ALGORITHMIC AUTHENTICITY SCORINGNEXT ARCHIVE INJECTION IN 00:00COMPLIMENTARY EU SHIPPING ON ORDERS OVER $150ONE-OF-ONE CURATED SELECTIONSREAL-TIME PULSE UPDATES EVERY 60 MINUTESSECURED BY AUVRA ARCHIVE INTEGRITY
ALGORITHMIC AUTHENTICITY SCORINGNEXT ARCHIVE INJECTION IN 00:00COMPLIMENTARY EU SHIPPING ON ORDERS OVER $150ONE-OF-ONE CURATED SELECTIONSREAL-TIME PULSE UPDATES EVERY 60 MINUTESSECURED BY AUVRA ARCHIVE INTEGRITY
ALGORITHMIC AUTHENTICITY SCORINGNEXT ARCHIVE INJECTION IN 00:00COMPLIMENTARY EU SHIPPING ON ORDERS OVER $150ONE-OF-ONE CURATED SELECTIONSREAL-TIME PULSE UPDATES EVERY 60 MINUTESSECURED BY AUVRA ARCHIVE INTEGRITY
ALGORITHMIC AUTHENTICITY SCORINGNEXT ARCHIVE INJECTION IN 00:00COMPLIMENTARY EU SHIPPING ON ORDERS OVER $150ONE-OF-ONE CURATED SELECTIONSREAL-TIME PULSE UPDATES EVERY 60 MINUTESSECURED BY AUVRA ARCHIVE INTEGRITY
AUVRA
Return to Archive

Privacy & GDPR

Lawful Basis for Processing

We process your personal data based on Contractual Necessity (to fulfil your order) and Legal Obligation (for tax and accounting purposes). For analytics, attribution tracking, and marketing communications, we rely on your Explicit Consent given through our cookie preference banner.

Data Controller

Auvra (operated by mbn-code.dk) is the data controller. Contact: malthe@mbn-code.dk. We only collect data that is strictly necessary for the stated purposes below.

Information We Collect

  • Identity: Name and email address, collected at checkout or newsletter signup.
  • Fulfilment: Shipping address and phone number are collected at checkout only if required for physical utility products. For digital access (source links), only an email is required.
  • Financial: We use Stripe for payments. We do not store or see your credit card details.
  • Analytics (consent-based): If you accept cookies, we collect anonymised page-view and interaction events (via our internal Pulse analytics system) and aggregate traffic data (via Vercel Analytics). This data does not contain your name or email.
  • Attribution (consent-based): If you arrive via a referral or campaign link containing a utm_creative_id or ref parameter, that identifier is stored in a cookie to measure campaign effectiveness. This is only set with your consent.
  • Fingerprinting (consent-based): With your consent, a non-persistent session fingerprint is derived from your IP address and browser user-agent (SHA-256 hashed) for fraud-detection and deduplication purposes. This is not used for cross-site tracking.
  • Newsletter consent record: When you sign up for our newsletter, we store a SHA-256 hash of your email address, the timestamp of consent, and your IP address. This is required to demonstrate lawful basis under GDPR Art. 7.

Cookies

We use the following cookies:

  • auvra_session_id — Essential. A random session identifier required for checkout and order tracking. Expires in 30 days.
  • auvra_consent — Essential. Stores your cookie preference so we respect it on subsequent visits.
  • auvra_fingerprint — Analytics. Consent-based. A hashed device fingerprint for fraud detection. Expires in 30 days.
  • auvra_creative_id — Analytics/Attribution. Consent-based. Stores a campaign reference ID if you arrived via a tracked link. Expires in 30 days.

You can withdraw your consent at any time by clearing your browser cookies or adjusting your preference through our cookie banner (reload the page after clearing the auvra_consent cookie to see the banner again).

Third-Party Processors

We utilise the following processors under Data Processing Agreements:

  • Stripe: Payment processing and fraud protection. Data transferred under EU Standard Contractual Clauses.
  • Resend: Transactional email delivery (order confirmations, welcome emails).
  • Supabase: Encrypted database storage for orders, profiles, and consent records.
  • Cloudinary: Image processing and delivery for product photography.
  • Vercel: Website hosting and aggregate traffic analytics (no personally identifiable information is collected by Vercel Analytics).

Data Subject Rights

Under GDPR, you have the following rights regarding your personal data:

  • Access: Request a copy of your personal data.
  • Correction: Request correction of inaccurate data.
  • Erasure: Request deletion of your data (Right to be Forgotten).
  • Portability: Request a transfer of your data to another service.
  • Objection: Object to processing based on legitimate interests.
  • Withdrawal: Withdraw your consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email malthe@mbn-code.dk.

You also have the right to lodge a complaint with your national supervisory authority. In Denmark: Datatilsynet (datatilsynet.dk).

Security Measures

We implement high-level technical security, including TLS encryption in transit, encrypted database storage, HMAC-signed admin sessions, and strict data minimisation. Our infrastructure partners (Stripe, Vercel, Supabase) are industry leaders in secure cloud operations.

Data Retention

We retain transaction and order data for the minimum period required by Danish tax law (typically 5 years). Shipping address data is cleared once the return period has expired. Newsletter consent records are retained for as long as you remain a subscriber, plus 3 years thereafter to demonstrate historical consent. Analytics data is retained for a maximum of 12 months.