Privacy Policy

1. Overview and Responsibility

Protecting your personal data is important to us. We process your data solely on the basis of the statutory provisions (GDPR, BDSG, TDDDG). In this privacy policy we inform you about the nature, scope, and purpose of the processing of personal data on this website.

The controller within the meaning of the GDPR is:

Leonie Roesmann & Amelie Roesmann
Gasselstiege 30l, 48159 Münster
Germany
Email: info@systrastudios.de
Phone: +49 151 11098288

2. Your Rights as a Data Subject

With regard to the data we process about you, you have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to withdraw a given consent (Art. 7 (3) GDPR)

To exercise your rights, an informal message to the controller named above is sufficient. A withdrawal or objection does not affect the lawfulness of the processing carried out up to that point.

3. Right to Lodge a Complaint with the Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data. The authority responsible for us is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestraße 2 bis 4, 40213 Düsseldorf
www.ldi.nrw.de

4. Access Data and Server Log Files

This website is hosted by an external service provider. When you access the pages, the host automatically collects information that your browser transmits and stores it in so-called server log files. This includes your IP address, the date and time of access, the page accessed, the amount of data transferred, the browser type, and the operating system.

This processing is necessary for the secure and stable provision of the website. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest). For security reasons the log files are stored for a limited time and then deleted. A data processing agreement pursuant to Art. 28 GDPR is in place with the host.

5. SSL and TLS Encryption

For security reasons this website uses SSL or TLS encryption. You can recognize an encrypted connection by the browser's address bar and the padlock symbol. This means that the data you transmit to us cannot be read by third parties.

6. Cookies, Local Storage, and Analytics

For the operation of the website and your login, we use technically necessary cookies as well as your browser's local storage, for example for your session, favorites, or your cookie choice. This data is necessary for the website to function (Art. 6 (1) (f) GDPR, § 25 (2) TDDDG), generally does not leave your device, and can be deleted at any time via your browser settings.

For analytics we use Plausible Analytics, a privacy-friendly web analytics service. Plausible works entirely without cookies, does not create cross-device profiles, and does not store any personal data. Only anonymous, aggregated metrics are recorded (such as page views, referrer, approximate country code, and device type). It is therefore not possible to identify individual persons.

The analytics script is only loaded if you have consented via “Accept all” in the cookie banner. The legal basis is your consent pursuant to Art. 6 (1) (a) GDPR and § 25 (1) TDDDG. You can withdraw your consent at any time with effect for the future by clicking “Cookie settings” in the footer and selecting “Only necessary”. If you choose “Only necessary”, no analytics take place.

7. Contacting Us

If you contact us by email or phone, we process your details to handle the request and in case of follow-up questions. The legal basis is Art. 6 (1) (b) GDPR insofar as your request is related to a contract, otherwise Art. 6 (1) (f) GDPR (legitimate interest in responding). We delete the data as soon as it is no longer required and no statutory retention obligations prevent deletion.

8. Newsletter Sign-Up

If you sign up for our newsletter, we store your email address and the time of sign-up in order to inform you about new components and content. The legal basis is your consent pursuant to Art. 6 (1) (a) GDPR.

You can withdraw your consent at any time with effect for the future, for example by sending us a short message. Storage takes place with our service provider Supabase (see the section on account and login), with whom a data processing agreement is in place. Before we actually send any newsletters, we use a double opt-in procedure and confirm your sign-up separately.

9. Submitting a Component

Through the component submission form you can send us proposals and contact details. We process the data provided there solely to review and handle your submission. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in the further development of the library), and Art. 6 (1) (b) GDPR for contract-related requests.

10. Account and Login (Supabase)

For login and the management of your account, we use Supabase. This stores your email address, login data, and profile information (such as your premium status). The legal basis is Art. 6 (1) (b) GDPR (performance of a contract). A data processing agreement is in place with Supabase. The data is deleted when you delete your account.

11. Payment Processing (Lemon Squeezy)

Premium access is processed via the payment service provider Lemon Squeezy. When you make a purchase, Lemon Squeezy processes the data required for payment (name, email address, payment information) as an independent controller. We receive a customer reference and the subscription status from Lemon Squeezy. The legal basis is Art. 6 (1) (b) GDPR.

12. Style Extractor

With the Style Extractor you can analyze publicly accessible websites. For this, we process the address you enter and store the result of the analysis. Personal data is not required for this. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in providing the feature).

To provide this feature we use specialized service providers: the website you enter is retrieved via a scraping service (Firecrawl), and an AI service prepares the result (colors, typography, design notes). Only the public address you enter and the retrieved page content are transmitted, no personal data from your account. The required data processing agreements are in place with these providers.

13. Fonts (Google Fonts)

This website loads fonts from Google Fonts. In doing so, your IP address is transmitted to Google's servers, possibly also to third countries such as the USA. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in a consistent presentation of the content). You can find more information in Google's privacy policy.

14. Storage Period

We store personal data only for as long as is necessary for the respective purposes or as required by statutory retention periods. If the purpose no longer applies and there are no retention obligations, the data is deleted or anonymized.

15. Changes to This Privacy Policy

We adjust this privacy policy whenever changes to our services or the legal situation make it necessary. The version published on this page applies. As of: July 2026.