← back

Privacy Policy

1. Controller

The data controller responsible for processing on this website:
DotRockets Services LLP
1103-11871 Horseshoe Way
V7A 5H5 Richmond, B.C., Canada
Represented by Björn Puls
General contact: hello@yoursoulname.com
Privacy requests: hello@yoursoulname.com

Representative in the EU (Art. 27 GDPR): As a Limited Liability Partnership established outside the European Union, we are currently reviewing the appointment of a representative under Art. 27 GDPR. For any and all data-protection matters — access, erasure, objection — you can reach us directly, without detour, at hello@yoursoulname.com. Requests are handled within the statutory deadlines.

2. Scope and general notes on data processing

This policy describes how we process personal data on yoursoulname.com, including the homepage, the soul-type quiz, the blog, the thank-you page, and any forms we provide. We process personal data only as far as necessary to provide a functional website and to deliver our content and services. Processing is typically based on your consent (Art. 6 (1) (a) GDPR), on contract performance (Art. 6 (1) (b) GDPR), or on a legitimate interest (Art. 6 (1) (f) GDPR).

3. Server log files

When you visit this website, the hosting provider automatically stores information in log files: IP address, date and time of the request, requested URL, referrer, browser, and operating system. This data is deleted after no more than fourteen days and is not combined with other data sources. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in the secure operation of the website).

4. Hosting

This website is hosted on servers of Hostinger International Ltd. located in Germany (European Union). yoursoulname.com runs on the same infrastructure as our German sister site seelenname.de. The hoster processes personal data solely to fulfill the hosting contract; a data processing agreement under Art. 28 GDPR is in place. For transactional quiz and welcome emails we additionally use the SMTP service of all-inkl.com (Neue Medien Münnich, Germany) — also covered by a DPA.

5. Data transfer to Canada

Parts of the processing take place in Canada, because we operate as a Canadian LLP and our internal systems are located there. On 20 December 2001 the European Commission issued Adequacy Decision 2002/2/EC, confirming that Canada ensures an adequate level of data protection for commercial organizations subject to the Personal Information Protection and Electronic Documents Act (PIPEDA). In plain English: the EU has officially recognized that Canadian privacy law provides comparable protection to the GDPR for commercial data flows, so no additional Standard Contractual Clauses (SCCs) are required for transfers to Canada.

6. Data transfer to the United States

Some of the services we rely on are operated by providers based in the United States. The legal basis for transfers to the USA is the EU–US Data Privacy Framework (DPF) Adequacy Decision of 10 July 2023 for DPF-certified providers, and otherwise Standard Contractual Clauses (SCCs) under Art. 46 (2) (c) GDPR.

  • Meta Platforms, Inc. (Facebook Pixel) — DPF-certified
  • Pinterest, Inc. (Pinterest Tag + Conversions API) — DPF-certified
  • Microsoft Corporation (Microsoft Clarity, heatmaps & session recordings) — DPF-certified
  • Resend, Inc. (transactional email, dispatch via AWS) — DPF-certified
  • Kit, Inc. (newsletter / quiz subscribers, where used) — transfer secured via SCCs
  • Kit, Inc. (USA) — DPF-certified processor, used for newsletter and quiz-subscriber management

7. Processors (Art. 28 GDPR)

We use the following processors. Data processing agreements under Art. 28 GDPR are in place with every provider where legally required.

