Privacy & data protection
This page explains how Shark Human Alliance processes personal data when you order a certificate, receive emails, appear in the public registry or use analytics cookies. It is written for an international audience, and our contractual and privacy communication is generally provided in English and Spanish. It is intended to cover the core information required by Article 13 GDPR and related privacy laws.
Last updated: April 21, 2026
The controller for Shark Human Alliance is JEEL Wekeza s.r.o., with its registered office at Radlicka 663/28, Smichov, 150 00 Prague 5, Czech Republic, company ID 07969694. Legal form: limited liability company. Primary privacy contact: sharkhumanalliance@gmail.com. No separate data protection officer is currently published for this service.
Depending on how you use the service, we may process: certificate name, dedication text, email address, order and payment metadata, referral code and referral activity, public registry visibility preference, access token and verification identifiers, basic technical metadata such as IP address used for security and rate limiting, and cookie preference data. Payment card details are not stored by Shark Human Alliance. Payments are handled by Stripe under Stripe's own systems and notices.
We process personal data for these main purposes: - issuing and delivering a purchased certificate, handling support and operating the service under Article 6(1)(b) GDPR; - meeting accounting, tax and fraud-prevention obligations under Article 6(1)(c) GDPR and, where applicable, Article 6(1)(f) GDPR; - publishing a record in the public registry only when you opt in, under Article 6(1)(a) GDPR; - sending certificate-related operational emails and referral or access links needed for the service under Article 6(1)(b) GDPR; - loading analytics cookies only when you opt in, under Article 6(1)(a) GDPR and applicable cookie rules.
Registry publication is optional. New purchases are shown in the public registry only if the buyer enables that option during checkout. Records can later be hidden from the public registry or anonymized through the certificate access controls or by contacting support. Verification pages for non-public or erased records are not shown publicly.
To operate the website, checkout and certificate delivery, we may share relevant data with providers that support the service, including Stripe for payments, Resend for email delivery, Vercel for hosting and application delivery, and the PostgreSQL database provider used for the project environment, such as Neon or Supabase. These providers receive only the data needed for their role in operating the service.
Some providers used by the service may process data outside the European Economic Area, including in the United States. Where such transfers occur, we rely on the provider's applicable transfer mechanism, such as the EU Standard Contractual Clauses, adequacy decisions or equivalent safeguards made available by the provider.
We keep certificate and order data for as long as needed to operate the service, demonstrate the transaction and handle support, legal or accounting obligations. Public registry visibility remains active until the record is hidden or erased. Cookie preference data is stored for up to 180 days unless changed earlier. Where the law requires longer retention for accounting or tax records, those records may be kept for the required statutory period.
Subject to applicable law, you may request access, rectification, erasure, restriction, portability, withdrawal of consent, objection to certain processing and the right to lodge a complaint with a competent supervisory authority. Because the controller is established in the Czech Republic, the relevant authority for the controller is the Office for Personal Data Protection (UOOU), while data subjects in the EU may also have the right to complain to the authority in their place of residence, work or the place of the alleged infringement. If a request concerns a public registry entry, please include the registry ID, referral code or certificate access link where possible.
Necessary cookies are used for core website functions, checkout flow, language handling, security and storing your cookie preference. Google Analytics 4 may be initialized on the site with a restrictive default consent mode so we can operate the analytics setup, but analytics storage remains denied until analytics consent is granted. If you reject analytics cookies, analytics storage stays denied. For more detail, see our Cookie Policy and the cookie settings control in the footer.
Email privacy requests and complaints to sharkhumanalliance@gmail.com. If your request concerns a specific certificate, include enough information for us to identify the record safely, such as the certificate email address, registry ID or certificate access link. If you believe we have not handled your request properly, you may also contact the competent supervisory authority. For the controller, that authority is the Czech Office for Personal Data Protection (UOOU).