Back to home

Privacy Policy

Last updated: April 27, 2026

1. Who is the data controller

The controller of personal data processed via aishippinglabs.com is DataTalks.Club, Schönensche Str. 13, 10439 Berlin, Germany (VAT No. DE343190995). Contact: contact@aishippinglabs.com.

2. What we collect and why

Account data

When you create an account we store your email address, a hashed password, and your tier and billing status. Legal basis: performance of the contract (GDPR Art. 6(1)(b)).

Authentication via OAuth

If you sign in through GitHub or Google, we receive your email address and basic profile from the provider in order to create or look up your account. We do not receive your password.

Newsletter and email campaigns

If you subscribe to the newsletter, we store your email address and your subscription status. Newsletter signup uses a double opt-in confirmation. Legal basis: consent (Art. 6(1)(a)). You can unsubscribe at any time from any newsletter email or from the account page; we honor unsubscribes via the email service provider.

Payments

Paid subscriptions are processed by Stripe. We do not see or store your full card number; Stripe handles card data and returns to us a customer ID, subscription state, and billing metadata so we can grant the right tier. Stripe is the processor for this data; see Stripe's privacy policy for details. Legal basis: performance of the contract.

Slack community

Members of the Main and Premium tiers receive an invitation to our Slack workspace. If you join, Slack stores your messages and profile under its own privacy policy. We do not import Slack message content back into the Service.

Email delivery (Amazon SES)

Transactional emails (verification, password reset, billing receipts) and newsletter emails are delivered via Amazon Simple Email Service. Amazon receives your email address and the message contents in order to deliver them. We also receive bounce and complaint signals from Amazon to keep our list clean.

Cookies and similar technologies

We use a small set of strictly necessary cookies:

  • sessionid — keeps you logged in.
  • csrftoken — protects against cross-site request forgery on form submissions.

These cookies are required for the Service to function and are not used for tracking or advertising. We do not currently set analytics or marketing cookies. If we add any in the future, we will request consent first.

Server logs

Our servers automatically log basic request data (IP address, user agent, timestamp, request path) for security and operational purposes. These logs are kept for a limited period and then deleted or aggregated.

3. How we use your data

  • To provide and operate the Service (authentication, access control, billing).
  • To send transactional and (with consent) newsletter emails.
  • To respond to support requests.
  • To detect, prevent, and respond to fraud, abuse, and security incidents.
  • To comply with legal obligations (e.g. tax records).

We do not sell your personal data, and we do not share it with third parties for their own marketing.

4. Who we share data with

We share data only with the processors listed above (Stripe, Amazon SES, Slack, GitHub, Google) as needed to operate the Service. Some of these providers process data outside the EU/EEA. Where that is the case, transfers are covered by appropriate safeguards such as the EU Standard Contractual Clauses or the EU-US Data Privacy Framework.

5. How long we keep data

Account data is kept while your account is active and for a reasonable period afterwards to resolve disputes and meet legal obligations. Newsletter records are kept until you unsubscribe. Billing records are kept for the legally required retention period for tax and accounting purposes (typically 10 years under German law).

6. Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data ("right to be forgotten"), subject to legal retention rules.
  • Restrict or object to processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time (this does not affect processing already done).
  • Lodge a complaint with a supervisory authority — for users in Germany, the Berliner Beauftragte für Datenschutz und Informationsfreiheit.

To exercise these rights, email contact@aishippinglabs.com.

7. Security

We use industry-standard technical and organizational measures to protect your data, including encryption in transit (HTTPS), hashed passwords, access controls, and monitored infrastructure. No system is perfectly secure; you should choose a strong, unique password and notify us if you suspect your account is compromised.

8. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

9. Changes to this policy

We may update this policy as the Service evolves. The "Last updated" date at the top reflects the latest version. For material changes, we will notify registered users by email or in-app notice.

10. Contact

Privacy questions or requests: contact@aishippinglabs.com.