  • Kit, Inc. (formerly ConvertKit, based in the USA) — primary newsletter and CRM provider for our English-speaking audience, used to send welcome sequences, buyer follow-ups, and list segmentation. Processed data: email address, optional first name, consent timestamp, tags (e.g. quiz result, buyer status). Legal basis: consent. DPA under Art. 28 GDPR + EU-US Data Privacy Framework (DPF).
  • Kit, Inc. (formerly ConvertKit, based in the USA) — used where required for newsletter broadcasts and quiz-subscriber management that are shared with our German operation. Processed data: email address, optional first name, tags (e.g. quiz result). Legal basis: consent. DPA under Art. 28 GDPR + DPF.
  • Resend, Inc. (based in the USA) — transactional email delivery (confirmations, PDF receipts, personal replies from Björn). Processed data: email address and email content. DPA + DPF.
  • Plausible Analytics (self-hosted on our own server infrastructure at Hostinger, Germany) — cookie-free web analytics, anonymized session data. Because we operate the infrastructure ourselves, no separate DPA is required.
  • Gumroad, Inc. (548 Market Street, San Francisco, CA 94104-5401, USA) — reseller of record and independent controller for payment processing. When you purchase, order and payment data are passed to Gumroad. Gumroad privacy policy: gumroad.com/privacy.
  • Meta Platforms Ireland Ltd. (4 Grand Canal Square, Dublin 2, Ireland; the EU entity that serves EU users) — conversion tracking via the Facebook Pixel, loaded only after you have given consent. DPA + DPF (the latter covers the US parent Meta Platforms, Inc.).
  • Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland; the EU entity that serves EU users) — advertising attribution and conversion tracking via the Pinterest Tag (browser) and Conversions API (server-side), loaded only after you have given consent. DPA + DPF (covers the US parent Pinterest, Inc.).
  • Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland) — Microsoft Clarity (heatmaps and anonymized session recordings), loaded only after you have given consent. DPA via the Microsoft Online Services Terms; DPF covers the US parent Microsoft Corporation.
  • Hostinger International Ltd. (servers in Germany) — web hosting. DPA under Art. 28 GDPR in place.
  • all-inkl.com (Neue Medien Münnich, Germany) — SMTP relay for transactional quiz and welcome emails. Existing DPA.

8. Newsletter (quiz funnel + welcome sequence)

After you complete the quiz you may choose to receive your result and our welcome sequence by email. We use a double opt-in procedure: you receive a confirmation email with a link that you must click before we add you to our list.

Processor is Kit, Inc. (USA, DPF-certified). The following data is processed: your email address, the IP address at the time of signup, the timestamp of your consent, and your quiz result (stored as a tag). Legal basis: your consent under Art. 6 (1) (a) GDPR.

You can withdraw your consent at any time — either via the unsubscribe link at the foot of every email, or informally by emailing hello@yoursoulname.com. Retention: until you unsubscribe. Once you unsubscribe, we delete your data within 30 days unless a statutory retention obligation applies.

9. Quiz and forms

On /quiz we collect your answers and — if you opt in to the newsletter — your email address. The quiz answers are processed briefly server-side to calculate your result (your soul type). After that, only the result is stored as a tag in Kit. The individual raw answers are not kept persistently.

Legal basis: consent under Art. 6 (1) (a) GDPR.

10. Generating your personal Soul Name PDF

After your purchase you are redirected to a thank-you page where you enter your birth name and (optionally) your birth date. These details are used exclusively to generate your personal PDF. The inputs are not stored persistently — the PDF is generated server-side and delivered straight to you by email. Legal basis: Art. 6 (1) (b) GDPR (performance of contract).

11. Payment processing via Gumroad

The sale is processed by Gumroad, Inc., 548 Market Street, San Francisco, CA 94104-5401, USA, acting as reseller of record. As an independent controller, Gumroad collects and processes your order and payment data (name, email, payment information, billing country). We receive only the data necessary to deliver the product. Gumroad's privacy policy is available at gumroad.com/privacy.

12. Cookies, analytics & marketing pixels

Strictly necessary: we store only your cookie decision itself in your browser (localStorage key: yoursoulname_consent) so that we do not ask again on every visit. That entry contains no personal content and is not transmitted to us. Legal basis: strict necessity under applicable ePrivacy rules. In addition, a technical session cookie may be set by Astro, used solely to operate the site.

Analytics (Plausible): we use Plausible (self-hosted on our own server infrastructure at Hostinger, Germany), a cookie-free and privacy-friendly analytics tool. No cookies are set and no personal data is transmitted to third parties. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in aggregated audience measurement).

Marketing pixel (Meta / Facebook): only if you have actively consented do we load the Facebook Pixel (provider: Meta Platforms Ireland Ltd.). Doing so sets the cookies _fbp and fr and transmits, among other things, your IP address, user agent, and visited pages to Meta — including transfers to the USA (DPF). Legal basis: Art. 6 (1) (a) GDPR in conjunction with applicable ePrivacy rules. You can withdraw your consent at any time via Cookie settings. Meta's privacy policy: facebook.com/privacy/policy.

