Privacy Policy

Last updated: June 2026 — equilibric di Alberto Tacconi, Switzerland

1. Data Controller

The data controller responsible for your personal data is:

equilibric di Alberto Tacconi
Strada Regina 4a, 6832 Pedrinate, Switzerland
E-mail: privacy@floradigital.art

2. What Data We Collect and Why

When you make a purchase

We collect your e-mail address for the following purposes:

• Contract performance (Art. 6(1)(b) GDPR / Art. 30 nDSG): to send you the download link and fulfil your order.
• Customer support: to assist with any issues related to your purchase (e.g. expired links, technical problems).
• Legal obligation (Art. 6(1)(c) GDPR): to retain order records as required by Swiss accounting and tax law.

Payment details (card number, billing address) are entered directly on Stripe's secure page and are never transmitted to or stored by Flora Digital. We only receive a confirmation token from Stripe.

When you use the website

Our hosting provider (Vercel) automatically logs standard server data: your IP address, browser type, referring URL, and pages visited. This data is retained for a short period for security and debugging purposes and is not used for profiling or advertising.

3. Third-Party Data Processors

We share your data with the following processors solely to operate the service. Each is bound by a Data Processing Agreement and handles data in accordance with applicable data protection law:

• Stripe — payment processing. Your payment details are handled directly by Stripe and never stored by us. Stripe is certified PCI-DSS Level 1. Stripe Privacy Policy
• Supabase — secure database and file storage. Your e-mail address and order record are stored in a Supabase database. Download links are cryptographically signed and expire after 24 hours. Supabase Privacy Policy
• Vercel — website hosting and serverless functions. Standard server logs (IP address, request path, timestamp) may be retained briefly for security purposes. Vercel Privacy Policy
• Brevo (formerly Sendinblue) — e-mail delivery. Your e-mail address is transmitted to Brevo to send transactional e-mails (order confirmation, download links) and, if you have opted in, marketing e-mails (newsletter). Brevo processes data on servers located in the EU. Legal basis: contract performance for transactional e-mails; consent (Art. 6(1)(a) GDPR) for marketing e-mails. You can withdraw marketing consent at any time via the unsubscribe link in each e-mail. Brevo Privacy Policy

4. International Data Transfers

Your data may be transferred outside Switzerland and the EEA. Switzerland is recognised by the EU as providing adequate data protection. For transfers to the United States (by Stripe, Vercel, and Supabase), these processors rely on Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional technical and organisational measures. Brevo processes data within the EU.

5. Data Retention

• Order records (e-mail, purchase date, product): retained for 10 years to comply with Swiss accounting law (Obligationenrecht Art. 958f). After this period, records are permanently deleted.
• Download logs (IP address, download timestamp): retained for 90 days for fraud prevention, then deleted.
• Server logs (Vercel): retained for a few days per Vercel's standard policy.

6. Your Rights

Under the GDPR (for EU/EEA residents), the UK GDPR (for UK residents), and the Swiss Federal Act on Data Protection (nDSG, for Swiss residents), you have the following rights:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate data.
• Erasure — request deletion of your data, subject to legal retention obligations (we cannot delete order records still within the mandatory 10-year accounting period).
• Restriction — request that we limit processing of your data in certain circumstances.
• Portability — receive your data in a machine-readable format.
• Objection — object to processing based on legitimate interests.

To exercise any of these rights, contact us at privacy@floradigital.art. We will respond within 30 days.

7. Right to Lodge a Complaint

If you believe your data has been processed unlawfully, you have the right to lodge a complaint with a supervisory authority:

• Switzerland: Federal Data Protection and Information Commissioner (FDPIC / EDÖB)
• EU residents: the data protection authority of your EU member state.
• UK residents: Information Commissioner's Office (ICO)

8. Data Protection Officer

Given the scale and nature of our data processing, we are not required to appoint a Data Protection Officer. For any data-protection enquiries, please contact us at the address above.

9. Automated Decision-Making

We do not use automated decision-making or profiling as defined in Art. 22 GDPR.

10. Contact

For any privacy-related enquiries, contact us at privacy@floradigital.art.