Privacy Policy

Andean Bear Studios GmbH (“we,” “us,” “our”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and share your personal information when you visit our website, purchase or use our software products, or interact with us.

This policy complies with the Swiss Federal Act on Data Protection (FADP) and the European Union's General Data Protection Regulation (GDPR) where applicable.

1. Data Controller

The data controller responsible for your personal data is:

For all privacy-related inquiries, questions about your data, or to exercise your rights, please contact us at the above email address.

2. Personal Data We Collect

2.1 Information You Provide

We collect information you voluntarily provide to us when you:

• Contact us through forms on our website (name, email address, message content)
• Purchase software products (billing information, payment details processed by Paddle)

2.2 Automatically Collected Information

Our website does not use analytics, tracking scripts, or cookies to monitor your activity. Your theme preference (light/dark mode) is stored locally in your browser and is not transmitted to us.

2.3 Third-Party Data

We may receive information about you from our payment processor (Paddle) or email service provider (Resend) when you interact with us through those platforms.

3. How We Use Your Personal Data

We process your personal data for the following purposes:

• Product delivery and support: To deliver software products, process support requests, and respond to your inquiries
• Payment processing: To process transactions and manage billing (via Paddle)
• Communication: To send transactional emails, product updates, and respond to your messages
• Legal compliance: To comply with legal obligations, resolve disputes, and enforce our agreements
• Security: To protect against fraud, unauthorized access, and other security threats

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and Switzerland, we process your personal data based on the following legal grounds:

• Contractual necessity: Processing is necessary to perform a contract with you (e.g., delivering products you purchased)
• Consent: You have given explicit consent for specific processing activities (e.g., marketing emails)
• Legitimate interests: Processing is necessary for our legitimate business interests (e.g., analytics, fraud prevention) that do not override your rights
• Legal obligation: Processing is required to comply with applicable laws and regulations

5. Sharing Your Personal Data

We do not sell your personal data. We may share your data with the following third-party service providers who help us operate our business:

5.1 Payment Processor

Paddle.com acts as our Merchant of Record and processes all payments. When you purchase products, your payment information is collected and processed by Paddle in accordance with their privacy policy.

5.2 Email Service Provider

We use Resend to send transactional emails and communications. Your email address and related communication data may be processed by Resend.

5.3 Legal Disclosures

We may disclose your personal data if required by law, court order, or governmental authority, or to protect our rights, property, or safety, or that of others.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Contact form inquiries: Retained for up to 2 years after last contact
• Purchase records: Retained for 10 years for tax and accounting purposes (legal requirement)

You may request deletion of your data at any time by contacting us (subject to legal retention obligations).

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside of Switzerland and the European Economic Area (EEA), including countries that may not provide the same level of data protection.

When we transfer data internationally, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission and Swiss authorities
• Adequacy decisions recognizing certain countries as providing adequate protection
• Other legally recognized transfer mechanisms as applicable

8. Your Data Protection Rights

Under Swiss FADP and GDPR (where applicable), you have the following rights regarding your personal data:

8.1 Right of Access

You have the right to request a copy of the personal data we hold about you.

8.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure (“Right to be Forgotten”)

You have the right to request deletion of your personal data under certain conditions (e.g., when data is no longer necessary or consent is withdrawn).

8.4 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

8.5 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

8.6 Right to Restrict Processing

You have the right to request restriction of processing under certain circumstances (e.g., while we verify accuracy of disputed data).

8.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local supervisory authority if you believe we have violated your data protection rights.

9. Cookies and Tracking Technologies

Our website does not use cookies, analytics scripts, or any other tracking technologies. Your theme preference (light/dark mode) is stored locally in your browser using local storage and is never transmitted to our servers.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (HTTPS/TLS) and at rest where appropriate
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Employee training on data protection and security practices
• Secure third-party service provider agreements

While we strive to protect your personal data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

11. Children's Privacy

Our products and website are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make material changes, we will notify you by:

• Updating the “Last updated” date at the top of this page
• Posting a notice on our website homepage
• Sending an email notification (if you have provided your email address)

We encourage you to review this Privacy Policy periodically. Your continued use of our products or website after changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: