Privacy Policy

1. Controller
The controller responsible for data processing on this website is:
Shiro Protocol
Owner: Timo Klemm
Karlstraße 20
72119 Ammerbuch
Germany
Email: contact@shiroprotocol.com

‍2. General Information on Data Processing
We take the protection of your personal data very seriously. Your data is processed exclusively based on the applicable legal regulations (GDPR, BDSG, TMG).
This privacy policy explains what personal data we collect, store, and process on our website – especially when using our analysis service (facial analysis based on uploaded images).
‍
3. Collection and Processing of Personal Data
We process personal data when you voluntarily provide it to us, for example through:
• Ordering via the online shop
• Uploading images for analysis
• Contacting us by emailTypes of data processed may include:
• Name (if provided)
• Email address
• Uploaded images with facial features
• Payment information (only via payment providers)
• Usage data (e.g., access data, IP address)4. Purpose of ProcessingYour data is processed for the following purposes:
• To provide our service (facial analysis + evaluation)
• To communicate with you
• To handle orders and payments
• To secure and optimize our technical offering5. Legal Basis for ProcessingLegal bases according to Art. 6 GDPR:
• Art. 6 (1) (b) GDPR – for contract fulfillment
• Art. 6 (1) (a) GDPR – with your consent (e.g., for image uploads)
• Art. 6 (1) (f) GDPR – for legitimate interests (e.g., IT security)
‍
6. Data Disclosure
Your data will not be shared with third parties, except:
• For payment processing (e.g., PayPal, Stripe)
• Where legally required (e.g., to authorities)
Data will not be transferred to third countries without your explicit consent, unless technically necessary and protected by appropriate safeguards.
‍
7. Image Uploads & Facial Data
Images uploaded by you are used solely for analysis and treated confidentially.
Facial recognition is performed using algorithmic models, not for biometric identification, but for aesthetic assessment.
Images are deleted after the analysis is complete, unless legal retention obligations exist.
‍
8. Data Retention
We store personal data only as long as necessary for the respective purpose or as required by legal retention periods.9. Your Rights as a Data SubjectUnder the GDPR, you have the following rights:
• Access to your stored data (Art. 15 GDPR)
• Correction of inaccurate data (Art. 16 GDPR)
• Deletion of your data (“right to be forgotten”, Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection to processing (Art. 21 GDPR)
• Withdrawal of consent with future effect (Art. 7 (3) GDPR)
Please send requests to:
Email: contact@shiroprotocol.com
‍You also have the right to lodge a complaint with the relevant supervisory authority.
‍
10. Hosting & Access Data
The web server automatically collects information such as IP address, browser type, and access time. This data is used to ensure site functionality and IT security. No personal analysis is performed.
‍
11. Cookies
Our website does not use cookies for tracking or profiling users. If technical cookies (e.g., for language settings) are used, they are based on Art. 6 (1) (f) GDPR.
‍
12. Changes to this Privacy Policy
We reserve the right to modify this privacy policy to comply with legal requirements or to reflect changes in our services.Effective date: May 2025