You agree to the privacy policy below, and the Privacy Policy for Substack, the technology provider.
Privacy Policy (GDPR)
Data Controller
Project Compound
Abbashan Karasahin
Bekkamp 28
22045 Hamburg – Germany
contact@projcompound.com
Data Processors
Substack, Inc. – Hosting, account management, newsletter delivery
Stripe, Inc. – Payment processing
Both act as data processors under the EU GDPR and handle personal data according to their own privacy policies:
Types of Data Collected
Identification Data: Name and email address (for subscriptions / newsletter delivery)
Payment Data: Processed securely by Stripe — not stored by Project Compound
Usage Data: IP address, device information, and interaction analytics (via Substack)
Communication Data: Comments or messages submitted via Substack or email
Purpose & Legal Basis
Your data is processed only to deliver and manage subscriptions, handle payments, maintain the technical operation of the publication, and respond to voluntary communication from you.
The legal basis for this processing is your consent (Art. 6 (1)(a) GDPR), the necessity to fulfil a subscription contract (Art. 6 (1)(b) GDPR), and the legitimate interest in the secure and proper operation of the service (Art. 6 (1)(f) GDPR).
You can withdraw your consent at any time with future effect by unsubscribing directly through Substack.
Data Retention
All account, subscription, and payment data are stored and managed by Substack, Inc. and Stripe, Inc. according to their own retention and deletion policies.
Project Compound does not independently store or manage personal data beyond what is visible in the Substack publisher interface (e.g., subscriber emails or comments).
If you unsubscribe or delete your Substack account, your data will be deleted or anonymized by Substack in line with their privacy policy.
For details:
Requests for deletion of content submitted directly on Project Compound can be sent to contact@projcompound.com
International Transfers
Substack and Stripe are U.S.-based. Your data may therefore be transferred outside the EEA.
Both implement Standard Contractual Clauses (SCCs) and other GDPR-compliant safeguards to ensure adequate protection.
Your Rights under the GDPR
Under the EU General Data Protection Regulation, you have certain rights regarding your personal data.
Since Project Compound is hosted and technically operated by Substack, Inc., any account, email, or payment data is primarily managed by Substack (and Stripe for payments).
You may exercise these rights directly through Substack and Stripe:
Substack, Inc. – https://substack.com/privacy
Stripe, Inc. – https://stripe.com/privacy
These providers enable you to:
Access your data (Art. 15 GDPR)
Rectify inaccurate data (Art. 16 GDPR)
Request erasure (Art. 17 GDPR)
Restrict or object to processing (Art. 18 & 21 GDPR)
Request data portability (Art. 20 GDPR)
Withdraw consent at any time (Art. 7 (3) GDPR)
If you want to remove content posted directly on Project Compound, contact ().
For complaints about data processing by Substack or Stripe, contact your local data protection authority.
Cookies and Tracking
Substack may use cookies or similar technologies to operate core site functions (login, analytics).
Project Compound does not use additional third-party tracking beyond Substack.
You can block or delete cookies in your browser settings at any time.
Security
Substack and Stripe implement appropriate technical and organizational measures to protect data from unauthorized access or loss.
However, data transmission over the internet can never be 100 % secure and is at your own risk.
Policy Updates
This Privacy Policy may be updated to reflect legal or operational changes.