PRIVACY POLICY
LAST UPDATED: FEBRUARY 22, 2026
1. Controller and Contact Information
The controller responsible for data processing on this website is:
FCKN Couture
[Your full legal name / company name]
[Street address]
[Postal code, City]
Germany
Email: [[email protected]]
Website: https://fckncouture.com
Under German law (§ 5 TMG), an Impressum with full contact details is required. Please fill in the bracketed fields with your actual business information before publishing.
2. Overview of Data Processing
This privacy policy explains how we collect, use, store, and protect your personal data when you visit our website, sign up for our mailing list, make a purchase, or interact with us on social media. We process personal data exclusively in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunications-Telemedia Data Protection Act (TTDSG).
We do not sell your data to third parties.
3. Hosting and Technical Infrastructure
Our website is hosted on cloud infrastructure provided by Manus (manus.im). When you access our website, your browser automatically transmits certain technical data to our servers.
| Data Type | Purpose | Legal Basis |
|---|---|---|
| IP address | Connection establishment, security | Art. 6(1)(f) GDPR |
| Date and time of access | Server logs, error diagnosis | Art. 6(1)(f) GDPR |
| Browser type and version | Compatibility, optimization | Art. 6(1)(f) GDPR |
| Operating system | Compatibility | Art. 6(1)(f) GDPR |
| Referring URL | Traffic analysis | Art. 6(1)(f) GDPR |
Server log data is stored for a maximum of 30 days and then automatically deleted. This data is not merged with other data sources.
4. Cookies and Session Management
4.1 Essential Cookies (No Consent Required)
We use strictly necessary cookies that are essential for the operation of our website. Under Article 5(3) of the ePrivacy Directive and § 25(2) TTDSG, these cookies are exempt from consent requirements.
| Cookie | Purpose | Duration | Legal Basis |
|---|---|---|---|
| Session cookie (JWT) | Authentication — keeps you logged in | Session / 7 days | Art. 6(1)(b) GDPR |
| Gate unlock | Remembers splash page access | Persistent (localStorage) | Art. 6(1)(f) GDPR |
| Cart data | Shopping cart contents | Persistent (localStorage) | Art. 6(1)(b) GDPR |
4.2 Analytics (Cookie-Free)
We use Umami Analytics, a privacy-focused, open-source analytics tool. Umami does not use cookies, does not collect any personally identifiable information, and does not track users across websites. All visitor data is anonymized. Umami is fully compliant with GDPR, CCPA, and PECR without requiring cookie consent.
5. Email Newsletter Signup
5.1 Data Collected
| Data | Required | Purpose |
|---|---|---|
| Email address | Yes | Launch notifications, product updates, promotional content |
| Phone number | No (optional) | One-time SMS with 10% discount code |
5.2 Double Opt-In Process
We use a double opt-in process for email subscriptions, as required under German law. After you submit your email address, we send a confirmation email. Your subscription is only activated after you click the confirmation link. Unconfirmed signups are periodically deleted.
Legal basis: Art. 6(1)(a) GDPR (your consent, given by completing the double opt-in process).
5.3 Email Service Provider
Transactional and marketing emails are sent via Postmark (ActiveCampaign, LLC), a US-based email delivery service. Data transfer to the US is covered by Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR.
5.4 Withdrawal of Consent
You may unsubscribe at any time by clicking the "unsubscribe" link in every email, or by contacting us directly.
6. SMS / Phone Number Processing
6.1 Purpose and Scope
If you voluntarily provide your phone number during signup, we use it exclusively to send you a one-time SMS containing your personal 10% discount code. We may also send a single reminder SMS if your discount code is about to expire. No further SMS messages will be sent.
6.2 Consent
By entering your phone number in the signup form, you give explicit consent to receive the one-time discount SMS. The SMS is only sent after you have confirmed your email address via the double opt-in link.
Legal basis: Art. 6(1)(a) GDPR (your explicit consent); § 7(2) UWG.
6.3 SMS Service Provider
SMS messages are sent via Twilio Inc., a US-based communications platform. Data transfer to the US is covered by Standard Contractual Clauses (SCCs) and Twilio's Data Protection Addendum.
6.4 Deletion
You may request deletion of your phone number at any time by contacting us. We will delete it within 30 days.
7. User Accounts and Authentication
7.1 Account Creation
When you create an account, authentication is handled via Manus OAuth. We store your OAuth identifier, name, email address, and login method for account management and order processing.
