Privacy Policy
This policy explains what personal data The Fractional Files collects, why, on what legal basis, who we share it with, and the rights you have under the EU General Data Protection Regulation (GDPR).
1. Who we are (the data controller)
The data controller is [Controller name — e.g. The Fractional Files OÜ], registered in [EU country of establishment] (registration [Company registration number, if applicable]), address [Registered address, postcode, city, country].
You can contact us at [hello@thefractionalfiles.com] for general matters and [privacy@thefractionalfiles.com] for privacy and data-protection requests.
Data Protection Officer: [Not applicable — no DPO appointed, or list the DPO contact here].
2. What personal data we process and why
| Purpose | Data | Legal basis (GDPR Art. 6) |
|---|---|---|
| Operating the website (sessions, sign-in, CSRF) | Session cookie, IP address, user-agent | (b) Contract / (f) Legitimate interest in a working site |
| Selling and delivering the playbooks | Name, email, billing address, country, VAT ID where applicable, purchase history | (b) Performance of a contract with you |
| Sending the playbooks via email or download link | Email address, purchase reference | (b) Performance of a contract |
| Anti-fraud and security | IP address, request metadata, sign-in events | (f) Legitimate interest in preventing fraud and abuse |
| Bookkeeping and tax (invoices, VAT) | Invoice data | (c) Legal obligation (EU VAT, national bookkeeping law) |
| Customer support emails | Email contents and metadata | (b) Performance of a contract / (f) Legitimate interest |
| Optional: newsletter / waitlist | Email address, consent timestamp, IP | (a) Your explicit consent |
| Optional: analytics (if enabled) | Aggregated usage data, see Cookie Policy | (a) Your consent |
We do not use your data for automated decision-making or profiling.
3. Where your data is stored
The site runs on Railway (EU region). Payments are processed by Lemon Squeezy (US-headquartered, GDPR-compliant under the EU–US Data Privacy Framework). Email delivery, if used, is performed by [Email provider — e.g. Postmark]. We list every processor in section 5.
4. How long we keep your data
- Session cookies: deleted when you close the browser, or after the session expires (max 30 days).
- Account and purchase data: kept for as long as your account exists, plus a further period required to satisfy EU bookkeeping and tax law — typically 7 years for invoices and tax records.
- Newsletter consent: until you unsubscribe, plus 30 days for the unsubscribe record.
- Server logs: 30 days.
- Audit logs of admin actions: 12 months.
5. Who we share data with (processors)
We only share what is strictly necessary. Each processor is bound by a Data Processing Agreement (DPA) under Art. 28 GDPR.
- Railway, Inc. — hosting (EU region)
- Lemon Squeezy — payment processing, EU VAT, invoicing
- [Email provider] — transactional and waitlist email (if you opt in)
- Cloudflare — DNS, edge security (if enabled)
We do not sell or share your personal data with advertisers.
6. International transfers
Where a processor is outside the EEA, transfers are covered by Standard Contractual Clauses (SCCs), an adequacy decision, or the EU–US Data Privacy Framework.
7. Your rights under GDPR
You have the right to:
- Access (Art. 15) — get a copy of the data we hold about you.
- Rectify (Art. 16) — correct inaccurate data.
- Erase (Art. 17) — the "right to be forgotten", subject to legal retention obligations like VAT records.
- Restrict processing (Art. 18).
- Portability (Art. 20) — receive your data in a machine-readable format.
- Object to processing (Art. 21), including direct marketing at any time.
- Withdraw consent at any time without affecting prior lawful processing.
- Complain to your local supervisory authority. Our lead authority is [Your competent EU supervisory authority — e.g. the Estonian Data Protection Inspectorate (AKI)].
To exercise any of these rights, email [privacy@thefractionalfiles.com]. We respond within 30 days (Art. 12(3)). We may ask for proof of identity to prevent abuse.
8. Cookies
See our Cookie Policy for the full list and how to change your choices.
9. Changes to this policy
We will update this page when our processing changes. Material changes are notified by email (if we have your address) or via a banner on the site.
10. Contact
For any privacy question, write to [privacy@thefractionalfiles.com].