Privacy notice.

If you only use the free eligibility checker: we do not collect any personal data from you. Your device, brand, model, jurisdiction, and purchase date are processed in your browser and on our server to generate the rights summary, but they are not linked to your identity, not stored against an account, and not retained after the request finishes. We see only anonymized analytics signals (described below).

If you buy the optional €15 PDF: we collect your email address (so we can send the magic-link download) and Stripe collects your payment details on its own checkout page. We never see your card number, CVV, or full billing address. Stripe shares with us a transaction ID, the country of the card, and the success/failure status — nothing more.

We use your email for one purpose only: to send you the magic link that lets you download the PDF you paid for, plus one resend if you ask. We do not profile you. We do not score you. We do not enrich your email against external databases. We do not run automated decision-making on you. We do not send marketing unless you separately and explicitly subscribe to a newsletter (and that is a different, opt-in form).

Anonymized analytics (see Cookies & tracking) are used in aggregate only — for example, "how many people from Germany checked an iPhone this week." They are never tied back to an individual.

This site sets no cookies for tracking. We use Cloudflare Web Analytics, which is cookieless and does not fingerprint visitors. It counts page views, referrers, and country-level geography in aggregate; Cloudflare hashes the IP address for short-lived spam-prevention only and does not store it. Because Cloudflare is a US-based provider, analytics data may be processed in the United States under the EU-US Data Privacy Framework (see *International transfers* below).

We do not use Google Analytics, Meta Pixel, TikTok Pixel, LinkedIn Insight, or any third-party advertising or retargeting tag. We do not sell, rent, or share data with data brokers. We do not participate in real-time bidding (RTB).

A strictly necessary session cookie may be set only if you start a Stripe checkout, and only by Stripe on its own domain — not by us.

We use a small number of processors. Each receives only the minimum data needed to do its job, under a written data-processing agreement.

We keep the minimum, for the shortest time we can.

Free eligibility checker requests are not stored against you at all — they exist only for the seconds it takes to compute your answer.

If you bought the PDF, we keep your email and the transaction ID for 30 days after the PDF is delivered, then we delete the email from our database. We keep the anonymized transaction record (no email) for 7 years because EU and national tax law requires it.

Server logs (IP address, user-agent) are kept for up to 30 days for security and abuse prevention. Aggregate Cloudflare Web Analytics data is retained according to Cloudflare's policy (see their privacy notice); we do not store a copy on our side.

Under the EU and UK GDPR you have the right to: access the data we hold about you, rectify it if it is wrong, erase it (the "right to be forgotten"), restrict how we process it, object to processing based on legitimate interest, port your data in a machine-readable format, and lodge a complaint with your national data-protection authority (for example, the CNIL in France, the BfDI in Germany, the ICO in the UK).

If you are a California resident, the CCPA / CPRA gives you equivalent rights: to know, to delete, to correct, to opt out of "sale" or "share" of personal information (we do neither), and to non-discrimination for exercising those rights.

To exercise any of these rights, email privacy@repair-rights.com with the email address you used at checkout. We respond within 30 days, free of charge.

This site is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. The eligibility checker is informational and is intended for adult consumers, repair technicians, and consumer-rights advocates. If you believe a child has provided us with personal data (for example, by purchasing the €15 PDF), email privacy@repair-rights.com and we will delete the record promptly.

Our servers are hosted on Vercel's EU regions. Some processors transfer data to the United States: Cloudflare (web analytics) and Stripe (payment processing) operate global infrastructure that includes US data centres. Resend (transactional email — *planned*) will be configured to use its EU region when activated.

Where data leaves the European Economic Area or the United Kingdom, we rely on the legal safeguards recognised by the European Commission and the UK government:

- Adequacy decisions where they apply (for example, the EU-US Data Privacy Framework, or transfers to the UK). - Standard Contractual Clauses (SCCs) with the receiving processor, supplemented where needed by technical measures such as encryption in transit and at rest.

You can request a copy of the relevant SCCs by emailing privacy@repair-rights.com.

Questions, requests, or complaints? Email privacy@repair-rights.com. The operator and registered legal entity are listed at /about — see Richard MENDY, entrepreneur, 10 Rue de Penthièvre, 75008 Paris, France for the postal address required for formal GDPR requests. We aim to respond within 7 days for routine questions and within 30 days for formal data-subject requests, in line with GDPR Article 12.