Ravenrider
RAVENRIDER / DATA

Version 16 July 2026

Privacy, without camouflage.

What the purchase-offer and authenticity services process, why it is needed, and which controls you have.

Controller

Production gate: legal entity, service address and privacy contact are not configured.

Order-offer data

We process your legal name, email, Instagram username, delivery country, presentation, size, colour, number, written answer, language, legal-text versions and submission time. These data are required to process your requested purchase offer, prevent duplicate editions and communicate receipt or acceptance.

Purpose and legal basis

Offer and contract processing rely on Article 6(1)(b) GDPR. Service security, rate limiting and anti-counterfeit checks rely on legitimate interests under Article 6(1)(f). Optional marketing would require a separate choice and is not bundled into the order.

Authenticity

Verification compares owner data and a hidden physical key against an active garment record. Public results never disclose the owner’s identity. Verification time and scan counts may be recorded to detect abuse or revoked garments.

Retention

Commercial records are retained only for the periods required to administer offers, contracts, tax and legal claims. Rejected or expired test records are deleted on the configured schedule. Rate-limit counters expire automatically.

Processors

When configured, service providers may include the database host, Resend for transactional email, Upstash for rate limiting and Plausible for aggregate cookieless analytics. Required processing agreements and transfer safeguards must be completed before production activation.

Your rights

Subject to applicable law, you may request access, correction, deletion, restriction or portability, object to processing, and complain to a competent data-protection authority.

Cookies and security

The public order pages do not require advertising cookies or customer accounts. Sound preference and playback continuity are stored locally in your browser. Administrative sessions are private. Encryption, role controls and rate limits reduce risk, but no internet service can promise absolute security.