Privacy Policy
Informational translation. In case of conflict, the German version prevails.
1. Controller
The controller for data processing on this website is:
ASIKA Pure Beauty UG (limited liability, in formation)
Weiterstädter Str. 15
64572 Büttelborn
Germany
Represented by: Tosin Davidson
Email: hello@asikabeauty.com
2. General information
We only process personal data insofar as this is required to provide our website, to handle inquiries, and to run our early-access / waitlist communication. Personal data is any information relating to an identified or identifiable natural person.
3. Hosting and server log files
Our website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut CA 91789, USA, delivered from the EU region Frankfurt (fra1). A Data Processing Addendum is in place; international transfers to the USA are covered by Standard Contractual Clauses.
When our website is accessed, server log data such as IP address, date and time of access, URL, referrer, browser type, operating system, and hostname may be processed for technical reasons. Legal basis: Art. 6(1)(f) GDPR. Retention: per Vercel DPA.
4. Contact by email
When you contact us by email, we process the data you submit in order to handle your inquiry (email address, name if provided, message content, and any further information you provide voluntarily). Legal basis: Art. 6(1)(b) or 6(1)(f) GDPR.
5. Early access / waitlist / email communication
5.1 What data we process
When you sign up via the form, we process: first name, email address. In the context of double-opt-in and consent evidence we additionally process time of sign-up, time of confirmation, an irreversible SHA-256 hash of your IP address at sign-up, an irreversible SHA-256 hash of your IP address at confirmation (the raw IP address is not stored), the user-agent string at sign-up, the wording of the consent you gave, and the status of your sign-up.
5.2 Purposes
We process your data to send you ASIKA emails: early access, selected insights, launch updates, offers, and launch benefits.
5.3 Legal basis
Processing is based on your consent (Art. 6(1)(a) in conjunction with Art. 7 GDPR). Sign-up uses the double-opt-in method: after sign-up you receive a confirmation email; only after you confirm is your address added to our early-access list.
5.4 Proof of consent
We store sign-up and confirmation in order to prove consent (Art. 6(1)(c) and 6(1)(f) GDPR).
5.5 Retention
Unconfirmed sign-ups are deleted after 30 days. Confirmed sign-ups are retained until you withdraw consent or the data is no longer needed. After withdrawal / unsubscribe, your address and the evidence data can be kept in a block list for up to three years after the end of the year of withdrawal to document the withdrawal and defend against claims.
5.6 No newsletter tracking
We do not currently track open rates, click rates, or user behavior in our emails. No tracking pixels or comparable technologies are used.
5.7 Withdrawal
You can withdraw your consent at any time with future effect — via the unsubscribe link in every email or by emailing hello@asikabeauty.com.
6. Use of email and waitlist providers
- Supabase (Supabase, Inc., Singapore) — stores sign-up and confirmation data in a PostgreSQL database in the EU region Frankfurt (eu-central-1).
- Resend (Resend, Inc., San Francisco, USA) — sends confirmation and newsletter emails. International transfer covered by SCCs.
- Upstash (Upstash, Inc., 530 Showers Drive, Mountain View, CA 94040, USA) — short-lived IP-based rate limiting on the sign-up form. Only ephemeral counters are stored. International transfer to the USA covered by SCCs.
Additionally, a short-lived hash of your IP address (up to two hours) is stored in our Supabase database to limit excessive sign-up attempts from the same IP per hour. Legal basis: Art. 6(1)(f) GDPR.
6a. Web analytics via Google Analytics 4
Only with your explicit consent do we use Google Analytics 4 (GA4) on this website, a web analytics service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google may also process the data in the USA via Google LLC.
GA4 sets cookies (notably _ga and _ga_G0HTZ4KFJN) and collects pseudonymous usage data — for example pages visited, time on page, referring source and device type. Your IP address is truncated by Google before storage (anonymize_ip). As long as you have not consented, gtag.js is not loaded and no data is transmitted to Google.
- Legal basis: consent under Art. 6(1)(a) GDPR and § 25(1) TDDDG.
- Retention in GA4: up to 14 months.
- Recipients: Google Ireland Ltd. (Ireland), Google LLC (USA).
- International transfer: to the USA, secured via Standard Contractual Clauses and Google's EU-US Data Privacy Framework certification.
- Withdrawal: anytime via the "Cookie settings" button in the footer or via the browser add-on tools.google.com/dlpage/gaoptout. Withdrawing immediately deletes the Google Analytics cookies.
7. Recipients
Your data is only shared as needed to fulfil the stated purposes: hosting provider (Vercel), email provider (Resend), waitlist database (Supabase), web analytics (Google Analytics 4 — only with consent), and other processors as required.
8. International transfers
Some providers are based outside the EU. Where personal data is transferred to a third country, this is based on Standard Contractual Clauses (Art. 46(2)(c) GDPR).
- Vercel (USA) — hosting; SCCs in place.
- Resend (USA) — email delivery; SCCs in place.
- Upstash (USA) — short-lived rate limiting on the sign-up form; SCCs in place.
- Supabase — data stored in the EU region Frankfurt; no international transfer in normal operation.
- Google Analytics 4 (USA) — analytics, only with consent; see § 6a.
9. Cookies and similar technologies
Other than the Google Analytics 4 described in § 6a (only with your consent) we do not use analytics, marketing, or other non-essential tracking. We store your last chosen language and your cookie preference (accepted/declined) in your browser's localStorage for functional purposes only (§ 25 (2) No. 2 TDDDG).
10. Obligation to provide data
Providing your data is not legally or contractually required. For the early-access sign-up, however, the fields marked as required must be provided — otherwise we cannot process your sign-up.
11. Automated decision-making / profiling
No automated decision-making or profiling under Art. 22 GDPR.
12. Your rights
Under GDPR you have the rights of access, rectification, erasure, restriction, data portability, objection, withdrawal of consent with future effect, and lodging a complaint with a supervisory authority. To exercise your rights contact us at hello@asikabeauty.com.
13. Right to complain
The supervisory authority responsible for us is the Hessian Commissioner for Data Protection and Freedom of Information (Wilhelmstraße 7, 65185 Wiesbaden, Germany, poststelle@datenschutz.hessen.de).
14. Data protection officer
Currently, no data protection officer is appointed.
15. Status
As of 6 May 2026. We reserve the right to update this Privacy Policy if the website, providers used, or legal requirements change.