Privacy Policy

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you.

IndustriumX — Luke Steinfartz

Zum Schiersteiner Grund 7

55127 Mainz, Deutschland

Phone: +49 176 18377701

E-Mail: luke@industriumx.com

The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

Cookies & Local Storage

This website uses technically necessary cookies (session cookies for Supabase authentication, shopping cart in LocalStorage). These are required for login, cart, and order processing — legal basis Art. 6(1)(f) GDPR in conjunction with § 25(2)(2) TTDSG.

We also operate first-party reach measurement (see section 7). This runs only after your consent via the cookie banner — legal basis Art. 6(1)(a) GDPR, § 25(1) TTDSG. You may withdraw consent at any time by clearing your browser LocalStorage.

Server Log Files

The hosting provider (Vercel, see section 8) automatically collects information in server log files: browser type/version, operating system, referrer URL, hostname, time of request, IP address. Legal basis: Art. 6(1)(f) GDPR (security and stability of the service). Logs are typically deleted after 30 days at Vercel.

Contact Form / Quote Request

When you contact us via the quote form, your data (name, email, uploaded file, technical specifications) is stored to process your request. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures).

Registration / Customer Account

During registration, email address and optionally name are stored. Before activation we send a six-digit verification code by email (double opt-in); the code is deleted after successful verification or no later than 24 hours after sending. In the profile, the phone number is optional and used solely for order-related queries. Authentication is handled via Supabase Auth. Legal basis: Art. 6(1)(b) GDPR.

For orders, we collect: name, email, shipping address, ordered products, and selected color/material/size options. This data is processed for contract fulfillment (Art. 6(1)(b) GDPR) and stored according to legal retention periods (6–10 years, §§ 147 AO, 257 HGB).

Stripe

Payments are processed via Stripe Payments Europe Ltd. (Ireland); its parent Stripe Inc. (USA) may process data. We send Stripe your name, email, shipping address, and order line items; payment details (e.g. card data) are entered directly with Stripe — we do not store card data. Privacy: https://stripe.com/privacy. Legal basis: Art. 6(1)(b) GDPR. Transfers to the USA are based on the EU-US Data Privacy Framework (Stripe is certified) and supplementary Standard Contractual Clauses.

Resend

For sending transactional emails (order confirmation, status updates, invoices, verification codes), we use Resend (Resend Inc., USA). Resend receives recipient email and message content. Privacy: https://resend.com/legal/privacy-policy. Legal basis: Art. 6(1)(b) GDPR. Transfer to the USA based on EU-US Data Privacy Framework and Standard Contractual Clauses; data processing agreement (DPA) is in place.

Vercel

This website is hosted on Vercel Inc. (USA). Vercel processes IP addresses and request data to deliver the website. Privacy: https://vercel.com/legal/privacy-policy. Transfer based on EU-US Data Privacy Framework (Vercel certified) and Standard Contractual Clauses; DPA in place.

Supabase

Database, authentication, and file upload are provided by Supabase Inc. (USA). Supabase stores user data, orders, and uploaded files. Our Supabase instance runs in the EU region (Frankfurt / eu-central-1). Privacy: https://supabase.com/privacy. Where data is transferred to the US parent, this is based on the EU-US Data Privacy Framework and Standard Contractual Clauses; DPA in place.

We operate first-party server-side reach measurement in our Supabase database to analyse site usage and performance. Collected: anonymous session ID (random UUID stored in browser SessionStorage), page visited, referrer URL, user-agent, UTM parameters, approximate country (derived from IP), web-vitals metrics, and product views.

No third-party analytics (e.g. Google Analytics) are used. Data is not sold for advertising. Legal basis: Art. 6(1)(a) GDPR (consent via cookie banner) in conjunction with § 25(1) TTDSG. Retention: 12 months from collection. You may withdraw consent at any time.

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent (Art. 7(3) GDPR)

Logged-in users can export their data or delete their account along with all related personal data under "My Account → Privacy" (statutory retention obligations for invoice/order data remain; affected records are pseudonymised in that case).

Send requests by email to luke@industriumx.com. You also have the right to lodge a complaint with a data protection supervisory authority — competent authority: Landesbeauftragter für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz (https://www.datenschutz.rlp.de).

Personal data is deleted as soon as the purpose of storage no longer applies, unless statutory retention obligations prevent this (in particular §§ 147 AO, 257 HGB for invoices and accounting records: 10 years).

We reserve the right to update this privacy policy to reflect changes in legal requirements or service modifications.

Last updated: April 2026