Combra
Homepage Chinese Partner conversation
Start 100 SKUs

Privacy

Privacy Policy

How Combra handles website visits, partner conversation requests, and product compliance data during agreed engagements.

Last updated: 26 June 2026

Legal Notice Privacy Policy Terms

Controller

Controller for this website: Fabian Exner, Einzelunternehmen, Theresienplatz 1, 90403 Nürnberg, Germany, trading as Combra. Contact: request@getcombra.com.

No data protection officer has been appointed unless a later Legal Notice states otherwise.

Website and Server Logs

When you visit this website, technical access data may be processed, including IP address, request time, requested URL, browser information, referrer, and status codes. This is used to deliver the website, secure the service, debug errors, and prevent abuse.

Legal basis is Art. 6(1)(f) GDPR: the legitimate interest in operating a secure, reliable website and measuring basic service reliability.

Partner Conversation Requests

When you request a partner or diagnostic conversation, Combra may process work email, company name, product category, SKU volume, compliance workflow description, request source, language preference, user agent, origin, and technical request metadata.

Website requests are currently routed through a Cloudflare Pages Function and stored in Airtable as the lead and CRM system for the request. Combra may use this information to review and respond to requests, qualify fit, prepare a focused compliance workflow discussion, and follow up on a possible commercial relationship.

Legal basis is Art. 6(1)(b) GDPR where the request is pre-contractual, and Art. 6(1)(f) GDPR for operating a focused B2B intake process.

Email Communications

If you contact Combra by email or Combra replies to a partner conversation request, Combra may process the sender and recipient addresses, message content, attachments you choose to send, timestamps, and technical delivery metadata.

Email communication for request@getcombra.com may be handled through Google Workspace / Gmail. Please do not send confidential product files, trade secrets, credentials, or sensitive personal data by email unless an appropriate exchange channel has been agreed.

Product Data During an Agreed Engagement

Combra is designed around product evidence, requirement mapping, evidence gap checks, reviewable compliance documentation, human approval, and audit trails. During an agreed engagement, processed materials may include BOMs, test reports, packaging artwork, manuals, product images, product data, company templates, reviewer feedback, and related compliance records.

Do not submit confidential product evidence through the public website form. Any production engagement should be governed by a separate agreement or data processing agreement that defines roles, subprocessors, storage region, retention, access rights, security commitments, and the secure document handoff channel.

Cookies and Local Storage

The current website does not require tracking cookies for the public landing pages. The partner conversation form may use local storage as a temporary fallback if an API is unavailable, so the entered request can be recovered in the same browser.

If analytics, advertising pixels, session replay, or consent tooling are added later, this privacy page must be updated before those tools go live.

Recipients and Service Providers

Combra uses technical service providers to host the website, operate the request API, store partner requests, send and receive email, monitor reliability, and protect against abuse.

For the current website flow, relevant providers include Cloudflare Pages for website hosting and the request function, Airtable for lead and CRM storage, and Google Workspace / Gmail for email communication. If Combra later replaces or adds equivalent providers for the same purposes, this policy will be updated where the change materially affects how personal data is processed.

Where providers process personal data on behalf of Combra, Combra uses appropriate contractual safeguards such as data processing terms, data processing agreements, or standard contractual clauses where required.

International Transfers

Some providers may process data in countries outside the European Economic Area. Where this involves a restricted transfer under GDPR, Combra relies on appropriate safeguards such as adequacy decisions, the EU Standard Contractual Clauses, the UK transfer addendum where applicable, or other lawful transfer mechanisms provided by the relevant service agreement.

Provider subprocessors may change over time. Combra reviews provider information and subprocessors as part of launch and vendor management rather than listing every provider subprocessor on this page.

Retention

Website logs, partner conversation requests, and email communications are kept only as long as needed to operate the website, evaluate the request, communicate with the requesting company, operate the sales and onboarding process, protect against abuse, and meet legal or security obligations.

If no customer relationship starts, partner conversation requests should be reviewed for deletion after 24 months unless a longer retention period is required for legal claims, security records, compliance documentation, or documented business context.

Your Rights

Depending on the circumstances, you may have rights of access, rectification, erasure, restriction, portability, and objection under the GDPR. You may also lodge a complaint with a competent supervisory authority.

To exercise rights, contact request@getcombra.com.

© 2026 Combra. EU/US toy compliance documentation packs for exporters.

request@getcombra.com 中文 Legal Privacy Terms