Privacy
Privacy Policy
Last updated: 27 June 2026
Controller
The controller is Thicle Sàrl-S, operator of Prodora.
- Registered office
- 3 Um Paerchen, L-8352 Dahlem, Luxembourg
- contact@prodora.eu
- Phone
- +352661844253
- RCS Luxembourg
- B265768
- VAT number
- LU33898674
Scope
This policy covers visits to https://prodora.eu, early access forms, sample passport request forms, founding brand applications, admin/customer communications, email confirmations and notifications, and future beta access where applicable.
Personal data collected
- name
- email address
- company name
- company website
- country
- product category
- number of SKUs
- ecommerce platform
- whether the company sells into the EU
- supplier document status
- product URL
- product-data notes submitted in forms
- IP address and technical logs where generated by hosting or security infrastructure
- email delivery metadata if Resend is used
Purposes and legal bases
| Purpose | Data used | Legal basis |
|---|---|---|
| Responding to early access, sample passport, and founding brand requests | Contact details, company details, form responses, product-data notes | Legitimate interests / pre-contractual steps |
| Operating and securing the website | Technical logs, IP address where generated by hosting or security infrastructure | Legitimate interests |
| Sending confirmation emails | Name, email address, submission type, email delivery metadata | Legitimate interests / pre-contractual steps |
| Evaluating interest in Prodora | Company profile, product category, SKU count, ecommerce platform, submitted notes | Legitimate interests |
| Managing admin records and lead statuses | Lead, request, application, and status records | Legitimate interests |
| Complying with legal obligations | Records required by applicable law | Legal obligation |
| Future paid services, if applicable | Customer details, service records, billing-related records | Contract / pre-contractual steps |
Recipients / processors
Processors are used only as needed to operate the service.
- Vercel — hosting and deployment
- Neon — database hosting, database region EU / Frankfurt
- Resend — transactional email sending
- domain registrar / DNS provider where relevant
- professional advisers or authorities where legally required
International transfers
Some providers may process data outside the European Economic Area depending on their infrastructure and configuration. Where required, appropriate safeguards such as EU Standard Contractual Clauses or equivalent mechanisms should apply.
Retention
- early access leads: up to 24 months after submission unless earlier deletion is requested
- sample passport requests: up to 24 months
- founding brand applications: up to 36 months or longer if a commercial relationship starts
- email logs: as long as needed for delivery, security, and troubleshooting
- legal/accounting records: as required by applicable law
- deletion requests: handled unless retention is required for legal, security, or legitimate business reasons
Data subject rights
Requests can be sent to contact@prodora.eu.
- access
- rectification
- erasure
- restriction
- objection
- portability where applicable
- withdrawal of consent where processing is based on consent
- complaint with the CNPD
CNPD complaint right
Individuals may lodge a complaint with the Commission nationale pour la protection des données (CNPD) in Luxembourg.
No consumer DPP personal data
Prodora does not currently create consumer accounts and does not currently store consumer personal data inside Digital Product Passport records.
Cookies and analytics
Prodora does not currently use non-essential analytics or advertising cookies. Technical cookies or similar technologies may be used only where necessary for security, admin sessions, and operation of the website.
Automated decision-making
Prodora may calculate an internal lead score from form responses to help prioritise follow-up. This does not produce legal or similarly significant effects for individuals.
Updates
This policy may be updated as the product evolves.