Your data, handled with care

Mrs. Mood Studio [PLACEHOLDER: registered legal entity], [PLACEHOLDER: street, postal code, city, country]. Email: privacy@mrsmood.studio. We are the controller of personal data processed via this website within the meaning of Art. 4(7) GDPR.

Account & order data: name, billing and shipping address, email, phone (optional), order history. Payment data: handled by our payment service providers (PayPal, Stripe — added at M3); we never store full card numbers. Communication data: messages you send to our support inbox. Technical data: IP address (truncated), browser type, referrer, pages visited, locale preference cookie. Newsletter data (optional): email and language preference, only if you sign up.

Order fulfilment and customer service: Art. 6(1)(b) GDPR (performance of a contract). Legal record-keeping (invoices, tax records): Art. 6(1)(c) GDPR (legal obligation, §147 AO — 10-year retention). Newsletter: Art. 6(1)(a) GDPR (consent), withdrawable any time. Fraud prevention and site security: Art. 6(1)(f) GDPR (legitimate interest).

We use a small set of cookies described in detail in our Cookie Policy. We do not use Google Analytics, Meta Pixel, or any third-party advertising network. Analytics (if any) is first-party and aggregate; it does not identify individual visitors.

We share data only with processors strictly needed to fulfil your order: payment service providers (PayPal, Stripe), shipping carriers (DHL, DPD, depending on destination), email infrastructure (Resend), and hosting (Vercel — EU region where available). Each is bound by a Data Processing Agreement (DPA) under Art. 28 GDPR. We do not sell, rent, or trade personal data.

Where a processor stores data outside the EU/EEA (e.g. US-based providers), we rely on the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs) under Art. 46 GDPR. The list of processors and their data location is available on request.

Under GDPR Articles 15-22 you have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data. To exercise any of these rights write to privacy@mrsmood.studio — we respond within one month. You also have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your residence ([PLACEHOLDER: list responsible Datenschutzbehörde once company seat is fixed]).

Order data is kept for the statutory retention period (10 years for tax records in Germany; varies by jurisdiction). Account data is kept until you request deletion. Newsletter data is kept until you unsubscribe. We may update this policy when our processing changes — material changes will be communicated by email to active customers and announced on this page with the date above.