Back to home

Privacy Policy

Last updated: 2026-05-19

See also our Cookie Policy.

This Privacy Policy explains how ShipTurbo collects, uses, and protects your personal data when you visit our website or use our Service. It is written to comply with the EU General Data Protection Regulation (GDPR) and the ePrivacy Directive.

1. Data controller

  • Name: ShipTurbo (TEMPLATE: registered legal entity name)
  • Registered address: TEMPLATE: registered address
  • Contact: david@studioprime.co

2. Personal data we collect

2.1 Account & service data

  • Name, email, password hash, and account details you provide when signing up.
  • Content you submit through the Service.
  • Communications you send to us (support emails, contact form submissions).
  • Payment metadata returned by Stripe. We do not store full card numbers ourselves.

2.2 Usage & device data (analytics)

  • Pages visited, clicks, session duration.
  • Device and browser information.
  • Approximate location derived from your IP address (city / region level).
  • Identifiers stored in cookies (see our Cookie Policy).

3. Legal basis (GDPR Article 6)

  • Performance of a contract (Art. 6(1)(b)) — to provide the Service.
  • Legitimate interest (Art. 6(1)(f)) — to keep the Service secure and improve it.
  • Consent (Art. 6(1)(a)) — for non-essential cookies and similar technologies, where applicable.
  • Legal obligation (Art. 6(1)(c)) — when required by law.

4. Purposes of processing

  • Service operation: authentication, storing your data, sending transactional emails.
  • Analytics: pageview counting via Google Analytics 4, loaded through Google Tag Manager.

We do not sell your personal data.

5. Third-party processors

We rely on the following processors, each acting under a Data Processing Agreement (Art. 28 GDPR):

  • Google LLC (Google Tag Manager + Google Analytics 4) — tag management and analytics. US transfers under the EU-US Data Privacy Framework. Privacy policy.
  • Cloudflare, Inc. — hosting, content delivery, edge security, transactional email, D1 database, R2 object storage. Privacy policy.
  • TEMPLATE: add Stripe, Sentry, PostHog, etc. — whatever your fork actually uses.

6. Retention

  • Google Analytics 4 data: 14 months from your last visit.
  • Account data: for as long as your account is active.
  • Cookie consent record: 6 months (only when Full tier is enabled).
  • Server logs: typically 30 days.

7. Your rights

Under GDPR Articles 15–22, you have the right to:

  • Access the personal data we hold about you.
  • Rectification of inaccurate data.
  • Erasure ("right to be forgotten").
  • Restriction of processing.
  • Portability in a machine-readable format.
  • Object to processing based on legitimate interest.
  • Withdraw consent at any time.

To exercise any of these rights, email david@studioprime.co.

8. Supervisory authority

TEMPLATE: name your relevant data protection authority. EU example: Agencia Española de Protección de Datos (Spain, www.aepd.es).

9. Changes

We may update this Policy. Material changes will be announced on this page and the "Last updated" date will change.

Changelog

  • 2026-05-19: Initial template, ships with the ShipTurbo boilerplate.