Privacy Policy

True Base 96 B.V. (Amsterdam, Netherlands) is the data controller for personal data collected through this website. Contact: [email protected]

• —Account data: name, email address, phone number you provide during registration
• —Order data: items purchased, shipping address, order amounts, payment status
• —Profile data: body measurements, size preferences you optionally enter
• —Usage data: pages visited, interactions, referral codes used
• —Technical data: IP address, browser type, device info, session cookies

• —Contract performance: processing orders, shipping, sending receipts (Art. 6(1)(b))
• —Legitimate interests: fraud prevention, site security, service improvement (Art. 6(1)(f))
• —Consent: analytics, marketing cookies — only when you explicitly accept (Art. 6(1)(a))
• —Legal obligation: tax records, audit logs as required by Dutch commercial law (Art. 6(1)(c))

• —Supabase (EU data centers) — database, authentication. DPA in place.
• —Stripe (US/EU) — payment processing. Card data never touches our servers. PCI-DSS compliant.
• —Resend (US) — transactional email (order receipts, notifications). DPA in place.
• —Hetzner (EU) and Cloudflare (EU/US) — website hosting, reverse proxy, DNS and CDN services. Data is processed under applicable DPA/SCC mechanisms.
• —We do not sell or share your data with advertisers or brokers.

• —Account data: retained while your account is active, deleted within 30 days of account deletion request
• —Order records: 7 years (Dutch fiscal retention requirement)
• —Audit logs: 2 years
• —Analytics data: 14 months maximum
• —Inactive accounts with no orders: deleted after 3 years of inactivity

• —Access (Art. 15): request a copy of all personal data we hold about you
• —Rectification (Art. 16): correct inaccurate or incomplete data
• —Erasure (Art. 17): request deletion of your data ('right to be forgotten')
• —Portability (Art. 20): receive your data in a structured, machine-readable format
• —Object (Art. 21): object to processing based on legitimate interests
• —Restrict (Art. 18): request we limit how we use your data
• —Withdraw consent: opt out of analytics/marketing cookies at any time via cookie settings
• —To exercise any right, email [email protected] — we respond within 30 days

We use essential cookies (required for authentication and cart), analytics cookies (only with your consent), and no advertising trackers by default. You can manage your preferences at any time via the cookie banner.

For privacy questions: [email protected]. You also have the right to lodge a complaint with your national data protection authority (in the EU: your country's DPA; in the Netherlands: Autoriteit Persoonsgegevens — www.autoriteitpersoonsgegevens.nl).

We may update this policy. Material changes will be communicated by email or a prominent notice on the site. Continued use after 30 days of notice constitutes acceptance.