Privacy policy

Last updated: February 2026

Your privacy matters to us. This policy explains what personal data we collect, why we collect it, and who we share it with — in plain language, not legal boilerplate.

1. Who We Are (Data Controller)

Ignis Fatuum

Jessica Krauß

Frankfurter Straße 84

63500 Seligenstadt

Germany

Email: shop@ignisfatuum.com

If you have any questions about how we handle your data, you're welcome to reach out directly.

2. What Data We Collect and Why

2.1 Visiting Our Shop

When you browse our shop, standard technical data is processed automatically — this includes your IP address, browser type, operating system, referring URL, and the pages you visit. This data is necessary for the website to function and is processed on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in operating a secure, functional online presence.

2.2 Creating an Account

If you create a customer account, we store your name, email address, and any other details you provide. This data is used solely to manage your account and order history.

Legal basis: Performance of a contract (Art. 6(1)(b) GDPR)

2.3 Placing an Order

    When you place an order, we collect:
  • Name and delivery address
  • Email address
  • Phone number (optional, for delivery coordination)
  • Payment information (processed directly by Shopify Payments / your chosen payment provider — we never see your full card details)
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR)

2.4 Contact Form

    Our contact form collects the following data:
  • Your name
  • Email address
  • Inquiry type
  • Your message

Contact form submissions are processed via Cloudflare Workers (see Section 4.1) and delivered to shop@ignisfatuum.com. We use this data only to respond to your inquiry.

Legal basis: Your consent (Art. 6(1)(a) GDPR) and our legitimate interest in responding to customer inquiries (Art. 6(1)(f) GDPR)

We do not store contact form submissions beyond what lands in our inbox.

2.5 Newsletter

We do not currently operate a newsletter.

3. Cookies

Our shop uses a small number of essential cookies. We do not use advertising, analytics, or tracking cookies.

Essential Cookies

Cookie Purpose Duration
shop-access Password gate — confirms you've entered the shop access password Session
cookie_consent Stores your cookie consent preference 1 year

These cookies are strictly necessary for the shop to function. They cannot be disabled without breaking core functionality.

We do not use any third-party tracking, analytics, or advertising cookies.

4. Service Providers (Third Parties)

We work with a small number of trusted service providers. Where relevant, we have data processing agreements (DPAs) in place.

4.1 Cloudflare

We use Cloudflare for content delivery, DDoS protection, DNS, and email routing. All traffic to ignisfatuum.com passes through Cloudflare's network.

Provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA Website: cloudflare.com Privacy Policy: cloudflare.com/privacypolicy
    What Cloudflare processes:
  • IP addresses
  • HTTP request metadata (browser type, request headers, timestamps)
  • Page request data (for bot management and DDoS protection)
  • Emails sent via the contact form (via Cloudflare Email Routing)
Purpose: Fast and secure content delivery, protection against malicious traffic, and routing contact form emails to our inbox. Legal basis: Our legitimate interest in operating a secure and performant website (Art. 6(1)(f) GDPR); data processing agreement in place. Data transfer to the USA: Cloudflare is a US-based company. Data transfers to the USA are safeguarded by the EU-US Data Privacy Framework (where applicable) and/or Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR. Details: cloudflare.com/gdpr/introduction

4.2 Shopify

Our shop is powered by Shopify. Order data, customer accounts, and payment processing run through Shopify's platform.

Provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland Privacy Policy: shopify.com/legal/privacy

Shopify acts as a data processor on our behalf. A data processing agreement is in place.

4.3 DPD — Shipping & Delivery

We ship orders via DPD. To fulfill and deliver your order, we share the necessary delivery data with DPD.

Provider: DPD Deutschland GmbH (part of DPDgroup) Website: dpd.com Privacy Policy: dpd.com/de/en/meta/privacy-policy/
    What we share with DPD:
  • Your name
  • Delivery address
  • Email address (for shipping notifications and tracking)
  • Phone number (if provided, for delivery coordination)
Purpose: Order fulfillment, parcel delivery, and shipment tracking. Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) — we cannot deliver your order without sharing this data with our shipping partner.

4.4 Payment Providers

Payment processing is handled via Shopify's built-in payment infrastructure. Depending on your chosen payment method, your payment data may be processed by providers such as Stripe or PayPal. We do not store payment card details ourselves.

Please refer to the respective provider's privacy policy for details.

5. Data Retention

We retain personal data only as long as necessary:

  • Order data: Retained for 10 years as required by German commercial and tax law (§ 147 AO, § 257 HGB)
  • Customer accounts: Until you request deletion
  • Contact form inquiries: Until the inquiry is resolved; no long-term storage
  • Server logs / Cloudflare logs: Typically 24–72 hours per Cloudflare's default retention

6. Your Rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your data ("right to be forgotten"), subject to legal retention requirements
  • Restrict or object to processing
  • Data portability — receive your data in a machine-readable format
  • Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, email us at shop@ignisfatuum.com. We'll respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. The relevant authority for Seligenstadt, Germany is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit (HBDI)

Gustav-Stresemann-Ring 1

65189 Wiesbaden

Germany datenschutz.hessen.de

7. Data Security

We take reasonable technical and organisational measures to protect your data. All data transmitted between your browser and our shop is encrypted via HTTPS/TLS. Cloudflare provides an additional layer of security at the network edge.

8. Changes to This Policy

We may update this policy occasionally — for example, when we add new services or when regulations change. The current version is always available on this page. Significant changes will be communicated clearly.

9. Contact

If you have any questions about this privacy policy or how we handle your data, please email us at shop@ignisfatuum.com.

Ignis Fatuum — handcrafted chainmail jewelry, made with care in Seligenstadt.