Skip to main content
Whitesides Publishers The AI COACH Pre-order

GDPR / DSGVO

Privacy Policy

We process as little personal data as possible. Here is exactly what, why, and for how long.

Data controller

Whitesides GmbH
Keithstraße 2-4
10787 Berlin
Germany
Email: privacy@whitesides-publishing.com

Data protection officer

A formal Data Protection Officer is not required under §38 BDSG, as our regular data processing involving personal data is below the threshold. For all data protection inquiries, please contact privacy@whitesides-publishing.com.

What data we process

1. Server logs (when you visit this site)

Our hosting provider Cloudflare Pages (Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA) records the following in server logs:

Legal basis: Art. 6 (1) (f) GDPR. Legitimate interest: stable operation, attack protection. Retention: 30 days. Cloudflare is certified under the EU-US Data Privacy Framework.

2. Pre-order intent (Brevo newsletter)

When you sign up via /preorder/, we transfer your email address (and optionally your name and country) to Brevo (Sendinblue SAS), 106 boulevard Haussmann, 75008 Paris, France. Brevo processes data exclusively on European servers. Brevo list: ai-coach-en (or the corresponding language list, e.g. ai-coach-fr).

Legal basis: Art. 6 (1) (a) GDPR (consent). You can withdraw consent at any time via the unsubscribe link in any email or by writing to privacy@whitesides-publishing.com.

3. Pre-order checkout (Stripe — once active)

Once Stripe is configured, payment processing will be handled by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Stripe receives payment data directly — we only see the last 4 digits of the card and the expiry date. Stripe is PCI-DSS Level 1 certified. Stripe’s privacy policy: stripe.com/en/privacy.

Note: Stripe is currently a stub. Once active, the data forwarding to Stripe will be based on Art. 6 (1) (b) GDPR (contractual necessity).

4. Email contact

If you write to us, we process your email address and the content of your message to respond to your inquiry (Art. 6 (1) (f) GDPR, legitimate interest). Retention: 6 months, unless contractual obligations result.

Cookies and tracking

This site sets no tracking cookies, no Google Analytics, no Meta Pixel, no advertising networks. There is no cookie banner because no consent-requiring cookies are set.

Once Stripe checkout is active, Stripe sets technically necessary session cookies on Stripe’s domain during the payment process. These are required under Art. 6 (1) (b) GDPR for contract fulfilment.

External fonts and scripts

We do not load external fonts (no Google Fonts), no external scripts, no external iframes. All fonts are self-hosted via Fontsource.

Your rights under GDPR

You have the following rights at any time:

Changes to this policy

We update this policy when our processing or the legal framework changes. Last updated: 10 May 2026.