🥔
PotatoPost

Privacy Policy

Last updated: 10 June 2026

The short version 🥔

We collect only what we need to ship you a potato. We don't sell your data. We're GDPR-compliant. Want it deleted? Email us and it's gone.

1. Who we are

PotatoPost GmbH ("PotatoPost", "we", "us") is the controller of personal data collected through this website. Address: Friedrichstraße 100, 10117 Berlin, Germany. Contact: hello@potatomagic.eu.

2. What we collect

  • Order data: name, shipping address, email, phone (optional), and the message you want printed on your potato.
  • Account data: email and password hash, if you create an account.
  • Payment data: handled entirely by Stripe — we never see or store your card number.
  • Usage data: basic analytics (page views, device type, anonymised IP) to improve the site.
  • Cookies: see section 6 below.

3. Why we use it

  • To print, ship, and deliver your order.
  • To reply to your messages and provide support.
  • To send transactional emails (order confirmation, shipping updates).
  • To send marketing emails — only if you opted in. Unsubscribe any time.
  • To prevent fraud and comply with German tax law.

4. Legal basis (GDPR Art. 6)

We process data to perform the contract (your order), to comply with legal obligations (tax, accounting), with your consent (marketing, optional cookies), and for our legitimate interest (fraud prevention, basic analytics).

5. How long we keep it

Order records: 10 years (German commercial law). Account data: until you delete your account. Marketing consent: until you unsubscribe. Support messages: 3 years.

6. Cookies

We use a small number of cookies. The essential ones (cart, session, language) are always on. Optional analytics cookies only run if you accept them in our cookie banner. You can change your choice any time by clearing potatopost_cookie_consent in your browser storage.

7. Sharing

We share data only with processors that help us run the service:

  • Stripe — payment processing
  • DHL / Deutsche Post — shipping
  • Supabase / Cloudflare — hosting & infrastructure (EU regions)
  • Email provider — transactional & opt-in marketing email

We never sell your data. Ever.

8. Your rights

Under GDPR you can access, correct, delete, port, restrict or object to processing of your data, and withdraw consent. Email hello@potatomagic.eu and we'll act within 30 days. You can also complain to your local data protection authority (in Germany: BfDI).

9. Children

PotatoPost is not intended for users under 16. We don't knowingly collect data from children.

10. Changes

If we change this policy we'll update the "last updated" date and, for big changes, send a notice by email.

Questions about your data?

Drop us a note — we reply within 1 day.

Read the Terms of Service

The rules of the spud game.