1. Controller
prouct Physische & digitale Produkte, Owner Salim Askarzada, Römerstraße 27, 82205 Gilching, Germany
Email: hello@prouct.com
Last updated: 2 July 2026
We take the protection of your personal data seriously. Below we inform you pursuant to Articles 13 and 14 GDPR about the processing of personal data when using prouct.com.
prouct Physische & digitale Produkte, Owner Salim Askarzada, Römerstraße 27, 82205 Gilching, Germany
Email: hello@prouct.com
You have the following rights regarding your personal data:
You have the right to lodge a complaint with a supervisory authority. For Bavaria, Germany: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Postfach 1349, 91504 Ansbach, https://www.lda.bayern.de
Our website is hosted by Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA. When you visit the site, server log data is processed (e.g. IP address, date and time of access, requested URL, referrer, browser type and operating system).
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in secure and stable operation).
Vercel processes data partly in the USA. Transfers rely on EU Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework. A data processing agreement with Vercel should be in place.
We use Supabase Inc. for user accounts, database, file storage and authentication. The database region is configured in the European Union (Frankfurt).
Data processed: account data, profiles, product submissions, comments, votes, uploaded files and consent logs.
Legal basis: Art. 6 (1) (b) GDPR (contract performance) and Art. 6 (1) (f) GDPR (platform operation).
Supabase Inc. is based in the USA. Transfers rely on EU Standard Contractual Clauses. A DPA with Supabase should be in place.
When you register we process email address, password (hashed by Supabase, not stored in plain text), display name and optional profile data (username, bio, website, avatar, notification preferences).
Legal basis: Art. 6 (1) (b) GDPR (user contract).
You can export your data and delete your account in account settings.
Logged-in users may post comments, upvote products and maintain a public profile. We process comment text, user ID, display name/username and vote associations.
Legal basis: Art. 6 (1) (b) GDPR and Art. 6 (1) (f) GDPR (community features).
Public profiles and comments are visible to other visitors.
When submitting listings we process contact and product data (name, email, company details, descriptions, pricing, social links, location data for physical products where provided). Submissions are possible without an account.
Published listings and location details may be publicly visible.
Legal basis: Art. 6 (1) (b) GDPR and Art. 6 (1) (f) GDPR.
Users may optionally submit video applications with pitch text and contact email.
Legal basis: Art. 6 (1) (b) GDPR or Art. 6 (1) (a) GDPR (consent) where voluntary.
Uploaded avatars and product images are stored in public Supabase storage buckets and accessible via public URLs.
Allowed formats: JPEG, PNG, WebP, GIF (max. 5 MB).
Legal basis: Art. 6 (1) (b) GDPR.
Supabase Auth sends transactional emails for registration, email confirmation and password reset. We do not operate a separate email infrastructure.
Legal basis: Art. 6 (1) (b) GDPR.
When you contact us by email or contact form we process the data you provide (name, email, message, optional phone number if callback requested) to handle your request.
Legal basis: Art. 6 (1) (b) GDPR (pre-contractual measures) or Art. 6 (1) (f) GDPR (legitimate interest in responding to inquiries).
Data is deleted once your request has been fully handled, unless statutory retention obligations apply.
We use technically necessary cookies and local storage (session cookies for login, language preference, cookie notice acknowledgment). We do not use analytics or marketing cookies.
Legal basis: Section 25 (2) no. 2 TDDDG (technically required) and Art. 6 (1) (f) GDPR.
See our cookie policy for details.
If enabled in production, Sentry (Functional Software Inc., USA) may be used for error and crash monitoring. Technical data such as IP address, browser information, accessed paths and error messages may be processed.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in platform stability and security).
Sentry is only active when the corresponding configuration is set in the production environment.
As of this policy we do not use tools such as Google Analytics, Meta Pixel, Plausible, PostHog or comparable analytics/marketing services.
The Inter font is delivered locally via Next.js (self-hosted). No Google Fonts servers are contacted when pages load.
Icons are loaded offline from bundled packages (no external icon CDNs).
Personal data is deleted when the purpose of storage no longer applies and no statutory retention obligations exist. You can export and delete account data at any time in account settings.
Note: This privacy policy describes data processing actually implemented in the platform code. Final review by a qualified lawyer or DPO is recommended.