Legal

Privacy Policy

Last updated: April 2026

This Privacy Policy explains how Stefan Richter, operating under the brand 10xProducts, collects, uses, and protects personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable German data protection law.

1. Controller

The data controller responsible for this website is:

Stefan Richter
80634 Munich, Germany
Email: hello@stefan-richter.com

2. Data We Collect

2.1 When you submit a form

When you download a free resource (such as the Product Due Diligence Template), we collect:

  • First name
  • Email address
  • Company name (optional)

This data is used solely to deliver the requested resource and, with your explicit consent, to send occasional product management insights.

2.2 When you contact us

If you send an email to hello@stefan-richter.com, we store your email address and message content to respond to your inquiry.

2.3 Server log data

Our web server automatically records standard access logs, including IP address, browser type, referring URL, and the pages visited. This data is used for technical operations and security purposes and is not linked to individual users.

We process personal data on the following legal bases under Art. 6 GDPR:

  • Consent (Art. 6(1)(a) GDPR) — for email marketing and analytics (PostHog). You may withdraw consent at any time via the cookie settings banner or by contacting us directly.
  • Legitimate interests (Art. 6(1)(f) GDPR) — for server log data necessary to operate and secure the website, and for storing consent records via CookieYes.
  • Contract performance (Art. 6(1)(b) GDPR) — where data processing is necessary to fulfil a service you have requested.

4. Email Marketing (Mailchimp)

We use Mailchimp (The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA) to manage our email list and send newsletters.

When you subscribe, your name, email address, and company name are transferred to and stored on Mailchimp's servers. Mailchimp is certified under the EU-U.S. Data Privacy Framework and provides appropriate safeguards for data transfers to the United States.

Mailchimp may collect additional technical data (such as open rates and click events) to provide analytics on email campaigns. You can review Mailchimp's Privacy Policy at mailchimp.com/legal/privacy.

You can unsubscribe at any time via the link in every email we send.

5. Analytics (PostHog)

We use PostHog (PostHog, Inc., 965 Mission St, San Francisco, CA 94103, USA) to understand how visitors use this website. PostHog collects:

  • Pages visited and navigation paths
  • Events and interactions (e.g. button clicks, form starts)
  • Device type, browser, and operating system
  • Approximate location (country/city level, derived from IP address)
  • Referring URL and session duration

We use PostHog's EU Cloud instance, meaning data is stored on servers located in the European Union (Frankfurt, Germany). IP addresses are not stored in full.

PostHog is only loaded after you have given consent via the cookie consent banner. If you decline analytics cookies, PostHog will not be initialized and no data will be collected.

You can review PostHog's Privacy Policy at posthog.com/privacy.

6. Cookies & Consent Management (CookieYes)

We use CookieYes (CookieYes Limited, 3 Warren Yard, Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom) to manage cookie consent on this website.

When you first visit the site, a consent banner is displayed. CookieYes stores your consent preferences in a cookie so you are not asked again on subsequent visits. This consent record is required under GDPR Art. 7(1) to demonstrate that consent was freely given.

The cookies used on this website fall into the following categories:

  • Strictly necessary — required for the website to function (e.g. consent preference cookie set by CookieYes). No consent required.
  • Analytics — PostHog cookies used to understand site usage. Only set after you accept analytics cookies.

You can change or withdraw your consent at any time by clicking Cookie Settings or by clearing your browser cookies. You can review CookieYes's Privacy Policy at cookieyes.com/privacy-policy.

Session storage (not cookies) is used by the Product Playbook to remember an entered access password within a browser session. This data is never transmitted to our servers and is cleared when the browser tab is closed.

7. Hosting

This website is hosted by IONOS SE (Elgendorfer Str. 57, 56410 Montabaur, Germany). IONOS processes technical access data (IP addresses, server logs) as a data processor on our behalf under an applicable data processing agreement. IONOS's privacy policy is available at ionos.de.

8. Third-Party Services

We embed fonts from Google Fonts (Google LLC, USA). When your browser loads the page, it contacts Google's servers to retrieve font files, which may log your IP address. We use the Google Fonts API with a direct connection; no cookies are set by this request. For details, see Google's Privacy Policy.

We do not use advertising networks, social media trackers, or any third-party services beyond those described in this policy.

9. Data Retention

We retain your data only as long as necessary for the purposes it was collected:

  • Email subscribers — until you unsubscribe or request deletion.
  • Analytics data (PostHog) — retained for 12 months, then automatically deleted.
  • Consent records (CookieYes) — 12 months from the date consent was given.
  • Email inquiries — up to 3 years, in line with statutory limitation periods.
  • Server logs — typically deleted within 7 days.

10. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of access (Art. 15 GDPR) — you may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16 GDPR) — you may request correction of inaccurate data.
  • Right to erasure (Art. 17 GDPR) — you may request deletion of your data ("right to be forgotten").
  • Right to restriction (Art. 18 GDPR) — you may request that we restrict processing of your data.
  • Right to data portability (Art. 20 GDPR) — you may request your data in a structured, machine-readable format.
  • Right to object (Art. 21 GDPR) — you may object to processing based on legitimate interests.
  • Right to withdraw consent (Art. 7(3) GDPR) — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at hello@stefan-richter.com. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. The competent authority for Bavaria, Germany is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18, 91522 Ansbach, Germany
www.lda.bayern.de

11. Contact

For any questions about this Privacy Policy or to exercise your rights, please contact:

Stefan Richter
80333 Munich, Germany
hello@stefan-richter.com