Privacy policy

Controller (responsible party)

The controller of personal data relating to the website and services offered under the domain nudelab.net is NudeLab, operating nudelab.net (“we”, “us”). Unless otherwise stated on an imprint or legal notice page on this site, contact us regarding privacy matters via the support or contact options linked on nudelab.net (for example the support form).

Categories of personal data

Depending on how you use nudelab.net, we may process: account and order data (e.g. email address, product purchased, download tokens), payment metadata from PayPal as described above, technical data (e.g. IP address, browser type, timestamps in server or security logs), and the content of messages you send us (e.g. support requests, including your email address and name if you provide them).

Purposes of processing

• Operating and securing the website (delivery of pages, protection against abuse)
• Processing purchase contracts: order handling, digital delivery, customer communication
• Sending transactional emails (e.g. download links) to the address you provide at checkout
• Fulfilling legal obligations (e.g. tax and commercial record-keeping where applicable)

Legal bases (GDPR)

Where the GDPR applies, we rely in particular on: (1) performance of a contract (Art. 6(1)(b) GDPR) for processing necessary to complete your order and deliver digital goods; (2) compliance with legal obligations (Art. 6(1)(c) GDPR) for retention and tax-related processing; (3) legitimate interests (Art. 6(1)(f) GDPR) for website security, fraud prevention, and technical operation, where not overridden by your interests; and (4) your consent (Art. 6(1)(a) GDPR) where we ask for it (e.g. non-essential cookies or marketing, if offered).

Payments (PayPal)

If you pay with PayPal, payment processing is carried out by PayPal (Europe) S.à r.l. et Cie, S.C.A. and/or PayPal, Inc. and their affiliates, as applicable. We do not receive your full payment card or bank details. We may receive data from PayPal such as transaction ID, payment status, amount, currency, and the email address associated with your PayPal account, for the purpose of completing and documenting your purchase. PayPal’s privacy policy and terms apply to the payment step. You can find them on PayPal’s website.

Recipients and processors

We use service providers where necessary: for example payment services (PayPal), email delivery (SMTP provider), hosting of the website and database, and optionally Google (reCAPTCHA) for form protection. These providers process data on our instructions or in their own role as controllers (e.g. PayPal for payment) and only to the extent required to provide their service. We select providers with appropriate safeguards and, where required, use data processing agreements (Art. 28 GDPR).

Transfers outside the EEA

Some providers (e.g. PayPal, Google, or hosting) may process data in countries outside the European Economic Area. In such cases, we rely on appropriate safeguards under GDPR, such as the EU Commission’s standard contractual clauses, or other approved mechanisms, as offered by the respective provider’s documentation.

Storage periods

We keep personal data only as long as necessary for the purposes above. Order and purchase records may be retained for the duration of statutory limitation periods and legal retention requirements (often several years for business and tax records, depending on applicable law). Server logs, if kept, are typically rotated or deleted after a short period unless needed to investigate abuse. Download access tokens and related data are kept for as long as needed to provide your download and as described on the product or checkout page (including time-limited links). When data is no longer required, it is deleted or anonymised where possible.

Cookies, local storage, and similar technologies

We use technologies that are necessary to run the site and process orders. For example, a session or preference may be stored in your browser (e.g. to remember that you confirmed the age gate). If we use non-essential cookies or third-party analytics, we will inform you and, where required, ask for consent before setting them. You can control cookies in your browser settings; blocking some cookies may limit site functionality.

Support form and reCAPTCHA

If you use our contact or support form, we process the data you enter (such as name, email, and message) to handle your request. If Google reCAPTCHA is enabled, Google may process technical data (e.g. IP address, browser information) to determine whether the input is from a human. For this, Google Ireland Limited and/or Google LLC may act as processors; see Google’s privacy policy and terms for reCAPTCHA.

Your rights

If the GDPR applies to you, you have the right to: request access to your personal data (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and to object to processing based on legitimate interests (Art. 21). You also have the right to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal. To exercise these rights, contact us via the contact options on nudelab.net. We may need to verify your identity before responding.

Right to lodge a complaint

If you believe that we are processing your personal data unlawfully, you have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement.

Security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, or unauthorised access. No internet transmission is completely secure; you use the service at your own risk to the extent permitted by law.

Children

Our offer is directed at adults. We do not knowingly collect personal data from anyone under the age of 16 (or the age of digital consent in your country) without parental consent. The site may include age-restricted content; do not use the service if you are not of legal age in your jurisdiction.

Changes to this policy

We may update this privacy policy to reflect changes in our processing or legal requirements. The current version is always published on this page with the “last updated” context implied by the site; material changes may be highlighted where appropriate (e.g. on the site or by email for significant account-related changes).