Your Data

Privacy Policy

Last updated: 13 May 2026

1. Overview

The following notice gives you a simple overview of what happens to your personal data when you visit this website.

2. Data Controller

Max Inev
Buntstrasse 1
8001 Zürich
Switzerland

Email: info@popstraplab.com

3. Data Collection on This Website

Cookies

Our website does not use tracking cookies. Only technically necessary data is processed (e.g. for form submissions).

Newsletter / Waitlist

If you sign up for our waitlist, we only need your email address. We use it exclusively to notify you about the launch.

Your email address is processed through Formspree.io (USA — DPF-certified). Legal basis: Art. 6 (1) lit. a GDPR (consent). You can withdraw your consent at any time by emailing info@popstraplab.com.

Payment Processing (Stripe)

When you place a pre-order or purchase, payment is processed by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland (“Stripe”). For card/Apple Pay/Google Pay/SEPA payments, the following data is transmitted directly to Stripe:

  • Name and billing address
  • Shipping address
  • Phone number
  • Email address
  • Order details (product, quantity, price)
  • Card details (entered directly on Stripe’s encrypted page — we never see them)
  • Payment method metadata (last 4 digits of card, expiry, country of card issuer)

Stripe acts both as data processor (Art. 28 GDPR) for order processing and as independent controller for fraud prevention. A data processing agreement is in place. Legal basis: Art. 6 (1) lit. b GDPR (contract performance) and Art. 6 (1) lit. f GDPR (legitimate interest in secure payment processing).

Stripe’s privacy policy: stripe.com/privacy. Stripe is DPF-certified (EU-US Data Privacy Framework). Transfers of personal data to Stripe’s US-affiliated entities are based on the EU-US DPF and Standard Contractual Clauses.

Order Fulfillment & Shipping (DHL)

For shipping, we share your name, shipping address, and phone number with Deutsche Post DHL Group, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany. Legal basis: Art. 6 (1) lit. b GDPR (contract performance).

DHL’s privacy policy: dhl.de/datenschutz.

Order Data Retention

Order data (invoice, address, payment confirmation) is retained for 10 years to comply with German commercial and tax law (§§ 147 AO, 257 HGB).

Hosting & Server Log Files

This website is hosted by Cloudflare, Inc. (101 Townsend Street, San Francisco, CA 94107, USA). Cloudflare is DPF-certified (EU-US Data Privacy Framework). A data processing agreement according to Art. 28 GDPR is in place. Cloudflare automatically processes server log data for security and delivery purposes:

  • IP address (anonymized after delivery)
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referrer URL

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in secure and reliable website delivery). Cloudflare’s privacy policy: cloudflare.com/privacypolicy/.

4. Your Rights

You have the right at any time to:

  • Receive information about your stored data (Art. 15 GDPR)
  • Correct inaccurate data (Art. 16 GDPR)
  • Have your data deleted (Art. 17 GDPR)
  • Restrict processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise your rights, simply email info@popstraplab.com.

5. SSL Encryption

This website uses SSL encryption for security reasons. You can recognize an encrypted connection by the “https://” in your browser’s address bar.

PopStrapLab

PopStrapLab is an independent accessory product and is not affiliated with Audemars Piguet or Swatch. “AP”, “Audemars Piguet”, “Swatch” and “Royal Pop” are registered trademarks of their respective owners. Our straps are compatible third-party accessories.

© 2026 PopStrapLab. Made in Switzerland.