← Back to home
Legal

Privacy Notice

Last updated: 25 April 2026

1. Controller

The data controller responsible for the processing of your personal data is:

Ersan Yüksel

operating as WTDM

Gothaerstraße 10

27755 Delmenhorst, Germany

Email: contact@vikkisky.com

2. Categories of Personal Data & Purposes

We process the following categories of data:

  • Account data (email address, authentication identifiers from Google sign-in) — to create and manage your account. Legal basis: Art. 6(1)(b) GDPR (contract).
  • Order & access data (transaction ID, product purchased, granted access status) — to deliver the digital product. Legal basis: Art. 6(1)(b) GDPR (contract).
  • Consent records (timestamped withdrawal-waiver consent) — to comply with § 356 (5) BGB and § 312f BGB. Legal basis: Art. 6(1)(c) GDPR (legal obligation).
  • Support correspondence — to handle your requests. Legal basis: Art. 6(1)(b) and (f) GDPR.
  • Technical logs (IP address, user agent, timestamps) — for security and fraud prevention. Legal basis: Art. 6(1)(f) GDPR (legitimate interests).

Payment data (card details, billing address, tax data) is collected and processed by Stripe on our behalf as our payment service provider; we (Ersan Yüksel, operating as WTDM) remain the Merchant of Record. See section 4 for details.

3. User-Uploaded Reference Content

If you upload reference images or describe real persons in your prompts, you are responsible for ensuring you have the legal right to use such material (e.g. consent of depicted persons under Art. 9 GDPR for biometric data, or copyright clearance). We do not proactively analyze upload content but reserve the right to remove content that violates these terms.

4. Data Sharing & Processors

We share personal data with the following categories of recipients, all of which act as processors or independent controllers under appropriate agreements:

  • Stripe Payments Europe Ltd. (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) — payment service provider for card processing, fraud screening, and transaction handling. We act as the Merchant of Record; Stripe acts as our processor.
  • Supabase Inc. — hosting of authentication, database, and backend infrastructure.
  • Google LLC — authentication via Google Sign-In (only if you choose this method).
  • Professional advisers (legal, accounting) where necessary.
  • Authorities where required by law.

5. International Transfers

Some of our processors are located outside the EU/EEA (notably in the United States). Where personal data is transferred outside the EEA, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) and applicable adequacy decisions.

6. Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law (in particular tax and commercial retention obligations of up to 10 years). Account data is deleted on request or after prolonged inactivity, subject to those legal retention periods.

7. Your Rights under GDPR

You have the right to: access, rectification, erasure, restriction of processing, data portability, objection to processing based on legitimate interests, and withdrawal of consent at any time. You also have the right to lodge a complaint with a supervisory authority (in Germany: the data protection authority of your federal state). We will respond to your request within one month.

To exercise your rights, contact contact@vikkisky.com.

8. Security

We apply appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS), encryption at rest at our hosting providers, access controls, and authentication safeguards.

9. Cookies

We use only essential cookies required to operate the Service (e.g. authentication session). We do not use marketing or advertising cookies. Where we add analytics in the future, we will request your consent beforehand.