Privacy Policy
How SatSom Consultancy (WisdomFashion) collects and uses your personal data.
Data controller
SatSom Consultancy, Amsterdam, Netherlands. Email: privacy@wisdomfashion.nl
Data we collect
| Category | Data | Source |
|---|---|---|
| Account | Name, email, password hash | User registration (Firebase Auth) |
| Shipping | Full postal address, phone | Checkout form |
| Orders | Product, design reference, amount | Stripe + Firestore |
| AI Designs | Prompt text, generated image URL | Studio page |
| Text overlays | Overlay text, font, position | Studio page |
| Usage | Page views, device type | Firebase Analytics (anonymised) |
| Payments | Payment intent ID, last 4 digits | Stripe (we never see full card number) |
Account
Name, email, password hash
User registration (Firebase Auth)
Shipping
Full postal address, phone
Checkout form
Orders
Product, design reference, amount
Stripe + Firestore
AI Designs
Prompt text, generated image URL
Studio page
Text overlays
Overlay text, font, position
Studio page
Usage
Page views, device type
Firebase Analytics (anonymised)
Payments
Payment intent ID, last 4 digits
Stripe (we never see full card number)
Purpose of processing
Each data type is collected for a specific, limited purpose in accordance with GDPR Article 5(1)(b):
- Service delivery, authentication
- Order fulfillment via Printful
- Artwork generation, stored for order reference
- Artwork compositing, stored with order
- Aggregate UX improvement (no individual profiling)
Legal basis
| Processing | Legal basis | Article |
|---|---|---|
| Order fulfillment | Performance of contract | Art. 6(1)(b) |
| Authentication | Legitimate interest | Art. 6(1)(f) |
| Payment processing | Contract + legal obligation | Art. 6(1)(b)(c) |
| Analytics | Consent (cookie banner) | Art. 6(1)(a) |
| Marketing emails | Consent (opt-in only) | Art. 6(1)(a) |
| Fraud prevention | Legitimate interest | Art. 6(1)(f) |
Order fulfillment
Performance of contract
Art. 6(1)(b)
Authentication
Legitimate interest
Art. 6(1)(f)
Payment processing
Contract + legal obligation
Art. 6(1)(b)(c)
Analytics
Consent (cookie banner)
Art. 6(1)(a)
Marketing emails
Consent (opt-in only)
Art. 6(1)(a)
Fraud prevention
Legitimate interest
Art. 6(1)(f)
Data retention
| Data | Retention period | Reason |
|---|---|---|
| Account data | Until account deletion + 30 days | User request |
| Order data | 7 years | Dutch fiscal law (Belastingdienst) |
| Payment records | 7 years | BW Art. 2:394 bookkeeping |
| AI prompts + images | 90 days post-order | Order reference |
| Analytics | 14 months | Firebase default, then purged |
| Inactive accounts | 2 years inactivity → deletion notice | Data minimisation |
Account data
Until account deletion + 30 days
User request
Order data
7 years
Dutch fiscal law (Belastingdienst)
Payment records
7 years
BW Art. 2:394 bookkeeping
AI prompts + images
90 days post-order
Order reference
Analytics
14 months
Firebase default, then purged
Inactive accounts
2 years inactivity → deletion notice
Data minimisation
Third-party processors
We never sell your personal data to third parties for marketing purposes.
Google Firebase
Auth, Firestore, Storage, Analytics
EU (Belgium) — SCCs + GDPR
Stripe
Payment processing
EU + USA — SCCs + DPF
Printful
Order fulfillment, shipping
EU + USA — SCCs, GPSR
FAL.ai
AI image generation
USA — SCCs
Google Fonts
Font delivery (client-side)
USA — Standard TOS
Vercel
Web hosting
EU region — DPA available
AI-generated content
When you use the AI Studio, your text prompt is sent to our AI generation service to create artwork. The prompt text and resulting image are stored in your account to enable order fulfillment and your order history.
All prompts and text overlays are checked against our content policy (see Terms & Conditions §6). Prompts that violate this policy are refused and not stored.
You retain ownership of prompts you write. The AI-generated images are provided to you under a commercial licence for personal use and resale on the product ordered. You may not re-license or resell the raw image files.
Your prompts and generated images are not used to train any AI model.
Your rights
Under GDPR Chapter III, you have the following rights:
Right of access
Request a copy of your data (Art. 15)
Right to rectification
Correct inaccurate data (Art. 16)
Right to erasure
"Right to be forgotten" (Art. 17)
Right to restriction
Limit processing (Art. 18)
Right to portability
Export your data (Art. 20)
Right to object
Object to legitimate interest processing (Art. 21)
Right to lodge a complaint
Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl)
We respond to all requests within 30 days (GDPR Art. 12).
Payment processing
Payment processing is handled exclusively by Stripe Payments Europe Ltd, authorised as a Payment Institution by the Central Bank of Ireland. We never receive, process, or store your full card number or CVV. Stripe uses 3D Secure (Strong Customer Authentication) as required by PSD2. Payment data is governed by Stripe's own Privacy Policy.
Security measures
- Data encrypted in transit (TLS 1.2+)
- Firebase Storage and Firestore encrypted at rest
- Access controlled via Firebase security rules
- Admin access requires 2FA
- We conduct regular access reviews
- In the event of a data breach affecting your rights, we will notify you within 72 hours as required by GDPR Art. 33
Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on our website. Continued use of the platform after changes constitutes acceptance.
Contact & supervisory authority
For any privacy-related questions, contact privacy@wisdomfashion.nl. You may also lodge a complaint with the Dutch Data Protection Authority: Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl.