Back

Privacy Policy

Your data, your rights — here's how we handle it

Last updated: March 24, 2026
TL;DR
  • We collect what you give us (account info, content, org details)
  • We use it to run the platform and review your content
  • We don't sell your data. Ever.
  • Your uploads are stored securely in the cloud
  • You can request, export, or delete your data anytime (GDPR)
What We Collect

When you sign up, we collect your name, email, organization details, and any specifics for your account type (like a KVK number for Dutch organizations or a portfolio URL for creators).

We also collect the content you submit, your usage patterns (pages visited, features used), and basic technical info like browser type and IP address. Payment card details are handled entirely by Stripe — we never see your full card number.

How We Use It

Your data powers everything behind the scenes: account management, content review and publishing, credit transactions, and performance analytics for your published content.

We also use it to send you important notifications (via Resend), keep the platform secure, and comply with applicable laws. No surprises, no hidden uses.

Where It Lives

Your data is stored on Supabase (PostgreSQL database, authentication, and file storage) with encryption at rest and in transit. The web app itself is hosted on Vercel.

We implement access controls, regular security assessments, and secure development practices to keep everything locked down. International transfers are protected by Standard Contractual Clauses (SCCs).

Who We Share With

We never sell your data. Your approved content and public organization info (name, logo) are shared with our CMS and distributed to the apps for end users.

Our service providers — Stripe (payments), Resend (email), Supabase (database), and Vercel (hosting) — process data strictly for the purposes described here. We may also share data when legally required or during a business transfer (with notice).

Your Rights

Under GDPR, you have the right to access, correct, delete, export, or restrict processing of your personal data. You can also object to processing or withdraw consent at any time.

Just contact us and we'll respond within 30 days. You can also lodge a complaint with your local data protection authority.

Cookies & Storage

We keep it minimal. Supabase stores authentication tokens in local storage and cookies to keep you signed in. We may also store UI preferences (like theme settings) locally.

No third-party tracking cookies. No advertising cookies. No cross-site tracking. Period.

Retention & Changes

Account data is kept while your account is active, plus 12 months after closure. Rejected content is kept for 6 months. Payment records stay for 7 years (tax compliance). Usage logs are retained for 90 days.

If we update this policy, we'll give you at least 30 days' notice by email or through the platform.

© 2026 Buitenland Loket Ltd · Questions? partners@buitenlandloket.nl