, 512 03 Libštát, Czech Republic · IČO: 19739052 · [email protected]