Privacy Policy
Last updated: April 15, 2026
1. Controller
Berry Block GmbH, Rothenbaumchaussee 40, 20148 Hamburg, Germany
Email: kova@berryblock.io
Commercial register: HRB 162776, Amtsgericht Hamburg
2. Data We Collect
Account data: Name, email address, company name, and region provided during registration.
Usage data: Analytics metrics (GMV, sessions, conversion rates) synced from your Google Analytics 4 property via the GA4 Data API. This data is collected on your behalf and used solely for billing and reporting purposes.
Payment data: Processed by Stripe, Inc. We do not store credit card numbers on our servers.
Technical data: IP address, browser type, and access timestamps collected via server logs for security and performance monitoring.
3. Legal Basis (GDPR Art. 6)
We process your data based on: (a) performance of a contract (Art. 6(1)(b)) for providing our billing services; (b) legitimate interest (Art. 6(1)(f)) for security and fraud prevention; (c) legal obligation (Art. 6(1)(c)) for tax and accounting requirements.
4. Data Sharing
We share data only with: (a) Stripe for payment processing; (b) Vercel for hosting; (c) Neon for database hosting (EU region); (d) Resend for transactional emails; (e) Google Analytics Data API for usage data collection. All processors are GDPR-compliant with appropriate data processing agreements in place.
5. Data Retention
Account data is retained for the duration of your subscription plus 36 months for legal and accounting purposes. Usage data retention is configurable per merchant (default: 36 months). You may request deletion at any time.
6. Your Rights
Under GDPR, you have the right to: access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. To exercise these rights, contact us at kova@berryblock.io.
7. Data Security
We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest, role-based access control, and regular security audits. Our database is hosted in the EU (Frankfurt) with point-in-time recovery enabled.
8. Cookies
We use only essential cookies required for authentication and session management. We do not use tracking cookies or third-party advertising cookies.
9. Changes
We may update this policy from time to time. Significant changes will be communicated via email to registered users.