Privacy Policy

Cutify (VAT: 159291160, GEMI: 167806503000), Thermopylon 39, Argyroupoli, Greece, is the data controller for personal data collected through cutify.gr.

Contact: info@cutify.gr

• Account data: Full name, email address, encrypted password.
• Order data: Shipping/billing address, phone number, products ordered, personalisation text.
• Payment: Processed exclusively by Stripe. We never store card numbers or CVV.
• Technical data: IP address, browser type, cookies.

We share data only with the following processors under contractual agreements:

• Supabase – Database & storage (EU servers / AWS eu-west-1)
• Stripe Inc. – Payment processing (US servers, Standard Contractual Clauses)
• Resend – Transactional email (EU servers)
• Vercel Inc. – Hosting (EU servers)

We never sell personal data to third parties.

• Strictly necessary: Authentication session (Supabase) and cart state (localStorage). No consent required.
• Analytics / marketing: Only activated after explicit consent via the cookie banner.

You may withdraw consent at any time by clearing your browser cookies.

• Account data: Until account deletion.
• Order data: 5 years from order date (tax law requirement).
• Marketing emails: Until consent is withdrawn.

You have the right to:

• Access the data we hold about you.
• Rectification of inaccurate or incomplete data.
• Erasure (“right to be forgotten”), where no legal retention obligation exists.
• Data portability in a structured format.
• Object to processing for marketing purposes.
• Restriction of processing.

To exercise your rights: info@cutify.gr. We respond within 30 days.

You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA): www.dpa.gr

We may update this policy. Material changes will be communicated via email or a banner on the site.