Lab
Sign in
Legal

Privacy Policy

Last updated · 2026-06-04

This Privacy Policy explains what personal data Lab collects, why we collect it, how we use it, and what rights you have under the EU General Data Protection Regulation (GDPR). Lab is operated from Nuremberg, Germany.

1. Data controller (Verantwortlicher)

The data controller (Verantwortlicher i.S.d. Art. 4 Nr. 7 DSGVO) responsible for processing your personal data is:

Akif Mursalov
Stephanstr. 37
Nuremberg, Germany
Email: thelabmarketplace@hotmail.com

2. What data we collect

Account data

When you create an account, we store your email address and a hashed password (managed by Supabase Auth). If you sign in with Google, we receive your email and name from Google.

Billing data

When you subscribe to a product, our payment processor (Stripe) stores your billing details, including name, address, and payment method. We receive a customer ID, subscription status, and billing metadata from Stripe but never see your card number or full payment details.

Product usage data

Each product you subscribe to may collect data necessary to provide its service (e.g. job applications you log, workout sessions you record). This data is described in the product's own documentation and stored separately from the marketplace.

Aggregate analytics

We use Vercel Web Analytics, a privacy-friendly, cookieless service that records aggregate page views and basic request metadata (country, referrer, browser type). It does not set cookies, does not assign cross-site identifiers, and does not process any data that identifies you personally. Because of this no consent banner is required.

What we don't collect

No advertising cookies, no behavioral tracking, no cross-site profiles. We do not sell your data.

3. Legal basis for processing

  • Contract performance (Art. 6(1)(b) GDPR) — for account creation, subscription management, and providing the service you signed up for.
  • Legitimate interest (Art. 6(1)(f) GDPR) — for fraud prevention, security, and basic server logs.
  • Legal obligation (Art. 6(1)(c) GDPR) — for retaining invoices and tax records as required by German law.
  • Consent (Art. 6(1)(a) GDPR) — for any optional processing where we ask you separately.

4. Subprocessors

We use the following service providers to operate Lab. Each is bound by a Data Processing Agreement (DPA) and processes data on our behalf:

5. Cookies

We use only strictly necessary cookies for session management (Supabase Auth session) and for routing/CDN purposes. We do not set any tracking, analytics, or advertising cookies and therefore do not display a cookie consent banner.

6. Data retention

Account data is retained while your account is active. If you delete your account, we delete or anonymize your data within 30 days, except where we are required by law to retain it longer (e.g. tax-relevant invoices for 10 years per § 147 AO). Subscription cancellation does not automatically delete your account.

7. Your rights under the GDPR

You have the right to:

  • Request access to your personal data (Art. 15 GDPR)
  • Request rectification of inaccurate data (Art. 16 GDPR)
  • Request deletion of your data (Art. 17 GDPR)
  • Request restriction of processing (Art. 18 GDPR)
  • Request data portability (Art. 20 GDPR)
  • Object to processing based on legitimate interest (Art. 21 GDPR)
  • Withdraw consent at any time, where consent is the basis
  • Lodge a complaint with a supervisory authority (Art. 77 GDPR) — for Germany, the relevant authority is the data protection commissioner of your federal state, or for Bavaria the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

To exercise any of these rights, email thelabmarketplace@hotmail.com. We respond within 30 days.

8. International transfers

Some of our subprocessors (Stripe, Vercel, Google) may process data outside the EU/EEA. These transfers are protected by EU Standard Contractual Clauses or comparable safeguards.

9. Changes

We may update this Privacy Policy. Material changes will be communicated by email or via a prominent notice on this site.