Privacy Policy
Last updated: April 2026
1. Controller
PostCard GmbH (in formation), Musterstraße 1, 12345 Musterstadt, Germany Email: privacy@postcard.app
2. Collection of personal data
When you visit our website, the following data is automatically collected: • IP address (anonymized after 24 hours) • Date and time of access • Browser type and version • Operating system This data is technically necessary and is not combined with other data.
3. Order data
To process a postcard order, we process: • Recipient address (name, street, ZIP, city, country) • Uploaded photo and message text • Payment data (via Stripe — we do not store card data) • Email address (optional, for order confirmation) Legal basis: Art. 6(1)(b) GDPR (contract fulfillment)
4. Third-party services
We use the following third-party services: • Stripe (payment processing) — privacy: stripe.com/privacy • Supabase (database, EU server Frankfurt) — supabase.com/privacy • Print.one (print partner EU) • PostGrid (print partner USA/CA) — postgrid.com/privacy • Resend (email delivery)
5. Retention period
Order data is stored for 3 years (statutory retention obligation). Incomplete order drafts are automatically deleted after 30 days.
6. Your rights
You have the right to: • Access (Art. 15 GDPR) • Rectification (Art. 16 GDPR) • Erasure (Art. 17 GDPR) • Restriction of processing (Art. 18 GDPR) • Data portability (Art. 20 GDPR) • Object (Art. 21 GDPR) Contact: privacy@postcard.app
7. Right to lodge a complaint
You have the right to lodge a complaint with the competent data protection supervisory authority.
8. Cookies
We only use technically necessary cookies (session cookies for authentication). No tracking or marketing cookies are set.