1. Data Controller
The controller responsible for data processing on this website within the meaning of the GDPR is:
Lars Dietzel
c/o POSTFLEX PFX-624-906, Emsdettener Straße 10, 48268 Greven, Germany
contact@10x-aero.com
2. Data We Collect
We process personal data that you provide or that is generated when you use our services, including:
- Account data (email address, hashed password, name if provided)
- Order and billing data (purchased product, billing address, invoices — card details are processed solely by Stripe and never reach our servers)
- Usage data (pages visited, page views, referrer, a session identifier, and — when you are logged in — the associated account)
- Newsletter contact data (if you opted in, via Resend)
- Server log data automatically transmitted by your browser (e.g. IP address, time of request), processed by our hosting provider
3. Purpose and Legal Basis
We process your data for the following purposes and on these bases:
- Account, access and contract performance (providing the purchased Guides, authentication) — Art. 6(1)(b) GDPR (performance of a contract).
- Payment processing and invoicing — Art. 6(1)(b) and, for statutory retention of accounting records, Art. 6(1)(c) (legal obligation).
- Newsletter — your consent, Art. 6(1)(a), which you may withdraw at any time with effect for the future.
- First-party analytics and security (operating, securing and improving the website; recording security-relevant events) — Art. 6(1)(f) (legitimate interests).
4. Third-Party Services and International Transfers
We use the following processors:
- Supabase — database hosting and authentication (Supabase Inc., USA)
- Stripe — payment processing (Stripe, Inc., USA)
- Resend — email delivery (Resend, Inc., USA)
- Vercel — website hosting and delivery (Vercel Inc., USA)
We have concluded data processing agreements (Art. 28 GDPR) with these providers. Where data is transferred to the USA, the transfer is based on the European Commission’s adequacy decision for providers certified under the EU-US Data Privacy Framework and/or on the EU Standard Contractual Clauses (Art. 46 GDPR) together with supplementary measures where required.
5. Cookies and Analytics
We use technically necessary cookies for session management (authentication). We also collect first-party page views (path, referrer, a session identifier) to understand and improve usage. We do not use third-party tracking, advertising cookies, or cross-site profiling. For this reason no consent banner is required for these technically necessary and first-party functions.
6. Your Rights (Art. 15–22 GDPR)
You have the right to:
- Access the data we hold about you (Art. 15)
- Rectification of inaccurate data (Art. 16)
- Erasure of your data (Art. 17)
- Restriction of processing (Art. 18)
- Data portability (Art. 20)
- Object to processing based on legitimate interests (Art. 21), and to withdraw consent at any time (Art. 7(3))
To exercise your rights, please contact: contact@10x-aero.com
You also have the right to lodge a complaint with the competent data protection supervisory authority.
7. Data Retention
We retain personal data only as long as necessary for the purposes set out above:
- Account data — for the duration of your account; deleted upon account deletion, unless statutory retention obligations apply.
- Invoices and accounting records — for the statutory retention period of up to 10 years (§ 147 AO, § 257 HGB).
- Newsletter contact data — until you withdraw your consent or unsubscribe.
- Analytics and server log data — for a limited period and then deleted or aggregated.
8. Contact for Data Protection Requests
Email: contact@10x-aero.com