Privacy Policy
Last updated: March 2026
1. Data controller
Isuku Verlag UG (haftungsbeschränkt)
Gabriel Isuku
Achentalstr. 3
81671 München, Germany
- Email: contact@isuku.de
- Phone: +49 (0)89 54.31.68.31
2. Data protection officer
The appointment of a data protection officer is not legally required for our company. For data protection inquiries, please contact us at the address above.
3. General information on data processing
We only process personal data of our users to the extent necessary to provide a functional website and our content and services. Personal data is only processed with the user's consent or when processing is permitted by law.
4. Legal basis
The processing of personal data is based on the following legal grounds:
- Art. 6(1)(a) GDPR — Consent of the data subject
- Art. 6(1)(b) GDPR — Performance of a contract or pre-contractual measures
- Art. 6(1)(c) GDPR — Compliance with a legal obligation (e.g. tax retention requirements)
- Art. 6(1)(f) GDPR — Legitimate interest (e.g. website security)
5. Hosting and content delivery
Cloudflare
Our website is delivered through Cloudflare (Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA). Cloudflare acts as a Content Delivery Network (CDN) and provides DDoS protection. A Data Processing Agreement (DPA) is in place with Cloudflare.
Data processed:
- IP address (anonymized)
- Access time
- HTTP request data (URL, referrer, user agent)
Retention period: Log data is stored by Cloudflare for a maximum of 72 hours.
Legal basis: Legitimate interest in the secure and efficient delivery of our website (Art. 6(1)(f) GDPR). Cloudflare is certified under the EU-US Data Privacy Framework.
More information: Cloudflare's privacy policy
Server log files
Each time our website is accessed, the web server automatically collects data transmitted by your browser (server log files):
- Page visited (URL)
- Time of access
- Amount of data transferred
- Referrer (previously visited page)
- Browser and operating system used
- IP address (anonymized)
This data is not merged with other data sources.
Retention period: Server log files are automatically deleted after 7 days.
Legal basis: Legitimate interest in ensuring trouble-free operation (Art. 6(1)(f) GDPR).
6. Cookies and consent
Necessary cookies
We use technically necessary cookies that are required for the operation of the website. These cannot be disabled.
| Cookie | Purpose | Duration |
|---|---|---|
i18n_redirected | Storing your preferred language | 1 year |
site_consent | Storing your cookie settings | 1 year |
Legal basis: § 25(2)(2) TDDDG (technically necessary) in conjunction with Art. 6(1)(f) GDPR.
Analytics cookies (consent required)
The following cookies and storage technologies are only set with your explicit consent:
| Service | Purpose | Duration |
|---|---|---|
| Sentry | Error detection and performance monitoring | Session |
Legal basis: Consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG.
Managing cookie settings
On your first visit to our website, you will be informed about the use of cookies via a banner. You can change your settings at any time via the "Cookie Settings" link in the website footer. The "Accept All" and "Reject All" buttons are designed equally (GDPR-compliant, no dark patterns).
7. Analytics and error monitoring
PostHog
We use PostHog (PostHog Inc.) for anonymous analysis of website usage. All data is processed exclusively on EU servers (eu.posthog.com). A Data Processing Agreement (DPA) is in place with PostHog.
Data collected:
- Page views
- Click behavior
- Device type and browser
- Screen size
- Time spent on pages
PostHog does not store personal data and does not use cookies. No data is shared with third parties.
Retention period: Analytics data is automatically deleted after 12 months.
Legal basis: Legitimate interest in analyzing and improving our website (Art. 6(1)(f) GDPR). PostHog is deployed without cookies and without personal tracking; consent is therefore not required.
More information: PostHog's privacy policy
Sentry (consent required)
We use Sentry (Functional Software Inc. d/b/a Sentry, 132 Hawthorne Street, San Francisco, CA 94107, USA) for error detection, performance monitoring, and anonymized session recording. Sentry is only loaded if you consent to the "Analytics" category in the cookie banner. A Data Processing Agreement (DPA) is in place with Sentry.
