Privacy Policy
Last updated: 8 April 2026
This Privacy Policy explains how FLUENT STUDIO d.o.o. ("Sellcheck", "we", "us") collects, uses, and protects your personal data when you visit sellcheck.eu and use our free EU EPR compliance checker. We comply with the EU General Data Protection Regulation (GDPR) and the applicable national data protection laws in Croatia.
1. Who we are (Data controller)
The data controller responsible for your personal data is:
- FLUENT STUDIO d.o.o. (trading as "Sellcheck")
- Ulica Pajači 4, 10380 Donje Oresje, Croatia (EU)
- Registration number (MBS): 081687826
- VAT number: HR05248825572
- Contact for privacy matters: [email protected]
If you have any question about this policy or want to exercise your data protection rights, please contact us at the email above.
2. What data we collect
2.1 Information you provide voluntarily
When you use the compliance checker and submit the optional signup form, we collect:
- Email address (required for early-access signup)
- Your selections in the checker: product categories, EU countries you ship to, country where your company is based, and sales channels you use
- Computed results: the compliance obligations, country count, and estimated fees that Sellcheck generated based on your selections
Providing this information is entirely optional. You can use the compliance checker fully without ever entering an email address.
2.2 Information collected automatically
When you visit sellcheck.eu, we and our processors automatically collect:
- Technical data: IP address, browser type and version, operating system, device type, referring URL, pages visited, time spent on pages, language preference, approximate location (country/region, derived from IP)
- Behavioural events: which steps of the checker you view and complete, which selections you make, whether you abandon the checker before finishing, and whether you submit the signup form
- Session identifiers: a random, anonymous ID stored locally in your browser to count unique visitors and stitch together sessions for analytics purposes
3. Why we collect your data (Legal basis)
| Purpose | Data used | Legal basis (GDPR Art. 6) |
|---|---|---|
| Provide the compliance checker | Your selections (products, countries, channels) | Legitimate interest (Art. 6(1)(f)) — to deliver the requested service |
| Early-access signup and notifications | Email address, selections, computed results | Consent (Art. 6(1)(a)) — given by submitting the form |
| Product analytics (funnel, drop-off, feature usage) | Technical data, behavioural events, session identifier | Legitimate interest (Art. 6(1)(f)) — to measure and improve the tool |
| Spam and abuse prevention | IP address, honeypot field, user agent | Legitimate interest (Art. 6(1)(f)) |
| Security, hosting, delivery | IP address, request logs | Legitimate interest (Art. 6(1)(f)) |
4. How long we keep your data
- Signup data (email + selections): retained until you request deletion, or for a maximum of 3 years of inactivity, whichever comes first.
- Analytics data: retained for up to 12 months in PostHog, then deleted automatically.
- Server and security logs: typically 30 days, rolled over automatically by our hosting providers.
5. Who we share your data with (Processors)
We do not sell your personal data. We share data with trusted third-party processors that help us operate the service. All processors are bound by data processing agreements and process data on our instructions only.
| Processor | Purpose | Data processed | Location |
|---|---|---|---|
| Netlify, Inc. | Website hosting, form submission storage | IP, request logs, form submissions (email, selections) | United States (with EU Standard Contractual Clauses) |
| PostHog Inc. | Product analytics (funnel, session events) | Technical data, behavioural events, identified email (only on signup) | EU (eu.i.posthog.com — data stored in Frankfurt, Germany) |
| Cloudflare, Inc. | DNS, CDN, DDoS protection | IP, request logs | Global CDN with EU edge |
| Google LLC (Google Fonts) | Web fonts (DM Sans, Fraunces) | IP, user agent (when loading font files) | Global |
6. International data transfers
Some of our processors (Netlify, Cloudflare, Google) are based in the United States or operate globally. Where personal data is transferred outside the European Economic Area (EEA), we rely on the following safeguards under Chapter V GDPR:
- Adequacy decisions where applicable (e.g. the EU–US Data Privacy Framework)
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Supplementary technical measures such as encryption in transit (TLS)
Our main product analytics provider, PostHog, is configured to use its EU region (Frankfurt, Germany), so behavioural analytics data stays within the EU.
7. Cookies and similar technologies
Sellcheck currently uses no cookies for tracking or advertising. We use only the following browser storage:
- PostHog local storage: a random anonymous identifier stored in your browser's
localStorageso we can count unique sessions. It contains no personal information unless you submit the signup form (at which point your email is linked to the identifier).
We do not use Google Analytics, Meta Pixel, advertising cookies, or retargeting pixels at this time. If we add any in the future, we will update this policy and ask for your consent where required.
8. Your rights under the GDPR
If you are in the EU/EEA, you have the following rights regarding your personal data:
- Right of access (Art. 15) — get a copy of the data we hold about you
- Right to rectification (Art. 16) — correct inaccurate or incomplete data
- Right to erasure (Art. 17) — ask us to delete your data ("right to be forgotten")
- Right to restriction of processing (Art. 18)
- Right to data portability (Art. 20) — receive your data in a portable format
- Right to object (Art. 21) — object to processing based on legitimate interest
- Right to withdraw consent (Art. 7(3)) — at any time, without affecting the lawfulness of prior processing
- Right to lodge a complaint with your national supervisory authority
To exercise any of these rights, email us at [email protected]. We will respond within 30 days.
9. How we protect your data
We use industry-standard technical and organisational measures to protect your data, including:
- HTTPS/TLS encryption for all data in transit
- Minimal data collection — we only collect what is strictly necessary
- Processors selected for strong security practices and GDPR compliance
- Security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy, HSTS)
No system is completely secure; we cannot guarantee absolute security of your data, but we take reasonable steps to protect it.
10. Children's privacy
Sellcheck is a business-to-business tool aimed at online sellers. It is not directed at children under 16 years of age, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. Changes to this policy
We may update this policy from time to time to reflect changes in our practices, processors, or the law. The "Last updated" date at the top shows the latest revision. If we make material changes, we will notify users who have signed up by email and by a prominent notice on the homepage.
12. Contact
For any privacy-related question or request, contact:
- FLUENT STUDIO d.o.o.
- Ulica Pajači 4, 10380 Donje Oresje, Croatia
- Email: [email protected]
- Website: https://sellcheck.eu
If you are not satisfied with our response, you have the right to lodge a complaint with the data protection authority in your EU member state. A list of national authorities is available at edpb.europa.eu.