LoginRegister
Legal

Privacy Policy

How we collect, use, and protect your personal data — in compliance with the GDPR (EU) 2016/679.

Last updated: June 16, 2026

1. Controller

The responsible party for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Peter Csipkay
Ringstr. 6
82319 Starnberg
Germany
E-Mail: hello@threejsresources.com

2. What Data We Collect and Why

2.1 Account Registration

When you create an account we collect your email address and display name. This data is required to provide you with access to member features such as saving favourites, purchasing products, and accessing courses.

Legal basis: Art. 6(1)(b) GDPR — performance of a contract.

2.2 Purchases (Marketplace & Courses)

When you purchase a product or course, your email address and order details are processed. Payment is handled entirely by Stripe (see Section 6). We do not store your credit card number or full payment details on our servers. We retain order records (product purchased, price, date) for invoicing and legal compliance.

Legal basis: Art. 6(1)(b) GDPR — performance of a contract; Art. 6(1)(c) GDPR — compliance with legal obligations (tax record-keeping).

Retention: Order records are retained for 10 years in accordance with German commercial law (§ 257 HGB).

2.3 Newsletter

If you subscribe to our newsletter, we collect your email address and record a timestamp and confirmation of your opt-in consent. Your email address is used solely to send you Three.js Resources newsletters and relevant updates — nothing else.

We will never sell, rent, or share your newsletter email address with any third party for any purpose. The same strict data protection standards described in Section 3 apply fully to newsletter subscribers.

You can unsubscribe at any time via the one-click unsubscribe link in every newsletter email. Upon unsubscribing, your email address will be removed from the active mailing list promptly.

Legal basis: Art. 6(1)(a) GDPR — your explicit consent.

2.4 Tool & Showcase Submissions

When you submit a tool or showcase project, we collect the information you provide (tool name, URL, description, your name/contact). This data is used to review and potentially publish your submission.

Legal basis: Art. 6(1)(b) GDPR — pre-contractual measures; Art. 6(1)(f) GDPR — legitimate interest in maintaining a high-quality directory.

2.5 Contact Form

When you contact us via the contact form or email, we process your name, email address, and the content of your message solely to respond to your inquiry.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in responding to inquiries.

Retention: Contact messages are deleted after 6 months unless an ongoing matter requires longer retention.

2.6 Server Logs

Our hosting infrastructure automatically records standard server log data including your IP address, browser type, operating system, referring URL, pages visited, and timestamps. This data is used for security monitoring and performance analysis only.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in the secure operation of this website.

Retention: Server logs are retained for up to 14 days.

2.7 Public contributor profiles

If you publish a blog post, submit a tool, or submit a showcase project, your name (as set in your account profile) will be displayed publicly on the Website as the author or contributor. By submitting content you accept that your name will be shown in this way.

You may withdraw this consent at any time by emailing hello@threejsresources.com and requesting removal or anonymisation of your name. We will process such requests within a reasonable time.

Legal basis: Art. 6(1)(a) GDPR — your consent, given at the time of submission.

3. We Never Sell or Share Your Data

We do not sell, rent, trade, or otherwise share your personal data with any third party for commercial, marketing, or advertising purposes — ever.

Personal data is only disclosed to the technical service providers listed in Section 6 below, who are contractually bound to process it solely to operate this Website on our behalf. Beyond that, data may only be disclosed if required by law (e.g. a court order or statutory obligation).

4. Cookies

We use cookies and similar technologies to operate this website. A cookie is a small text file stored on your device by your browser.

  • Essential cookies: Required for authentication (login session), shopping cart, and security (CSRF protection). These cannot be disabled without impairing core functionality. Legal basis: Art. 6(1)(b) GDPR.
  • Functionality cookies: Remember your preferences such as language or display settings. Legal basis: Art. 6(1)(f) GDPR.
  • Analytics cookies: Where used, analytics help us understand how visitors interact with the site in aggregate. We do not use cookies that track you across third-party websites. Legal basis: Art. 6(1)(a) GDPR — your consent.

You can configure or disable cookies via your browser settings at any time.

5. Cloudflare Turnstile

We use Cloudflare Turnstile on certain public forms to distinguish humans from bots. Turnstile may process your IP address and browser signals. No personal data is stored on our servers as a result of Turnstile challenges. For Cloudflare's privacy practices, see cloudflare.com/privacypolicy.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in protecting the website from abuse.

6. Third-Party Data Processors

We use the following service providers who process personal data on our behalf solely to operate this Website:

  • Stripe, Inc. — Payment processing. Your payment data is transmitted directly to Stripe and governed by Stripe's Privacy Policy. Stripe is certified under the EU-U.S. Data Privacy Framework.
  • MongoDB Atlas / MongoDB, Inc. — Database hosting. Application data including user accounts and order records is stored in MongoDB Atlas (EU region where applicable).
  • Amazon Web Services (AWS) S3 — File storage for media uploads (images, files). See AWS Privacy Notice.
  • Resend — Transactional email delivery (order confirmations, account emails, newsletter). See Resend's Privacy Policy.

All processors are contractually bound to process data only on our instructions and in compliance with applicable data protection law. Where data is transferred outside the EU/EEA, appropriate safeguards (such as Standard Contractual Clauses) are in place.

7. Your Rights under the GDPR

As a data subject, you have the following rights under Articles 15–21 GDPR:

  • Right of access (Art. 15): You may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): You may request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): You may request deletion of your personal data where there is no legal obligation to retain it.
  • Right to restriction of processing (Art. 18): You may request that we restrict how we use your data in certain circumstances.
  • Right to data portability (Art. 20): You may request your data in a structured, machine-readable format.
  • Right to object (Art. 21): You may object to processing based on legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds.
  • Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at hello@threejsresources.com. We will respond within 30 days.

8. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. The competent supervisory authority for Bavaria, Germany is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
Website: www.lda.bayern.de

9. Data Security

We use industry-standard security measures including TLS/HTTPS encryption for all data in transit and access controls for data at rest. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

10. Children

This service is intended for users aged 18 and over. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Links to Other Websites

Our website contains links to third-party sites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.

12. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. We will notify you of material changes by email or by a prominent notice on the website before the change takes effect. The "Last updated" date at the top will always reflect the most recent revision.

13. Contact

For any questions about this Privacy Policy or your personal data: