Sellable - Turn Ideas into Digital Products in 2 Minutes

Last updated: 2026-01-09

1. Controller

Katharina Helena Weiser (sole proprietor / small business)
Rheinfelsstr. 22
55469 Simmern (Hunsrück), Germany
Contact: help@sellable.site

2. Overview

This Privacy Policy explains how we process personal data when you use our website and service ("Sellable"), including what data we collect, why we process it, and which third-party services we use.

3. Hosting (Vercel)

We host the website with Vercel. Server logs may include IP address, date/time, requested page, referrer URL, and user agent. Processing is based on Art. 6(1)(f) GDPR (legitimate interest in secure and reliable operation).
Our configuration targets the Frankfurt (fra1) region.

4. Supabase (Authentication, Database, Edge Functions)

We use Supabase for authentication, database, and optionally Edge Functions. We process:

Account data: email address, login data (passwords are never stored in plaintext), optionally first and last name
Plan & usage data: plan name, limits, usage counters (e.g., number of products created)
Product/content data: inputs provided by you, generated outputs (e.g., HTML), operational metadata (token counts, duration, cost)

Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (security, fraud prevention, stability)

5. Account registration & login (including Google OAuth)

You can create an account to access protected areas. Optionally, you may sign in via Google OAuth. Google processes data as part of authentication; we receive identifiers (email, user ID) to link the login to your Sellable account.

6. AI features (OpenAI)

We use the OpenAI API to generate content. Information you submit (e.g., product description, optional author name) is transmitted to OpenAI.
Legal basis: Art. 6(1)(b) GDPR (contract).
Note: Depending on configuration, processing may involve transfers outside the EU/EEA (e.g., USA). Where required, these transfers are protected using mechanisms such as Standard Contractual Clauses.

7. Payments (Stripe)

Stripe handles payment processing. We receive/store technical identifiers (Customer ID, Subscription ID, plan info) to manage access.
Legal basis: Art. 6(1)(b) GDPR

8. Affiliate program (Endorsely)

We use Endorsely for our affiliate program. Endorsely may process referral data, clicks, conversion events, and cookies to attribute referrals and calculate payouts. Depending on setup, this is based on Art. 6(1)(f) GDPR (legitimate interest) and, where consent is required, Art. 6(1)(a) GDPR.

Note: If you implement Endorsely with persistent cookies/LocalStorage for referral tracking, user consent via a cookie banner is required.

9. External resources (Google Fonts)

We load fonts via Google Fonts (fonts.googleapis.com / fonts.gstatic.com). This may transmit your IP address to Google.
Legal basis: Art. 6(1)(f) GDPR, and consent if required.

10. Cookies / browser storage

We use technically necessary storage to provide login and app functionality (e.g., Supabase Auth sessions). Functional storage (sessionStorage) may also be used for UI/performance.

11. Retention

Data is retained only as long as necessary or legally required. Typically, account data and generated content are stored until you delete your account unless legal retention obligations apply.

12. Your rights

Where applicable, you have the right to access, rectification, erasure, restriction, data portability, and to object. Consent-based processing can be withdrawn at any time. You may lodge a complaint with a supervisory authority.

13. Contact

help@sellable.site