BoPi.army legal

Privacy Policy

Effective and last updated: 15 July 2026

This Policy explains how personal data is processed when you visit BoPi.army, use “My Orders” or purchase BoPi Wear.

1. Data controller

The controller responsible for personal data processed through BoPi.army and BoPi Wear is:

Bojan Stijovic
Holzmoosrütistrasse 42a
8820 Wädenswil, Switzerland
Email: info@sk-devstudios.com

BoPi Army, BoPi Wear, BOPI and BOPIS are project or brand names and are not separate legal entities unless this Policy is updated to state otherwise.

2. Scope

This Policy applies to the public BoPi.army website, BoPi Wear product browsing, checkout, Stripe payment processing, order management, changes, cancellations, refunds and customer support.

It does not govern third-party websites, blockchains, wallets, exchanges, social networks or services linked from BoPi.army. Those providers process data under their own policies.

3. Personal data we process

We do not receive or store complete card numbers, card security codes or online-banking credentials.

4. Purposes and legal bases

Purpose Typical data Basis
Display and secure the website Technical logs, IP address, browser data Legitimate interests in security, availability and troubleshooting
Prepare and perform purchases Contact, address, order and payment status Contract and pre-contractual steps
Produce and deliver merchandise Recipient, address, products and shipping data Performance of the purchase contract
Handle changes, cancellations and refunds Order access, payment references, status and correspondence Contract, legal obligations and legitimate interests
Prevent fraud and repeated refund abuse Email address, order status and temporary reorder block Legitimate interests in protecting the shop and payment system
Accounting, tax and legal compliance Invoices, order totals, payment and refund records Legal obligations
Optional marketing or non-essential technologies Only data described at the point of consent Consent where required

Where processing is required to complete an order, failure to provide the required information may prevent checkout, production or delivery.

5. Stripe payment processing

Payments and refunds are processed by Stripe. Checkout data is sent to Stripe as required to create a secure payment session, confirm the payment, prevent fraud and process refunds.

Stripe may process payment-method data, device information, IP addresses, fraud signals and transaction information as an independent controller or processor under its own legal terms and privacy policy.

BoPi.army stores identifiers such as the Stripe checkout-session ID, payment-intent ID, payment status, amount, currency, event ID and refund ID. These references are used to reconcile payments and prevent duplicate processing.

6. Printful, carriers and fulfilment

BoPi Wear is produced on demand. Information required to manufacture, package and deliver the order is shared with Printful and, where necessary, affiliated fulfilment facilities, postal operators, couriers, customs authorities and return-service providers.

This may include:

Printful or its partners may fulfil orders from different countries depending on the product, destination and capacity.

7. “My Orders”, localStorage and access tokens

BoPi.army currently provides order access without a user account. After successful checkout, the browser receives a secret order-access token. The browser stores the order reference and token in localStorage so that “My Orders” can load the order.

The browser also uses localStorage for the shopping cart and interface state. These entries are necessary for the requested shop functions and can be deleted through browser settings.

8. Infrastructure and service providers

Provider Purpose Data categories
Supabase Database and order records Orders, inventory, contact, payment references and status data
Render Website and backend hosting Requests, temporary processing data and server logs
Stripe Payment, fraud checks and refunds Checkout, payment method, device and transaction data
Printful Production, fulfilment, shipping and claims Recipient, address, products, shipping and claim data
Carriers and authorities Delivery, customs and lawful requests Parcel, recipient, value and tracking information as required

We do not sell personal data. We share data only where necessary for the services described, legal compliance, security or the establishment and defence of legal claims.

9. International data transfers

The providers used by BoPi.army may process data in Switzerland, the EEA, the United Kingdom, the United States and other countries needed for hosting, payment, production and delivery.

Where required, transfers are based on an adequacy decision, recognised contractual safeguards, an applicable certification, necessity for contract performance or another lawful mechanism. Public carrier and customs processing may occur in the destination country.

10. Data retention

Data is deleted or anonymised when it is no longer needed and no legal or overriding legitimate reason requires retention.

11. Your rights

Subject to applicable law, you may request access, correction, deletion, restriction, portability or information about how your personal data is processed. You may object to processing based on legitimate interests and withdraw consent for future processing where consent is the basis.

Some data cannot be deleted immediately because of accounting, payment, fraud-prevention, dispute or legal-retention obligations.

Swiss users may lodge a complaint with the Federal Data Protection and Information Commissioner. Users in the EEA or United Kingdom may also contact the competent local supervisory authority.

To protect customers, we may request reasonable verification before disclosing or changing order data.

12. Security

Measures include encrypted HTTPS connections, server-side validation, restricted database credentials, hashed order-access tokens, Stripe webhook-signature verification, atomic inventory operations and access controls for service providers.

No internet service is completely secure. Customers should protect their devices, email accounts and browser profiles and should not share order-access information.

13. Changes and contact

This Policy may be updated when providers, shop functions, legal requirements or processing activities change. The current version is published on this page with its update date.

Privacy requests and questions:
info@sk-devstudios.com
Holzmoosrütistrasse 42a, 8820 Wädenswil, Switzerland

See also the BoPi.army Terms of Service.