A better experience starts with cookies

Not the chocolate chip kind, sadly. Just digital ones to make your browsing smooth and calorie-free.

Cookie Preferences

Customize your experience.

Essential Active
Analytics

Privacy Policy

How we collect, use, and protect your personal data in compliance with GDPR and applicable privacy laws.

Browse Products
Controller (current)
Rares Muresan (individual)

Operating under the trade name "Felyra".

Legal Bases
GDPR Art. 6 (b), (c), (f), (a)

Contract • Legal obligation • Legitimate interests • Consent

Infrastructure
VPS in Germany (EU)

Secure hosting in Nuremberg, Germany.

1. Scope and Who We Are

This Privacy Policy explains how Felyra ("we", "us", "our") processes personal data when you visit felyra.studio, create an account, purchase and download digital products, or use our tools (for example, QR Generator, File Converter, Color Palettes, UI Snippets).

The Site is currently operated by Rares Muresan as an individual, under the trade name "Felyra". In the future, operation may be transferred to a dedicated company (for example, FELYRA STUDIO S.R.L.). When that happens, this Policy will be updated with the full company details (registration number, VAT ID, etc.).

This Policy should be read together with our Terms of Service, Cookie Policy, and Legal Notice.

2. Data We Collect

We collect and process the following categories of data:

  • Account data: email address (required), username or display name, password stored using secure hashing (hashed and salted, never in plain text), optional profile information such as avatar/profile image and optional date of birth (if you choose to provide it).
  • Order and subscription data: purchased products, Felyra Pro plan type (monthly/annual), subscription status, renewal dates, timestamps, prices (in EUR), currency, and basic invoice details required by applicable tax law.
  • Payment display data (UI only): for card and wallet payments handled via Stripe, we store: payment method (for example, Apple Pay, Google Pay, Card), card brand (for example, Visa, Mastercard), and the last 4 digits of your card number (for example, "•••• 1234"), so that we can show this information in your account, order history, and receipts. We do not store full card numbers or CVC/CVV codes on our servers.
  • Downloads & entitlements: information about the digital products you have access to, download tokens bound to your account/session, download timestamps, basic logs (e.g., IP, user agent) used for security, rate-limiting, and license enforcement.
  • Technical & security data: IP address, device and browser information, session IDs, CSRF tokens, request logs, error logs, and security events (for example, repeated failed logins or suspicious download activity) used for fraud prevention and to keep the service secure.
  • Tools usage: for most tools, processing happens directly in your browser. We do not upload your input files or content to our server unless clearly necessary for the feature and indicated in the tool description (for example, server-side file conversion).
  • Support & communication data: messages you send us (e.g., support tickets, bug reports, feedback), and technical metadata about email delivery (e.g., whether an email bounced or was delivered).
  • Analytics data: we may use privacy-friendly analytics (for example, Google Analytics) to collect aggregated usage data such as page views, referrers, and basic device information. This is used to understand how the Site is used and to improve performance and UX.
  • Newsletter data (optional): if you subscribe to our newsletter or marketing emails, we store your email address, subscription status, and basic statistics (for example, whether an email was opened) to understand engagement and deliver relevant updates.

Sources: most data is provided directly by you (for example, when you create an account, place an order, or contact us). Some technical and payment-related data is provided by your browser, by our hosting provider, or by our payment processor (Stripe).

3. Legal Bases for Processing (GDPR)

Where the GDPR applies, we rely on the following legal bases for processing your personal data:

  • Contract (Art. 6(1)(b) GDPR): to create and manage your account, process your orders and subscriptions, enable downloads, and provide customer support.
  • Legal obligation (Art. 6(1)(c) GDPR): to comply with legal requirements, for example tax and accounting laws that require us to keep invoice and transaction records.
  • Legitimate interests (Art. 6(1)(f) GDPR): to secure the Site, prevent fraud and abuse, enforce licenses, improve our services, and keep reasonable logs. We carefully balance these interests against your rights and freedoms.
  • Consent (Art. 6(1)(a) GDPR): for certain activities such as marketing emails (newsletter) and optional non-essential cookies/analytics. You can withdraw your consent at any time.

4. How We Use Your Data

We use your personal data to:

  • Provide and operate the Site, your account, purchases, subscriptions, and downloads.
  • Display non-sensitive payment details (method, card brand, last 4 digits) in your order history and on receipts, for your reference.
  • Send essential transactional communications (for example, order confirmations, download links, password reset emails).
  • Provide customer support and answer your questions.
  • Protect the service against fraud, abuse, and unauthorized access (for example, download rate-limiting and IP-based security checks).
  • Maintain server logs and error logs to diagnose technical issues and improve stability.
  • Perform aggregated analytics to improve content, UX, and performance.
  • Send you newsletters or marketing emails if you have opted in (you can unsubscribe at any time).

5. Payments, Cards, and Stripe

Payments on Felyra are processed by Stripe (a third-party payment processor).

  • Payment details (such as full card number and CVC) are sent directly to Stripe via secure, encrypted connections.
  • We never store your full card number, CVC, or Stripe’s internal tokens for charging on our own database.
  • We store only: payment method (for example, Apple Pay, Google Pay, card), card brand (for example, Visa, Mastercard), and last 4 digits of your card number. This information is used purely for UI and receipts (so you can see which card or method you used).
  • Stripe may independently process your data as a separate controller. Please review Stripe’s own Privacy Policy for more details.

6. Cookies and Similar Technologies

We use cookies and similar technologies (such as localStorage) as described in our Cookie Policy.