Legal basis: Art. 6(1)(b) GDPR (contract performance).
7.2 Shipping Information
If you place an order, we store your shipping address for fulfillment purposes.
7.3 Account Deletion
You may request deletion of your account and all associated data at any time by contacting us. We will process your request within 30 days, subject to legal retention obligations.
8. Orders and Payment Processing
8.1 Payment Provider
We use Stripe, Inc. (and its EU subsidiary Stripe Payments Europe, Ltd.) to process payments. When you make a purchase, you are redirected to Stripe's secure checkout page. We do not store your full credit card number, CVV, or card expiration date.
We store only Stripe Customer ID, Checkout Session ID, and Payment Intent ID for order tracking.
Legal basis: Art. 6(1)(b) GDPR (contract performance).
8.2 Order Data
For each order, we store items purchased, order total, currency, shipping address, customer email, order status, and tracking number. This data is retained in accordance with German commercial and tax law.
8.3 Promotional Codes
If you use a discount code during checkout, we record which code was used and the discount applied. This is necessary for accounting and fraud prevention.
9. Abandoned Cart Recovery
If you are logged in and begin a checkout without completing it, we may store your cart contents and send you a reminder email. Legal basis: Art. 6(1)(f) GDPR (legitimate interest). You may object by contacting us.
10. Wishlist and Low-Stock Notifications
If you add products to your wishlist and opt in to low-stock notifications, we may send you an email when a wishlisted product is running low. Legal basis: Art. 6(1)(a) GDPR (your consent).
11. Social Media
Our website contains links to our profiles on the following platforms:
| Platform | Profile | Privacy Policy |
|---|---|---|
| @fckncouture | Instagram Privacy | |
| TikTok | @fckncouture | TikTok Privacy |
| X (formerly Twitter) | @fckncouture | X Privacy |
These are simple external links. No data is transmitted to these platforms when you visit our website. We do not embed social media plugins, tracking pixels, or share buttons.
12. Data Retention
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Server logs | 30 days | Legitimate interest (security) |
| Email signup (unconfirmed) | 30 days, then deleted | Purpose fulfilled |
| Email signup (confirmed) | Until unsubscription | Consent |
| Phone number | Until deletion request or 90 days after discount expiry | Consent |
| User account data | Until account deletion request | Contract performance |
| Order and payment data | 10 years | § 147 AO, § 257 HGB |
| Invoices and receipts | 10 years | § 147 AO |
| Business correspondence | 6 years | § 257 HGB |
13. Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
Right of access (Art. 15) — Request confirmation of whether we process your data and obtain a copy.
Right to rectification (Art. 16) — Request correction of inaccurate data.
Right to erasure (Art. 17) — Request deletion, subject to legal retention obligations.
Right to restriction (Art. 18) — Request restricted processing under certain circumstances.
Right to data portability (Art. 20) — Receive your data in a machine-readable format.
Right to object (Art. 21) — Object to processing based on legitimate interests.
Right to withdraw consent (Art. 7(3)) — Withdraw consent at any time without affecting prior processing.
To exercise any of these rights, contact us at the address provided in Section 1.
14. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority. The competent authority depends on the federal state in which our business is registered. A list is available at: bfdi.bund.de
15. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including encrypted data transmission via TLS/SSL (HTTPS), secure session management with HTTP-only cookies, access controls, and regular security reviews.
16. Third-Party Data Processors
| Service | Provider | Purpose | Transfer Safeguard |
|---|---|---|---|
| Hosting | Manus | Website hosting, database | EU processing |
| Email delivery | Postmark (ActiveCampaign) | Transactional & marketing emails | SCCs |
| SMS delivery | Twilio, Inc. | Discount code SMS | SCCs, DPA |
| Payment | Stripe, Inc. / Stripe EU | Payment processing | EU entity + SCCs |
| Analytics | Umami (self-hosted) | Anonymous analytics | N/A — no PII |
17. Changes to This Privacy Policy
We reserve the right to update this privacy policy to reflect changes in our data processing practices or legal requirements. The "Last updated" date at the top indicates when the policy was last revised.
18. Contact for Data Protection Inquiries
FCKN Couture — Data Protection
Email: [[email protected]]
[Street address]
[Postal code, City]
Germany
This privacy policy was drafted to comply with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Telecommunications-Telemedia Data Protection Act (TTDSG), and the ePrivacy Directive. It should be reviewed by a qualified legal professional before publication.