Back to home

GDPR Compliance

Last updated: 2026-07-18

How ShipKit complies with the EU General Data Protection Regulation (2016/679) and the UK GDPR.

1. Who we are

The controller for your ShipKit account data is REDLINE MANAGEMENT LTD (UK). Full entity details are in the Impressum; the Privacy Policy describes what we process and why.

2. Controller and processor roles

For your account and the content you create, we are the data controller.

For visitors of pages that our users publish, the page owner is the controller and ShipKit acts as a processor/hosting provider. Page owners must provide their own privacy notices.

3. Legal bases we rely on

Performance of contract (providing the builder, publishing, custom domains), legal obligation (billing records), and legitimate interest (security, abuse prevention, service operation). Where consent is required (e.g. future analytics), we ask for it first and it can be withdrawn at any time.

4. Your rights and how to exercise them

You can request access, rectification, erasure, restriction, portability, or object to processing by emailing [email protected]. We respond within 30 days. You can also complain to a supervisory authority — in the UK the ICO, in the EU your local authority (e.g. NAIH in Hungary).

5. International transfers

Data is hosted with Hetzner in the EU. The controller is a UK company; transfers between the UK and EU are covered by the mutual adequacy decisions. Where a processor operates outside the UK/EEA (e.g. Anthropic, Stripe), transfers rely on adequacy decisions or standard contractual clauses.

6. Security

Passwords are stored as bcrypt hashes; connections use TLS; production data lives in an isolated database with access limited to the operator. Backups are made before schema changes and deployments.

7. Sub-processors

Anthropic (AI generation), Hetzner (hosting, EU), Cloudflare (DNS/CDN/security), Stripe (payments — once paid plans are enabled). We will update this list as the service evolves.

GDPR Compliance — ShipKit