GPSR Kit
Sign inGet Started

Privacy Policy

Last updated: January 15, 2026

1. Introduction

GPSR Kit ("we," "us," or "our") operates a web-based software service that helps businesses create EU General Product Safety Regulation (GPSR) compliance documentation. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our service.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our service, you agree to the collection and use of information as described in this policy.

Contact:
GPSR Kit
Email: gpsrhelp@gmail.com

2. Data We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address (required for account login and communication)
  • Business name (displayed on your GPSR documents)
  • Country (to determine applicable regulations)
  • Password (stored securely using industry-standard hashing)

2.2 Product Data

When you use our service to create compliance documents, we store:

  • Product names, SKUs, and descriptions
  • Manufacturer and responsible person contact details
  • Safety warnings and risk assessments
  • Technical documentation you provide

2.3 Payment Information

We use Stripe to process payments. We do not store your full credit card number or CVV. Stripe handles payment data in compliance with PCI-DSS standards. We receive and store:

  • Your Stripe customer ID
  • Subscription status and plan type
  • Payment history (amounts, dates, invoice IDs)
  • Last 4 digits of your card (for display purposes only)

2.4 Technical Data

We automatically collect:

  • IP address
  • Browser type and version
  • Device type
  • Pages visited and actions taken
  • Date and time of access

3. Why We Collect Your Data

We use your data for the following purposes:

PurposeLegal Basis (GDPR)
Providing the service (creating documents, storing products)Contract performance
Processing paymentsContract performance
Sending account-related emails (password reset, receipts)Contract performance
Preventing fraud and abuseLegitimate interest
Improving the serviceLegitimate interest
Marketing communications (if opted in)Consent

4. How Long We Keep Your Data

We retain your data for the following periods:

  • Account data: For as long as your account is active, plus 30 days after deletion to allow for recovery.
  • Product data: For as long as your account is active. Deleted immediately when you delete a product or close your account.
  • Payment records: 7 years after the transaction, as required for tax and accounting purposes.
  • Technical logs: 90 days for security and troubleshooting purposes.

5. Who We Share Your Data With

We share data only with the following service providers:

Stripe (Payment Processing)

Processes payments securely. Stripe is PCI-DSS compliant.

Privacy: stripe.com/privacy

MongoDB Atlas (Database)

Stores your account and product data. We use EU-based data centers.

Privacy: mongodb.com/legal/privacy-policy

Vercel (Hosting)

Hosts our web application. Data is processed in accordance with their privacy policy.

Privacy: vercel.com/legal/privacy-policy

We do not sell your data. We do not share your data with advertisers or data brokers.

6. Your Rights Under GDPR

If you are in the EU/EEA, you have the following rights:

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectification

Request correction of inaccurate data.

Right to Erasure

Request deletion of your account and data.

Right to Data Portability

Receive your data in a machine-readable format.

Right to Object

Object to processing based on legitimate interest.

Right to Withdraw Consent

Withdraw consent at any time (e.g., for marketing).

To exercise your rights: Email us at gpsrhelp@gmail.com with your request. We will respond within 30 days. You may also lodge a complaint with your local data protection authority.

7. How to Delete Your Data

You can delete your data in the following ways:

  • Delete individual products: Go to the product detail page and click "Delete."
  • Delete your entire account: Go to Account Settings and click "Delete Account." This will permanently delete all your data within 30 days.
  • Request deletion by email: Contact gpsrhelp@gmail.com and we will process your request within 30 days.

Note: Some data may be retained for legal compliance (e.g., payment records for tax purposes).

8. Data Security

We protect your data using:

  • 256-bit TLS encryption for all data in transit
  • Encrypted database storage
  • Secure password hashing (bcrypt)
  • Regular security audits
  • Access controls and authentication

While we implement industry-standard security measures, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

9. International Data Transfers

Our primary database is hosted in the EU region. Some of our service providers (Stripe, Vercel) may process data in the United States. Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all sub-processors

10. Children's Privacy

Our service is intended for businesses and is not directed at individuals under 18 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us at gpsrhelp@gmail.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact Us

If you have questions about this Privacy Policy or your data, contact us:

GPSR Kit
Email: gpsrhelp@gmail.com