HomeShop2P
Back to REVEAL

Legal

Privacy Policy

Datenschutzerklärung · Last updated May 2025

1. Controller

The controller responsible for data processing on this website within the meaning of the GDPR is:

A. Möller
Berliner Ring 40
24392 Süderbrarup, Germany
Email: support@revealcardapp.com

2. Data We Collect and Why

Account Data

When you register, we collect your email address and a password hash. Required to provide your account and associate purchased decks with your profile.

Legal basis: Art. 6(1)(b) GDPR — performance of a contract

Purchase Data

When you make a purchase, payment is processed by Stripe. We receive a record of which decks you unlocked and a payment intent reference. We do not store card details.

Legal basis: Art. 6(1)(b) GDPR — performance of a contract

Usage Data

We store your saved favorite cards and display name if you choose to set one.

Legal basis: Art. 6(1)(b) GDPR — performance of a contract

Server Logs

Our hosting provider (Vercel) automatically collects standard server log data including IP address, browser type, and pages visited. Used for security and performance. Deleted after 30 days.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest

3. Third-Party Services

Supabase

Supabase Inc. stores account and purchase data on EU servers (Frankfurt). Acts as a data processor under a DPA.

supabase.com/privacy

Stripe

Stripe, Inc. processes all payments. Certified under the EU-US Data Privacy Framework. You are subject to Stripe's privacy policy when making a purchase.

stripe.com/privacy

Vercel

Vercel Inc. hosts this website and processes server logs as a data processor.

vercel.com/legal/privacy-policy

4. Cookies and Local Storage

We use browser local storage to cache your unlock state for performance — so the app loads without a visible flash. No tracking cookies or advertising cookies are used. The PWA service worker handles offline functionality only — no personal data is stored in the cache.

5. Data Retention

We retain your account and purchase data for as long as your account is active. Upon deletion request, all personal data is removed within 30 days — except where retention is required by law (typically 10 years for financial records under § 147 AO).

6. Your Rights (GDPR Art. 15–22)

Art. 15Right of access — request a copy of your data
Art. 16Right to rectification — correct inaccurate data
Art. 17Right to erasure — request deletion of your data
Art. 18Right to restriction of processing
Art. 20Right to data portability
Art. 21Right to object to processing based on legitimate interest
Right to withdraw consent at any time

To exercise any right, contact support@revealcardapp.com. You may also lodge a complaint with your local data protection authority (in Germany: the relevant Landesbeauftragter für Datenschutz).

7. Security

We use TLS encryption for all data in transit, hashed passwords, and row-level security in our database. No system is completely secure — we cannot guarantee absolute security.

8. Changes to This Policy

We may update this policy from time to time. Registered users will be notified of material changes by email. The date at the top of this page reflects the most recent update.

ImprintTerms of Service