Privacy Policy

The data controller is PotionCards (VAT IT12906650960). For any privacy-related matter, contact us at: privacy@potioncards.it.

We collect the following personal data:

• Registration data: name, email address, password (encrypted)
• Purchase data: shipping address, tax code/VAT (optional), order history
• Browsing data: technical cookies for site functionality (see Cookie Policy)
• Payment data: we do not store credit card data; payments are handled by Stripe and PayPal

Data is processed for:

• Managing user accounts and orders
• Issuing electronic invoices (legal obligation)
• Sending order-related communications (confirmation, shipping)
• Service improvement and site security
• Compliance with tax and legal obligations

Processing is based on:

• Contract: order management and related communications
• Legal obligation: electronic invoice issuance
• Legitimate interest: security and fraud prevention
• Consent: for marketing communications (if applicable)

Data is retained for as long as necessary:

• Account data: until profile deletion
• Order and invoice data: 10 years (Italian tax obligation)
• Browsing data: as per Cookie Policy

Data is not sold to third parties. It is shared only with:

• Stripe / PayPal: payment processing
• EasyPost / BRT / GLS / DHL: order shipping
• FattureInCloud: electronic invoice issuance
• Resend: transactional email delivery
• Supabase: database hosting (encrypted data, EU servers)

Under the GDPR (EU Reg. 2016/679) you have the right to:

• Access your personal data
• Request rectification or deletion
• Object to processing
• Request data portability
• Withdraw consent at any time
• Lodge a complaint with the supervisory authority

To exercise these rights write to: privacy@potioncards.it

For detailed information on cookies, see our Cookie Policy.

This policy may be updated periodically. Changes will be published on this page with the update date.