Privacy Policy

Last updated: March 22, 2026

1. Who We Are (Data Controller)

The data controller responsible for your personal data is:

• Business name: Oleumapp
• Website: https://oleumapp.com
• Contact e-mail: info@oleumapp.com

2. What Personal Data We Collect

When you use our website, we may collect the following categories of personal data:

• Account data: username, email address, hashed password (when you register)
• Order data: order ID, purchased products, order total, payment reference (PayPal order ID)
• Guest checkout data: email address provided for delivery of download links
• Technical data: IP address, browser type, pages visited, access timestamps (standard server logs)
• Cookie data: session cookies required for login functionality; optional analytics cookies (only with your consent)

We do not collect or store credit card numbers, bank account details, or full payment card data. All payment processing is handled directly by PayPal under their own privacy policies.

3. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR Article 6:

• Contract performance (Art. 6(1)(b)): Processing your order, delivering digital products, sending order confirmation emails
• Legitimate interests (Art. 6(1)(f)): Preventing fraud, securing our systems, improving our services
• Legal obligation (Art. 6(1)(c)): Retaining transaction records as required by applicable tax law
• Consent (Art. 6(1)(a)): Analytics and marketing cookies — only when you explicitly agree

4. How We Use Your Data

• To process and fulfil your digital product orders
• To send order confirmation and download link emails
• To allow you to access your purchase history and re-download products
• To maintain account security (password reset functionality)
• To respond to support enquiries
• To comply with applicable financial and tax record-keeping obligations
• To detect and prevent fraudulent transactions

5. Data Sharing and Third Parties

We share your data only with the following third parties, and only to the extent necessary:

• PayPal (PayPal Holdings, Inc.): Processes payments. See PayPal Privacy Policy.
• Web hosting provider: Our server/hosting provider stores the data necessary to operate the website.

We do not sell your personal data to any third parties. We do not share data for advertising purposes.

6. International Data Transfers

PayPal is a US-based company. Transfers of your data to this processor outside the European Economic Area (EEA) are made under the EU Standard Contractual Clauses or equivalent safeguards as required by GDPR Chapter V.

7. Data Retention

• Account data: Retained while your account is active. Deleted upon written request, unless required for legal purposes.
• Order and transaction data: Retained for 7 years to comply with applicable tax and accounting obligations under EU law.
• Server logs: Automatically deleted after 30 days.
• Session cookies: Expire at the end of your browsing session or after 30 days (remember-me sessions).

8. Cookies

We use the following types of cookies:

• Strictly necessary cookies: Required for login sessions and shopping cart functionality. These cannot be disabled.
• Analytical cookies: Used to understand how visitors use our website. Activated only with your consent via our cookie banner.

You can withdraw your consent for non-essential cookies at any time by clearing your browser cookies or adjusting settings in our cookie consent banner.

9. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of access (Art. 15): Request a copy of your personal data we hold
• Right to rectification (Art. 16): Request correction of inaccurate data
• Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten")
• Right to restriction (Art. 18): Request restriction of processing
• Right to data portability (Art. 20): Receive your data in a machine-readable format
• Right to object (Art. 21): Object to processing based on legitimate interests
• Right to withdraw consent: At any time, for consent-based processing

To exercise any of these rights, contact us at info@oleumapp.com. We will respond within 30 days.

You also have the right to lodge a complaint with the data protection supervisory authority in your country of residence. A list of EU supervisory authorities is available at edpb.europa.eu.

10. Security

We implement appropriate technical and organisational measures to protect your data, including:

• HTTPS encryption for all data transmission
• Hashed and salted password storage (bcrypt)
• CSRF protection on all forms
• Signed download tokens with HMAC-SHA256
• Rate limiting on authentication and checkout endpoints

11. Children's Privacy

Our website is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of our website after changes constitutes acceptance of the updated policy.