Legal

Privacy Policy

Effective & last updated: 21 May 2026

1. Who controls your data

The data controller is Dimitrios Daskaleas, sole proprietor, trading as Deimos Comics. Sole contact for any data-related question or request: info@deimoscomics.gr.

2. What we collect

We collect only what we need to deliver the service:

  • Account data: your email address (required for sign-in), and the name / profile image returned by Google or Facebook if you sign in with OAuth.
  • Authentication state: a session token cookie that identifies you while signed in.
  • Purchase records: what you bought, when, the amount paid, and the Stripe session identifier. We do not store your card number, expiry, or CVC — those go directly to Stripe.
  • Web server logs: IP address, browser user-agent, requested URL, and timestamp, retained briefly for security and abuse prevention.
  • Contact messages and calendar submissions: anything you send to info@deimoscomics.gr or via the contact form on the Site.

We do not run third-party analytics, advertising trackers, or social-media beacons. There is no cookie banner because the only cookie we set is the necessary authentication session cookie.

3. Why we collect it (lawful basis)

  • To provide the Site (the contract you enter when signing up or buying).
  • To process payments (necessary for performance of the sales contract).
  • To send transactional emails (sign-in magic links, purchase confirmations) — contractual necessity.
  • To prevent fraud, abuse, and security incidents (legitimate interest).
  • To respond to your contact messages (legitimate interest).

We do not sell, rent, or trade your personal data. We do not use your data for advertising.

4. Who we share data with

We share the minimum data necessary with the following processors. Each has its own privacy and security commitments under contract with us:

  • Stripe — payment processing. Stripe receives your name and the email used at checkout; Stripe also receives your card data directly (we never see it).
  • Resend — transactional email delivery (magic links, contact-form forwarding). Receives recipient address and the email body.
  • Cloudflare — DNS, email routing, and connection-level edge services. Receives request metadata such as IP and host.
  • DigitalOcean — server hosting. Receives request metadata at the network layer.
  • Google & Facebook — only if you choose to sign in via those providers; they handle the OAuth flow and confirm your email to us.

5. How long we keep it

  • Account & purchase records: for as long as your account exists and for a reasonable period afterwards (typically up to 10 years for tax/accounting purposes under Greek law).
  • Server logs: approximately 30 days, then rotated and discarded.
  • Contact messages: retained as long as needed to address the matter, then archived or deleted.

6. Your rights

Under the EU General Data Protection Regulation you have the right to:

  • Request a copy of the personal data we hold about you;
  • Have inaccurate data corrected;
  • Have your data deleted (right to be forgotten), subject to legal retention obligations;
  • Restrict or object to certain processing;
  • Export your data in a portable format;
  • Withdraw consent at any time where processing is based on consent;
  • Lodge a complaint with the Hellenic Data Protection Authority (dpa.gr) or your local supervisory authority.

To exercise any of these rights, email info@deimoscomics.gr. We will respond within 30 days.

7. Security

The Site is served exclusively over HTTPS. Payment data is handled by Stripe and never touches our servers. Database access is restricted to least-privilege application roles. We do not claim absolute security; no online service can. If a breach affects your data, we will notify you and the competent authority as required by law.

8. Children

The Site is intended only for adults aged 18 or older. We do not knowingly collect data from anyone under 18. If you believe a minor has provided us data, contact us and we will delete it.

9. Calendar submissions

If you submit photographs or other material to the Deimos Girls calendar, your submission and any personal data accompanying it (e.g. your chosen credit name, your email) are processed for the purposes described in the Terms of Service §7. By submitting, you confirm you have read both these documents and grant the rights described there.

10. International transfers

Some of our processors (Stripe, Resend, Cloudflare, DigitalOcean) may process data outside the European Economic Area. Where this happens, the transfer is covered by Standard Contractual Clauses or another EU-recognised safeguard.

11. Changes to this Policy

Material changes will be announced on the Site with an updated effective date. Significant changes affecting how we use your data will be notified by email where possible.

12. Contact

All data-protection inquiries: info@deimoscomics.gr. This is the only official channel.

Terms of Service →