Marketing pixel (Pinterest): only if you have actively consented do we load the Pinterest Tag (provider: Pinterest Europe Ltd.). Doing so sets cookies including _pin_unauth, _routing_id, _b and transmits — among other things — your IP address, user agent, visited pages, and (where you provide it) hashed email and name to Pinterest, including transfers to the USA (DPF). Where you complete the quiz or check out, additional server-side conversion events are sent via the Pinterest Conversions API; in those server-side events, identifying fields (email, name) are SHA-256-hashed before transmission. Legal basis: Art. 6 (1) (a) GDPR in conjunction with applicable ePrivacy rules. You can withdraw your consent at any time via Cookie settings. Pinterest's privacy policy: policy.pinterest.com/privacy-policy.

Heatmaps & session recordings (Microsoft Clarity): only if you have actively consented do we load Microsoft Clarity (provider: Microsoft Ireland Operations Limited, Dublin, Ireland; with onward transfer to the US parent Microsoft Corporation where applicable). Clarity captures anonymized mouse movements, clicks, scroll behavior, and a reconstructed render of the page (DOM) — no keystrokes inside input fields, no audio or video recording. Cookies set include _clck, _clsk and possibly MUID; your IP address, user agent and visited pages are transmitted to Microsoft, including transfers to the USA (DPF). Retention: 30 days for recordings, up to 13 months for aggregated heatmap data. Purpose: detect usability issues and improve the site. Legal basis: Art. 6 (1) (a) GDPR in conjunction with applicable ePrivacy rules. You can withdraw your consent at any time via Cookie settings. Microsoft's privacy statement: privacy.microsoft.com/en-us/privacystatement.

13. Fonts

Typefaces (Cormorant Garamond, Inter, Parisienne) are served locally from our own server. No connection to external providers such as Google Fonts is made; your IP address is not transmitted to any third party for the purpose of font delivery.

14. Retention periods

We retain personal data only for as long as necessary for the respective purpose, or as required by statutory retention obligations.

  • Newsletter subscribers: until you unsubscribe, then deletion within 30 days
  • Server logs: max. 14 days
  • Quiz answers: not stored persistently (only the result is kept as a tag in Kit)
  • Order data (via Gumroad): retained by Gumroad in accordance with their data retention policy and applicable US tax / commercial law
  • Communication emails (to Björn): up to 12 months after the last contact

15. Your rights

You have the right at any time to request access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and to object to processing (Art. 21). Any consent you have given can be withdrawn at any time with effect for the future. To exercise your rights, an informal email to hello@yoursoulname.com is sufficient.

Right to object to direct marketing: you have the right to object, at any time, to the processing of your data for direct-marketing purposes. If you object to processing for direct-marketing purposes, your data will no longer be processed for those purposes (Art. 21 (2) GDPR). The objection can be made informally — for example by email to hello@yoursoulname.com or via the unsubscribe link in any of our emails.

15a. Notice for California residents (CCPA / CPRA)

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act):

  • Right to know what personal information we collect about you and how we use it (categories listed in sections 4 – 11 above).
  • Right to delete the personal information we hold about you, subject to legal retention obligations.
  • Right to correct inaccurate personal information.
  • Right to opt out of "sale" or "sharing" of personal information. We do not sell your personal information, and we do not share it for cross-context behavioral advertising. There is therefore no opt-out signal you need to send us. If you nevertheless wish to confirm your status, email us.
  • Right to non-discrimination — exercising any of these rights will not result in different pricing, denial of service, or any other negative treatment.
  • Right to limit use of sensitive personal information — we do not collect "sensitive personal information" within the CCPA definition (no precise geolocation, no government IDs, no biometric data, no health data, no racial / religious / sexual-orientation data).

To exercise any of these rights, send a request to hello@yoursoulname.com. We will verify your identity by matching your request against the email address on file and respond within 45 days. We do not use authorized agents — please contact us directly.

16. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data-protection supervisory authority — in particular in the member state of your habitual residence, your place of work, or the place of the alleged infringement (Art. 77 GDPR). Depending on your location, the following authorities are relevant:

  • UK users — Information Commissioner's Office (ICO): ico.org.uk
  • German users visiting the English site — Federal Commissioner for Data Protection (BfDI): www.bfdi.bund.de
  • Canadian users — Office of the Privacy Commissioner of Canada: www.priv.gc.ca

17. Changes to this policy

We reserve the right to update this privacy policy so that it always reflects current legal requirements. The latest version is always available at this URL.

As of: 22 April 2026