  • Essential cookies: for authentication, sessions, cart, checkouts, CSRF protection, and download security.
  • Preference cookies: for remembering UI settings such as theme (dark/light) and your cookie choices.
  • Analytics cookies (optional): for aggregated usage statistics, used only with your consent where required.

We store a minimal record of your cookie/consent choices (for example, in localStorage) so we do not show the banner repeatedly.

7. Downloads, Licenses, and Rate-Limiting

For digital products and tools, downloads are tied to your account and licensed usage:

  • Download links use secure tokens that are associated with your account and/or session.
  • We apply download rate-limits (for example, a maximum number of downloads per minute) to prevent abuse.
  • We log token usage (e.g., timestamp, IP, user agent) to detect suspicious activity and enforce license terms.

8. Data Sharing and Processors

We do not sell your personal data. We only share it with trusted service providers when necessary to operate Felyra, under appropriate data protection agreements:

  • Hosting and infrastructure: our VPS is hosted in a data center located in Germany (Nuremberg) within the EU.
  • Email delivery: SMTP services (for example, via Hostinger) to send transactional emails such as confirmations and password resets.
  • Payments: Stripe to process card and wallet payments and to provide non-sensitive card details (brand + last-4) for display.
  • Analytics: tools such as Google Analytics to measure aggregated usage and improve our service (if enabled and where permitted by your consent).

We may also disclose data if required by law, court order, or to protect our rights, users, or the security of the service.

9. International Data Transfers

Our main hosting is located in the European Union. Some of our service providers (such as Stripe or analytics providers) may process data outside the EEA/UK. In such cases, they are required to implement appropriate safeguards, such as Standard Contractual Clauses (SCCs) or equivalent mechanisms, in line with applicable data protection laws.

10. Data Retention

We keep personal data only for as long as necessary for the purposes described in this Policy, or as required by law:

Accounts
For as long as your account is active and up to a reasonable period afterwards (for example, up to 2 years) for security and record purposes, unless you request deletion and no legal obligation requires us to keep certain data.
Orders & Invoices
As required by tax and accounting law (often up to 10 years from the end of the financial year).
Security Logs
Typically 6–12 months, unless needed longer in specific cases (for example active investigation of abuse).
Newsletter Data
While you remain subscribed, plus a limited period (for example, up to 2 years) to maintain proof of consent and manage opt-outs.

After the relevant retention period, we may anonymize or securely delete your data.

11. Security Measures

We take reasonable technical and organizational measures to protect your data, including:

  • HTTPS encryption across the Site.
  • Secure password hashing and salting (no plain-text passwords).
  • CSRF protection, session hardening, and rate-limiting.
  • Input validation and server-side checks for critical actions.
  • Audit and logs for important flows (orders, downloads, account changes).

No online service can be 100% secure, but we continuously work to improve our security posture.

12. Your Rights (GDPR)

If the GDPR applies to you, you have the following rights regarding your personal data:

  • Right of access: to know whether we process your data and to receive a copy.
  • Right to rectification: to correct inaccurate or incomplete data.
  • Right to erasure: to request deletion of your data in certain circumstances.
  • Right to restriction: to request we limit processing in specific cases.
  • Right to object: to object to certain processing based on legitimate interests or to direct marketing.
  • Right to data portability: to receive data you provided to us in a structured, commonly used, and machine-readable format.
  • Right to withdraw consent: where processing is based on consent (e.g., newsletter), you can withdraw it at any time.

13. How to Exercise Your Rights

To exercise your rights or ask questions about this Policy, contact us at: support@felyra.studio.

We may ask you for additional information to verify your identity before acting on your request. We aim to respond within one month, or within any longer period allowed by law for complex or multiple requests.

14. Children and Minors

Felyra is intended for adults and for individuals who are at least the minimum age required by law in their country to enter into online contracts (typically 16 years in the EU). We do not knowingly collect personal data from children below this age.

If you believe we have collected data from a child, please contact us so that we can delete it.

15. Automated Decision-Making

We do not use automated decision-making that produces legal or similarly significant effects on you, and we do not engage in profiling for behavioral advertising.

16. Data Breaches

In the unlikely event of a personal data breach, we will assess the impact and, where required by law, notify the relevant supervisory authority and affected users.

17. Marketing vs. Transactional Emails

Transactional emails (for example, account-related messages, order confirmations, download links, password resets) are necessary to provide the service and are not considered marketing.

Marketing emails / newsletters are sent only if you have explicitly opted in. Every marketing email includes an unsubscribe link, and you can opt out at any time.

18. Supervisory Authority

If you are in the European Economic Area, you have the right to lodge a complaint with your local data protection authority. In Romania, this is:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP).
You may also contact the data protection authority in your country of residence.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or technical developments. When we make material changes, we will update the "Last updated" date below and, where appropriate, notify you by email or via a notice on the Site.

20. Contact and Controller Details

Current controller:
Rares Muresan (individual)
Operating as: Felyra
Address: Str. Soporului 8D, Bloc B1, Scara 3, Etaj 0, Ap. 148, Cluj-Napoca, Romania
Email: support@felyra.studio

Once a dedicated company (for example, FELYRA STUDIO S.R.L.) becomes the controller, this section will be updated with the full company details (registration number, VAT ID, and any other legally required information).

Notes

  • Payments are processed via Stripe; Felyra does not store full card numbers or CVV/CVC codes.
  • An account is required to purchase and download digital products.
  • For details on digital products, refunds, and subscriptions, please see our Terms of Service.

Last updated: January 19, 2026