Feedshop.

Legal

Privacy policy.

Last updated: 16 July 2026

Feedshop is operated by {{COMPANY_LEGAL_NAME}}, {{COMPANY_ADDRESS}} ("we", "us"). We are the data controller for the personal data described on this page. You can reach us at {{COMPANY_EMAIL}}.

The short version: the public feed sets no cookies, runs no third-party analytics or advertising scripts, and never follows you across the web. When you tap a product link we record that single click — with a hashed IP address, never the raw one — because attributing sales to creators is what the platform does. Signed-in accounts use one strictly necessary session cookie.

Browsing the feed

You can browse Feedshop without an account. The public feed sets no cookies and loads no third-party analytics or advertising scripts. Like almost every web service, our servers keep short-lived technical request logs to operate and secure the platform.

When you tap a product link

Tapping a product marker routes you through our click-tracking service before sending you on to the store. We record which marker and post the click belongs to, the time, the address of the page you came from, your browser's user-agent string, and — instead of your IP address — a salted one-way hash of it. The raw IP address is never stored.

This click record contains no cookie and no cross-site identifier; we cannot use it to follow you around the web, and we do not try to. We process it on the basis of our legitimate interest (Art. 6(1)(f) GDPR): recording clicks is how sales are attributed and creators get paid. You can object to this processing at any time via {{COMPANY_EMAIL}}.

The store you land in, and the affiliate network that connects us to it, process your visit and any purchase under their own privacy policies. The click reference we pass along identifies the click, not you.

Cookies

The public feed uses no cookies at all — which is why you see no cookie banner. The signed-in areas (creator studio, partner portal, administration) set a single session cookie that is strictly necessary to keep you logged in. We set no analytics, advertising or other non-essential cookies anywhere.

Creator accounts

If you create a creator account we process: your email address, name, username and password (stored only as a cryptographic hash); your optional profile (bio, profile photo); the posts and product links you publish; and the click and commission statistics attributed to your content. Legal basis: performing our contract with you (Art. 6(1)(b) GDPR).

To pay you, we process the payout details you choose to enter (account holder name and IBAN) and the payout records we generate. Legal basis: the contract, and our legal bookkeeping obligations (Art. 6(1)(c) GDPR).

We send transactional emails, for example when a commission is recorded or a payout is created. You can turn notification emails off in your settings.

Merchant partners

If you manage a merchant account in our partner portal we process your account details (as for creators) and the conversion data your systems report to us: order IDs, amounts, and the click reference of the originating click. Legal basis: performing our contract with the merchant.

Service providers

We do not sell personal data. Beyond the affiliate networks and stores involved in a purchase, data is shared only with the processors that run Feedshop:

  • Cloudflare — hosting and delivery of uploaded images.
  • Resend — sending transactional email.
  • Strackr — affiliate-network aggregation. Strackr receives click references for attribution, never your name or contact details.
  • Our hosting provider — runs the servers and the database.

Retention and deletion

You can delete your account at any time. Deletion removes your posts, markers, sessions and credentials immediately. Commission and payout records are financial records: we retain them for as long as applicable bookkeeping law requires, detached from the deleted account and reduced to the snapshots accounting needs.

Click records are retained because they are the platform's commission-attribution records and are used to detect click fraud.

Your rights

Under the GDPR you can request access to, rectification or erasure of your personal data, restriction of processing and data portability, and you can object to processing based on legitimate interest. Write to {{COMPANY_EMAIL}} — we answer within 30 days.

You also have the right to lodge a complaint with your local data protection supervisory authority.

Changes to this policy

We will update this page as the platform evolves and note the date of the last change at the top. Material changes will be announced to account holders by email.