Data collected:
- Error messages and stack traces
- Page views and load times (performance tracing)
- Anonymized session recordings (Session Replay — text is masked, media is blocked)
- Browser, operating system, and device type
- URL of the visited page
Retention period: Error data is stored for 90 days, session replay data for 30 days.
Data transfer: Data is transmitted to servers in the USA. Sentry is certified under the EU-US Data Privacy Framework.
Legal basis: Consent (Art. 6(1)(a) GDPR) in conjunction with § 25(1) TDDDG. You may withdraw your consent at any time via the cookie settings.
More information: Sentry's privacy policy
8. Payment processing
Stripe
We use the payment service provider Stripe (Stripe Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, USA) to process payments. Stripe is only loaded when you start the checkout process. A Data Processing Agreement (DPA) is in place with Stripe.
Data transmitted during a purchase:
- Payment data (credit card number, expiration date, CVC)
- Transaction information (amount, currency, order reference)
- Delivery country (for shipping cost calculation)
Retention period: Stripe stores transaction data in accordance with statutory retention requirements (typically 10 years).
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) in conjunction with § 25(2)(2) TDDDG (technically necessary for the payment process requested by the user). Stripe is certified under the EU-US Data Privacy Framework.
More information: Stripe's privacy policy
9. Order processing and customer data
When placing an order through our online shop, we process the following data:
- Name
- Email address
- Delivery address (for physical products)
- Order details (product, quantity, price)
Purpose: Contract fulfillment, shipping, and customer service.
Retention period: Order data is stored for 10 years in accordance with commercial and tax law retention requirements (§ 257 HGB, § 147 AO). After expiration, the data is deleted.
Recipients: Payment data is transmitted to Stripe (see section 8). For physical shipments, the name and delivery address are shared with the commissioned shipping provider.
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) and compliance with legal obligations (Art. 6(1)(c) GDPR).
Note: Providing your personal data is necessary for the conclusion of the contract. Without this data, we cannot process your order.
10. Recipients and data transfers
Your personal data is shared with the following categories of recipients:
| Recipient | Purpose | Location | Basis for third-country transfer |
|---|---|---|---|
| Cloudflare Inc. | Hosting, CDN, DDoS protection | USA | EU-US Data Privacy Framework |
| PostHog Inc. | Website analytics | EU (Frankfurt) | — (no third-country transfer) |
| Sentry (Functional Software Inc.) | Error monitoring (consent only) | USA | EU-US Data Privacy Framework |
| Stripe Inc. | Payment processing | USA | EU-US Data Privacy Framework |
Beyond this, we only share data when legally obligated to do so (e.g. with tax authorities).
11. Your rights
As a data subject, you have the following rights:
- Right of access (Art. 15 GDPR) — You may request information about the personal data we process.
- Right to rectification (Art. 16 GDPR) — You may request the correction of inaccurate data.
- Right to erasure (Art. 17 GDPR) — You may request the deletion of your data, provided no statutory retention obligations apply (e.g. § 257 HGB: 10 years for commercial records). Deletion requests can be sent via email to the contact address above. We will respond within one month (Art. 12(3) GDPR).
- Right to restriction (Art. 18 GDPR) — You may request the restriction of processing of your data.
- Right to data portability (Art. 20 GDPR) — You may request that we provide your data in a structured, commonly used, and machine-readable format.
- Right to object (Art. 21 GDPR) — You may object to the processing of your data at any time where the processing is based on legitimate interest.
- Right to withdraw consent (Art. 7(3) GDPR) — You may withdraw any given consent at any time with future effect, e.g. via the cookie settings in the footer.
12. Automated decision-making
No automated decision-making including profiling pursuant to Art. 22 GDPR takes place.
13. Right to lodge a complaint
You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.
Competent supervisory authority:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Promenade 18 91522 Ansbach, Germany https://www.lda.bayern.de
14. Changes
We reserve the right to update this privacy policy to reflect changes in legal requirements or our data processing practices. The current version can always be found on this page.