Privacy Policy

Cubera Labs is the data controller responsible for your personal data collected through this website. For privacy-related inquiries, you may contact us at the email address listed in our Impressum. We are committed to processing your data lawfully, fairly, and transparently in accordance with the EU General Data Protection Regulation (GDPR).

We collect the following categories of personal data: (a) Email address and first name, provided during the quiz lead capture; (b) Quiz responses, used to generate your personalized protocol; (c) Payment data, processed by Stripe — we do not store your card details; (d) Usage and analytics data, collected by PostHog to improve our service; (e) Technical data such as IP address, browser type, and device information, collected automatically during website visits.

We process your personal data for the following purposes: (a) To deliver your purchased digital product via email; (b) To send you your personalized protocol results; (c) To send marketing emails if you have given explicit consent during the quiz; (d) To analyze website usage and improve our products via anonymized analytics; (e) To process payments and prevent fraud. We rely on the legal bases of contract performance, legitimate interest, and consent (for marketing).

We share your data with the following trusted third-party processors under appropriate data processing agreements: Stripe (payment processing), Resend (transactional email delivery), PostHog (analytics), Cloudflare (content delivery and security). These processors act on our instructions and are bound by GDPR-compliant data processing terms. We do not sell your personal data to any third party.

We retain your personal data for as long as necessary to provide our services and comply with legal obligations. Email addresses are retained until you unsubscribe or request deletion. Quiz response data is retained for 24 months for product improvement purposes. Payment records are retained for 7 years as required by financial regulations.

As a data subject under GDPR, you have the following rights: (a) Right of access (Art. 15) — request a copy of your personal data; (b) Right to rectification (Art. 16) — correct inaccurate data; (c) Right to erasure (Art. 17) — request deletion of your data; (d) Right to data portability (Art. 20) — receive your data in a machine-readable format; (e) Right to object (Art. 21) — object to processing based on legitimate interest; (f) Right to withdraw consent — unsubscribe or contact us to withdraw marketing consent at any time. To exercise any of these rights, email us with your request and we will respond within 30 days.

For any privacy-related requests, including data access, deletion, or complaints, please contact us via the email address listed in our Impressum. If you believe we have not adequately addressed your privacy concern, you have the right to lodge a complaint with your national data protection authority.