Privacy Policy

Last Updated: March 11th, 2026

Your privacy is important to us. This policy describes what data we collect, how we use it, and the choices you have. The data controller is SNRGY Studios AB, Sweden.

Data We Collect

Data you provide

When you subscribe to our email list or make a purchase, we may collect:

  • Email address
  • First and last name
  • Billing and shipping address (for purchases)

Payment card data is handled entirely by Shopify, which is PCI DSS Level 1 compliant. We never see or store your card details.

Data collected automatically

When you visit our site, we automatically collect certain usage data for analytics and performance purposes. What is collected depends on your consent choices:

Always collected (no consent required):

  • Aggregated page-view and performance data via Vercel Analytics and Vercel Speed Insights. These are privacy-friendly tools that do not use cookies and do not collect personal data.
  • Anonymous behavioural events (page views, clicks) via PostHog, running in cookieless memory-only mode. In this mode, no cookies or persistent identifiers are stored on your device. To distinguish unique visitors without identifying anyone, we generate a server-side hash from your IP address, user agent, and a daily rotating salt. This hash is considered non-personal data by PostHog and cannot be used to identify you. Your raw IP address is not stored. PostHog data is hosted in the EU (eu.posthog.com).

Collected only with your marketing consent:

  • PostHog full mode: When you consent, PostHog is upgraded to use a cookie and localStorage for a persistent user identifier, and session recordings are enabled. This lets us see how visitors navigate the site so we can improve the experience. You can withdraw consent at any time via the cookie settings link in the footer.
  • Meta Pixel: Loaded only after consent. Used to measure the effectiveness of our Facebook and Instagram advertising.
  • Reddit Pixel: Loaded only after consent. Used for ad attribution on Reddit campaigns.

Meta Conversions API (server-side)

We use Meta's Conversions API to send event data (such as page views, add-to-cart, and checkout events) to Meta server-side. This operates as follows:

  • Without consent: Only the event type, product information, and a hashed non-identifying identifier are sent. No personal data is included.
  • With marketing consent: Hashed email address and IP address are additionally included to improve ad attribution accuracy.

Tracking parameters

When you arrive on our site via a marketing link, the URL may contain tracking parameters such as UTM tags, affiliate IDs, or click identifiers (e.g. fbclid, gclid). These are used to attribute sales to the correct marketing source.

  • Without consent: These parameters are held only in session memory and are discarded when you close the tab.
  • With consent: They are stored in your browser's localStorage with expiry timers (7 to 30 days depending on type). For example, an affiliate referral cookie lasts 10 days, while email campaign attribution lasts 30 days.

Cookie Consent Banner

Our cookie consent banner is shown only to visitors in the EU, EEA, UK, and Switzerland, where consent is legally required. Visitors from other regions (including the United States) are not shown a banner, and only privacy-friendly, consent-free analytics are active for those visitors.

To change your cookie settings at any time, use the cookie settings link in the footer.

How We Use Your Data

We process your personal data under the following legal bases:

  • Contract: To process and fulfil your orders.
  • Consent: To send marketing emails and to enable marketing cookies and pixels. You can withdraw consent at any time.
  • Legitimate interest: To monitor site performance, improve the user experience, and prevent fraud.

Third-Party Services

We use the following third-party service providers:

  • Shopify — Cart, checkout, and payment processing (PCI DSS Level 1 compliant).
  • OGO Ship — Order fulfilment and shipping.
  • Klaviyo — Email marketing (only if you subscribe).
  • PostHog (EU) — Behavioural analytics. Cookieless by default; full mode with consent.
  • Vercel — Hosting, page-view analytics, and performance monitoring. No personal data collected.
  • Meta (Facebook/Instagram) — Pixel and Conversions API for ad measurement. Pixel loads only with consent. Meta acts as an independent data controller for data it receives; see Meta's Privacy Policy.
  • Reddit — Pixel for ad attribution, loaded only with consent. Reddit acts as an independent data controller; see Reddit's Privacy Policy.
  • Gorgias — Customer support. A support form is loaded when you visit our contact page.

We do not sell or rent your personal data. These partners may only use your data as necessary to provide their services to us. Some data may be stored or processed outside of your home country, including in the United States (e.g. Shopify, Klaviyo, Meta). We ensure appropriate safeguards are in place where required.

Analytics Reverse Proxy

Analytics requests to PostHog are routed through our own domain (soldr.pro/ingest/...) rather than directly to eu.posthog.com. This is a reverse proxy used to improve reliability and prevent analytics data from being blocked by browser extensions. It does not circumvent consent — the same consent rules apply regardless of how the request is routed.

Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you.
  • Correction: Request updates or corrections to inaccurate data.
  • Deletion: Request that we delete your personal data, subject to legal obligations.
  • Withdraw consent: Opt out of marketing emails at any time (via the unsubscribe link in any email) or change your cookie preferences via the footer link.
  • Data portability: Request your data in a portable format.
  • Lodge a complaint: You have the right to lodge a complaint with your local data protection authority.

To exercise these rights, contact us at support@soldr.pro.

Data Retention

We retain your personal data only for as long as necessary for the purposes described in this policy. Order data is retained as required by applicable tax and accounting laws. Marketing preferences are retained until you unsubscribe. Analytics data is aggregated and does not contain personal identifiers.

Security

We use commercially reasonable security measures to protect your personal data. Payment processing is handled by Shopify under PCI DSS Level 1 compliance. However, no method of transmission over the internet is completely secure.

Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

Changes to This Policy

We may update this policy from time to time. Significant changes will be posted on this page with an updated date. We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy, contact us at:

Email: support@soldr.pro