Skip to main content

Privacy Policy

Last updated: March 2026

1. Data Controller

Elektronikhandel Michael Gräf
Breitscheidstraße 84
70176 Stuttgart, Germany
Email: info@ovosono.com
Phone: +49 174 329 2357

2. What personal data do we collect?

  • Contact data: Name, email address, shipping address, billing address.
  • Account information: Username, password (stored encrypted). For OAuth login (Google, GitHub, Amazon), profile data shared by the provider.
  • Financial data: Payment information is processed exclusively by Stripe and not stored on our servers.
  • Transaction information: Ordered items, order status, order history.
  • Technical data: IP address, browser type, device information, access times.

3. Purpose of Processing

  • Providing and operating the website
  • Processing orders and payment
  • User account management and authentication
  • Sending order confirmations and shipping notifications
  • Security and fraud prevention
  • Communication with you (customer support)

4. Legal Basis

Processing is based on Art. 6(1) GDPR:

  • Contract performance (lit. b): Order processing, account management, shipping.
  • Legitimate interest (lit. f): Security, technical log data, fraud prevention.
  • Consent (lit. a): Cookies (via cookie banner).

5. Cookies

This website uses technically necessary cookies for authentication (session cookie) and storing your cookie preferences. No advertising cookies are used. With your consent via the cookie banner, anonymous usage analysis is additionally performed (see section 5b).

On your first visit, you will be informed via the cookie banner and can accept or decline. Without consent, no usage analysis takes place.

5a. Data Retention Periods

  • Server log data: 14 days
  • Account data: duration of membership + 30 days after account deletion
  • Contact data (name, address): duration of customer relationship + deleted with account data
  • Order data and invoices: 10 years (statutory retention obligation under German tax law, § 147 AO, § 257 HGB)
  • Payment data: not stored on our servers (processed by Stripe)
  • Passkeys and 2FA data: duration of membership, deleted upon account deletion
  • Cookie preferences: stored in browser (localStorage), no server-side storage
  • Usage analysis data: 90 days, then automatically deleted

5b. Website Analysis

Data collected: Page views, product views, completed purchases, download clicks. A random session ID is generated per session (cannot be traced back to you). No cookies are set — the session ID is stored in your browser’s sessionStorage and automatically deleted when the tab is closed.

Purpose: Improving our offerings, detecting technical issues, and understanding purchasing behavior.

Legal basis: Consent pursuant to Art. 6(1)(a) GDPR via the cookie banner.

Retention period: 90 days. Older entries are automatically deleted.

Opt-out: You can withdraw your consent at any time by selecting “Decline” in the cookie banner. No usage data will be collected thereafter.

6. Third-Party Services

Stripe (Payment Processing)

Payments are processed through Stripe, Inc. Stripe receives the data required for payment processing. Credit card data is not stored on our servers. Privacy Policy

Vercel (Hosting)

This website is hosted on Vercel. Vercel may process technical access data (IP address, browser). Privacy Policy

Resend (Email Service)

Transactional emails (order confirmations, password reset) are sent via Resend. Resend receives the recipient's email address. Privacy Policy

Neon (Database)

The database is hosted at Neon (PostgreSQL). All personal data is stored encrypted.

All listed services are based in the USA and are certified under the EU-US Data Privacy Framework (DPF), which ensures an adequate level of data protection pursuant to Art. 45 GDPR.

7. Your Rights

You have the right at any time to:

  • Access your stored data (Art. 15 GDPR))
  • Rectification of inaccurate data (Art. 16 GDPR))
  • Deletion of your data (Art. 17 GDPR))
  • Restriction of processing (Art. 18 GDPR))
  • Data portability (Art. 20 GDPR))
  • Object to processing (Art. 21 GDPR))

To exercise your rights, contact us at info@ovosono.com.

You can delete your account including all stored data at any time in your account settings.

8. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.

Competent supervisory authority: The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (LfDI BW), Lautenschlagerstraße 20, 70173 Stuttgart, Germany. Web: https://www.baden-wuerttemberg.datenschutz.de

9. Changes

We may update this privacy policy from time to time. The revised version will be published on this website.

10. Contact

Elektronikhandel Michael Gräf
Breitscheidstraße 84, 70176 Stuttgart
Email: info@ovosono.com