Privacy Policy
SudokuSheets is operated by a business registered in Estonia, European Union. This policy explains what data we collect, why, and your rights under GDPR and applicable privacy law.
1. Data We Collect
Payment data (via Stripe): When you purchase a PDF, Stripe collects your name, email address, and payment details. We receive only a confirmation of your transaction - we never see or store your card number.
Server logs: Our hosting infrastructure automatically logs IP addresses, browser user-agent strings, and request timestamps for security and operational purposes.
Analytics (Google Analytics): We use Google Analytics to understand how visitors use the site. Analytics data is anonymized and aggregated; no personally identifiable information is shared with Google.
2. Why We Process This Data
- To process your payment and deliver your PDF download link.
- To prevent fraud and abuse of the Service.
- To monitor service performance and fix technical issues.
- To understand aggregate usage patterns and improve the Service.
The legal basis for processing is: contract performance (fulfilling your order), legitimate interest (security and analytics), and legal obligation where applicable.
3. Third-Party Processors
- Stripe - payment processing. Data processed under Stripe's Privacy Policy. Stripe is certified under the EU–US Data Privacy Framework.
- Amazon Web Services - hosting and PDF storage. Servers located in the United States. AWS is certified under the EU–US Data Privacy Framework.
- Google Analytics - usage analytics. Data processed under Google's Privacy Policy.
4. Data Retention
- Generated PDFs are stored temporarily on AWS S3 and automatically deleted after 30 days.
- Server logs are retained for up to 30 days.
- Stripe retains transaction records per their own retention policy (typically 7 years for financial records).
- Analytics data is retained per Google Analytics default settings (up to 14 months).
5. Your Rights (GDPR)
As an EU resident (and as a courtesy to all users), you have the right to:
- Access the personal data we hold about you.
- Erasure ("right to be forgotten") of your personal data.
- Portability of your data in a machine-readable format.
- Object to processing based on legitimate interest.
- Lodge a complaint with the Estonian Data Protection Inspectorate (aki.ee).
To exercise any of these rights, email us at info@sudokusheets.com. We will respond within 30 days.
6. Cookies
We use a session cookie during the checkout flow (set by Stripe) and Google Analytics cookies for analytics. We do not use tracking cookies for advertising.
7. Children's Privacy
SudokuSheets is not directed at children under 16. We do not knowingly collect personal data from children.
8. Changes to This Policy
We may update this policy from time to time. Material changes will be noted by updating the "Last updated" date above.
9. Contact & Data Controller
Data controller: SudokuSheets, Estonia, European Union.
Email: info@sudokusheets.com