Privacy Policy

Information on Data Protection in accordance with Art. 13 GDPR

1. Overview

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. For detailed information on data protection, please refer to our complete privacy policy listed below.

2. Data Controller

Responsible for data processing on this website:
FrictionForm

Email: contact@frictionform.com

The data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

3. Data Collection on This Website

Server Log Files

The provider of this website automatically collects and stores information in server log files that your browser automatically transmits. This includes:

  • Browser type and version
  • Operating system used
  • Referrer URL (the page you visited before accessing our site)
  • Host name of the accessing computer
  • Time of server request
  • IP address

This data is not combined with other data sources. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website.

The data will be deleted after seven days at the latest, unless further storage is required for evidence purposes.

Contact Forms

If you send us inquiries via contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR, if your request is related to the performance of a contract or necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 para. 1 lit. f GDPR).

Order Processing

When you place an order on our website, we collect the following information:

  • Contact information (name, email address)
  • Shipping address
  • Order details (products, quantities, preferences)
  • Payment information (processed securely through our payment provider)

This data is necessary for order fulfillment and is processed based on Art. 6 para. 1 lit. b GDPR (contract performance). We retain this information for the duration required by tax and commercial law (typically 10 years).

4. Cookies and Data Storage

What are Cookies?

Cookies are small text files that are stored on your device when you visit our website. They help us remember your preferences and improve your browsing experience.

Essential Cookies

We use essential cookies that are necessary for the basic functionality of our website. These cookies:

  • cookie-consent: Stores your cookie consent choice (accepted/declined)
  • analytics-consent: Stores your analytics preference (granted/denied)
  • cookie-consent-date: Records when you made your consent choice

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in remembering user preferences)
Duration: 365 days
Purpose: These cookies do not collect personal information and are used solely to remember your cookie preferences.

Analytics Cookies

We use Vercel Analytics, a privacy-focused analytics service, to help us understand how visitors use our website. Analytics cookies are optional and require your explicit consent.

What is Vercel Analytics?

  • Privacy-focused: Does not use third-party cookies or trackers
  • No personal identifiers: Does not store or track any personal information
  • Anonymous tracking: Uses an anonymous, daily-resetting hash of the incoming request to count unique visitors
  • No cross-site tracking: Cannot track you across different websites or applications
  • No persistent identifiers: Your visitor ID resets daily, ensuring anonymity

Provider: Vercel Inc.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent)
Data collected: Page views, referrer URLs, browser type, device type (all anonymized)
Purpose: Understanding site usage patterns to improve user experience
Data retention: Aggregated data retained for analytical purposes; individual page views are anonymized

Marketing Cookies

We do not use any marketing or advertising cookies. We do not use tools like Google Analytics (traditional version), Facebook Pixel, or similar tracking technologies that follow users across websites.

Managing Your Cookie Preferences

You can manage your cookie preferences at any time by:

  • Clearing your browser's local storage (this will reset your consent choice)
  • Using your browser's settings to block cookies (note: this may affect website functionality)
  • Contacting us if you need assistance with your cookie preferences

Your Consent: By using our website, you consent to our use of essential cookies as described above. You have the right to withdraw your consent at any time by clearing your browser's local storage or contacting us.

5. Third-Party Services

Vercel Analytics

With your consent, we use Vercel Analytics to collect anonymized usage statistics. This service is provided by Vercel Inc. and is designed with privacy as a core principle:

  • No cookies are set by Vercel Analytics
  • No personal data is collected or stored
  • Visitor identification uses a daily-resetting, anonymous hash
  • Data cannot be used to identify individuals
  • You can opt out at any time through our cookie preferences

Legal basis: Your explicit consent (Art. 6 para. 1 lit. a GDPR)
Data processor: Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA
Privacy Policy: https://vercel.com/legal/privacy-policy

Payment Processing

We use secure third-party payment processors to handle transactions. Your payment information is transmitted directly to the payment processor and is not stored on our servers. Our payment providers comply with PCI DSS standards to ensure secure handling of payment card information.

Database Services

We use Supabase for secure data storage. All data is encrypted in transit and at rest. Data is stored within the European Economic Area (EEA) to ensure GDPR compliance.

6. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR:

Right of Access (Art. 15 GDPR): You have the right to obtain confirmation whether personal data concerning you is being processed and, if so, to access this data.
Right to Rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate personal data.
Right to Erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data under certain circumstances.
Right to Restriction (Art. 18 GDPR): You have the right to request the restriction of processing under certain circumstances.
Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used format.
Right to Object (Art. 21 GDPR): You have the right to object to the processing of your personal data under certain circumstances.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe the processing violates GDPR.

7. Data Security

We use appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration. Our security measures are continuously improved in accordance with technological developments.

This website uses SSL/TLS encryption for security reasons and to protect the transmission of personal data and other confidential content. You can recognize an encrypted connection by the “https://” in the address line of your browser and the lock symbol in your browser's address bar.

8. Data Retention

Personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Data may be stored for longer periods if required by law (e.g., tax and commercial retention obligations) or if necessary for the establishment, exercise, or defense of legal claims.

9. International Data Transfers

We primarily store and process data within the European Economic Area (EEA). If data is transferred to countries outside the EEA, we ensure adequate protection through appropriate safeguards such as adequacy decisions or standard contractual clauses in accordance with Art. 46 GDPR.

10. Newsletter

If you subscribe to our newsletter, we will use your email address to send you regular updates about our products, promotions, and company news. The legal basis for processing is your consent (Art. 6 para. 1 lit. a GDPR).

You can withdraw your consent and unsubscribe from the newsletter at any time using the unsubscribe link in each newsletter or by contacting us directly. Your email address will then be removed from our newsletter distribution list.

11. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in our data processing practices or legal requirements. The current version is always available on this website. We recommend reviewing this privacy policy periodically. Material changes will be highlighted on our website.

12. Contact for Data Protection Matters

If you have any questions about data protection or wish to exercise your rights under the GDPR, please contact us at:

Email: contact@frictionform.com
Subject: Data Protection Inquiry

13. Legal Basis for Data Processing

We process personal data based on the following legal bases under Art. 6 GDPR:

  • Art. 6 para. 1 lit. a GDPR: Consent of the data subject (e.g., newsletter subscription)
  • Art. 6 para. 1 lit. b GDPR: Processing necessary for contract performance (e.g., order fulfillment)
  • Art. 6 para. 1 lit. f GDPR: Legitimate interests (website security, functionality, and improvement)

Last updated: December 1, 2025

This privacy policy complies with the EU General Data Protection Regulation (GDPR).