Privacy Policy
We respect your privacy and are committed to protecting your personal data. This Privacy Policy complies with the General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679 - and Dutch data protection law (Uitvoeringswet AVG).
1. Data Controller
The data controller responsible for your personal data is:
Gustavo Colin
Email: support@thebackendofluck.com
Website: thebackendofluck.com
Country: Netherlands
2. Data We Collect
2.1 Data You Provide Directly
- Purchase information: Name and email address (collected by our payment processor, Gumroad)
- Communication data: Email address and message content when you contact support
- Newsletter subscription: Email address (opt-in only)
2.2 Data Collected Automatically
- Website usage data: Pages visited, time spent, referral source (via Google Analytics with anonymized IP addresses)
- Technical data: Browser type, operating system, device type, screen resolution
- Log data: IP address (anonymized), access timestamps, HTTP status codes
2.3 Data We Do NOT Collect
- We do NOT process payment card numbers, bank account details, or financial data directly. All payment processing is handled by Gumroad.
- We do NOT collect special categories of personal data (racial or ethnic origin, political opinions, religious beliefs, health data, etc.).
3. Purpose and Legal Basis
| Purpose | Legal Basis (GDPR Art.) |
|---|---|
| Deliver the purchased Book and provide access | Contract performance (Art. 6(1)(b)) |
| Customer support and communication | Contract performance (Art. 6(1)(b)) |
| Send product updates related to your purchase | Legitimate interest (Art. 6(1)(f)) |
| Newsletter and marketing emails | Consent (Art. 6(1)(a)) |
| Website analytics and improvement | Legitimate interest (Art. 6(1)(f)) |
| Fraud prevention and license enforcement | Legitimate interest (Art. 6(1)(f)) |
| Legal and tax obligations | Legal obligation (Art. 6(1)(c)) |
4. Data Retention
- Purchase records: Retained for 7 years (Dutch fiscal retention obligation under AWR - Algemene wet inzake rijksbelastingen)
- Customer support emails: Retained for 2 years after last communication
- Newsletter subscription data: Retained until you unsubscribe
- Website analytics: Anonymized data retained for 14 months (Google Analytics default)
- Server logs: Retained for 90 days, then automatically deleted
5. Third-Party Data Processors
We share personal data with the following third parties, each acting as a data processor under GDPR:
| Service | Purpose | Data Shared | Location |
|---|---|---|---|
| Gumroad, Inc. | Payment processing and product delivery | Name, email, payment details | United States* |
| Google Analytics | Website usage analytics | Anonymized IP, usage data | United States* |
*International transfers to the United States are covered by the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs) as applicable. See Section 9 for details.
6. We Do Not Sell Your Data
We do NOT sell, rent, or trade your personal data to third parties. We do not participate in data broker activities. Your data is used solely for the purposes described in this Privacy Policy.
7. Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15): Request a copy of the personal data we hold about you
- Right to rectification (Art. 16): Request correction of inaccurate or incomplete data
- Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
- Right to restriction (Art. 18): Request that we limit processing of your data
- Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format
- Right to object (Art. 21): Object to processing based on legitimate interest, including direct marketing
- Right to withdraw consent (Art. 7(3)): Withdraw consent at any time where processing is based on consent
How to Exercise Your Rights
To exercise any of these rights, contact us at support@thebackendofluck.com with the subject line "GDPR Request". We will respond within 30 days as required by GDPR Article 12(3). We may ask you to verify your identity before processing your request.
Right to Lodge a Complaint
If you believe we have not handled your data appropriately, you have the right to lodge a complaint with the Dutch Data Protection Authority:
Autoriteit Persoonsgegevens
Bezuidenhoutseweg 30
2594 AV Den Haag
Netherlands
Website: autoriteitpersoonsgegevens.nl
Phone: +31 (0)70 888 85 00
8. Cookies
Our website uses a minimal cookie approach:
8.1 Essential Cookies
We use only essential cookies that are strictly necessary for the functioning of the website (e.g., session management). These do not require consent under the Dutch Telecommunicatiewet (Article 11.7a) as they are technically necessary.
8.2 Analytics Cookies
If Google Analytics is enabled, it uses cookies to collect anonymized usage data. Google Analytics is configured with:
- IP anonymization enabled (last octet masked)
- Data sharing with Google disabled
- Advertising features disabled
You may opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.
8.3 No Third-Party Tracking Cookies
We do NOT use advertising cookies, social media tracking pixels, or any third-party tracking technologies beyond the analytics described above.
9. International Data Transfers
Some of our third-party processors are based in the United States. We ensure adequate protection for international data transfers through:
- EU-US Data Privacy Framework: Where processors are certified under the framework
- Standard Contractual Clauses (SCCs): Approved by the European Commission (Decision 2021/914) where the Data Privacy Framework does not apply
You may request a copy of the applicable safeguards by contacting us at support@thebackendofluck.com.
10. Children's Privacy
Our website and the Book are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a child under 16, please contact us immediately and we will delete it.
11. Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- TLS 1.2/1.3 encryption for all data in transit
- Access controls limiting data access to authorized personnel only
- Regular security updates and server hardening
12. Updates to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email to affected individuals. The "Last Updated" date at the top of this page indicates the most recent revision. We encourage you to review this page periodically.
13. Contact
For any questions or concerns about this Privacy Policy or our data practices, contact:
Gustavo Colin
Email: support@thebackendofluck.com
Website: thebackendofluck.com
Country: Netherlands