Privacy Policy
Last updated: April 15, 2026
Data controller
FriendBooks GbR Represented by: Marco Hasselmann and Michael Kofler-Hofer Lindenstr. 33a 12555 Berlin Germany Email: info@herobooks.de
Cookies and tracking
This website does not use analytics, tracking, or marketing cookies. We do not use Vercel Analytics or Vercel Speed Insights. Technically necessary cookies may be set where required for the operation of the website.
Website provision and hosting
Our website and frontend are provided via Vercel Inc. (USA). Vercel hosts and technically delivers the web application. Backend, database, and file storage are operated on Amazon Web Services (AWS) in the eu-central-1 region (Frankfurt). In doing so, technically necessary data may be processed, in particular: • IP address • Date and time of access • Browser type and version • Operating system • Referrer URL • Pages and files accessed • Other technical connection data Processing serves the provision, stability, and security of the platform. Legal basis: Art. 6(1)(f) GDPR Our legitimate interest is the secure and functional provision of our online offering.
Service provider: Vercel
Our websites and the frontend of our platform are provided via Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. We use Vercel in particular for frontend hosting, server-side rendering, and middleware functions for the technical delivery of our website and platform. Under our current technical setup, user-uploaded images are not separately optimized or cached via a CDN on Vercel. In particular, technical connection data may be processed, such as IP address, date and time of retrieval, browser and device information, pages and files accessed, and other technically necessary log data. In the protected user interface, session and authentication information may also be processed via Vercel where this is necessary for delivering the application, access control, language handling, and account functions. What is not handled via Vercel includes direct backend communication with api.herobooks.de, file uploads to S3 storage, the actual authentication flows via Clerk, and payment flows via Stripe, in each case where these occur directly between the browser and the respective service. Processing serves the secure and functional provision of our website and platform and — where user accounts and protected areas are concerned — the performance of the contractual relationship. The legal basis is Art. 6(1)(f) GDPR and, where necessary for use of our service, Art. 6(1)(b) GDPR. We do not use Vercel Analytics or Vercel Speed Insights. Further information on any transfers to third countries can be found in the following section "Transfers to third countries".
Transfers to third countries
We regularly review the service providers we use and the legal requirements for any transfers to third countries. Where necessary, we implement additional contractual, technical, and organizational safeguards to ensure an adequate level of data protection. We may use service providers that process personal data in countries outside the European Union or the European Economic Area or that can access such data. Where data is transferred to third countries, this is done only in compliance with legal requirements, in particular on the basis of an adequacy decision or appropriate safeguards, such as Standard Contractual Clauses. Vercel When using Vercel, transfer of personal data to third countries cannot be fully ruled out. Although the Vercel Functions we use are configured for the fra1 region (Frankfurt am Main, Germany), Vercel operates a globally distributed CDN and edge infrastructure. In addition, personal data may be processed outside the EU or EEA or made accessible from there, in particular in the context of support, sub-processing, security measures, or technical failover. Where personal data is transferred to the United States, we rely on the European Commission’s adequacy decision for the EU-U.S. Data Privacy Framework, where the provider is certified accordingly. In addition or where required, transfers are based on Standard Contractual Clauses approved by the European Commission pursuant to Art. 46(2)(c) GDPR, as provided for in Vercel’s Data Processing Addendum.
Your rights
Under applicable law, data subjects have in particular the following rights: • Right of access to the personal data processed • Right to rectification of inaccurate data • Right to erasure • Right to restriction of processing • Right to data portability • Right to object to processing based on legitimate interests • Right to withdraw consent with effect for the future • Right to lodge a complaint with a supervisory authority If you believe that the processing of your personal data infringes data protection law, you may lodge a complaint with a supervisory authority. Competent supervisory authority: Berliner Beauftragte für Datenschutz und Informationsfreiheit Address: Alt-Moabit 59-61 10555 Berlin Phone: +49 30 13889-0 Email: mailbox@datenschutz-berlin.de Website: https://www.datenschutz-berlin.de/
Obligation to provide data
The provision of certain personal data is required for registration, use of the platform, collaboration in projects, or ordering photo books. Without this data, individual features may not be available or may not be fully available.
Status and changes to this privacy policy
We reserve the right to amend this privacy policy if required due to legal, technical, or organizational changes. The version published on our website at the time shall apply. As of: April 15, 2026