Privacy Policy
Last updated: 29 March 2026
1. Who we are
TrustYourWebsite is operated as an eenmanszaak (sole proprietorship) registered at the Dutch Chamber of Commerce (KVK).
- Company: TrustYourWebsite
- KVK number: [pending registration]
- Address: [pending registration]
- Email: privacy@trustyourwebsite.nl
2. What data we collect and why
Free scan
When you submit a URL for scanning, we collect the URL, your IP address, and basic browser information. No account is needed. Legal basis: legitimate interest — providing the service you requested (Art. 6(1)(f) GDPR).
Paid report (€5)
Same as the free scan, plus your email address for report delivery. Payment is processed by Stripe — we never see or store your card details. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
Fix Kit (€29–49)
Same data as the paid report. We generate compliance documents based on your scan findings. Legal basis: performance of a contract.
Monitoring (€19/month)
Same data, plus ongoing storage of your scan history so we can track changes over time. Legal basis: performance of a contract.
Outbound scan emails
We may find your business email address on publicly accessible websites or business listings and send you a scan summary. This is B2B communication about a relevant service. You will receive a maximum of one email plus one follow-up. If you opt out, we honor that immediately and permanently. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
Website analytics
We use Vercel Web Analytics, which collects anonymous pageview data without cookies and does not track individual users.
3. Third-party processors
We share data with these service providers under data processing agreements:
| Processor | Purpose | Data | Location |
|---|---|---|---|
| Stripe (Stripe Inc.) | Payment processing | Payment details, email | EU/US (EU SCCs) |
| Resend (Resend Inc.) | Email delivery | Email address, content | US (EU SCCs) |
| Supabase (Supabase Inc.) | Database hosting | All stored data | EU (Frankfurt) |
| Vercel (Vercel Inc.) | Website hosting | IP address, request logs | EU edge (primary) |
| Upstash (Upstash Inc.) | Caching, rate limiting | Hashed IP, queue data | EU (Frankfurt) |
| Cloudflare (Cloudflare Inc.) | API layer, DDoS protection | IP address, request metadata | Global (EU processing) |
4. Data retention
- Scan results: retained 12 months, then anonymized.
- Payment records: retained for 7 years as required by Dutch tax law.
- Outbound email records: retained until opt-out, then moved to a suppression list (email hash only).
- IP addresses in server logs: 30 days.
5. Your rights
Under the GDPR, you have the right to:
- Access — request a copy of your personal data.
- Rectification — correct inaccurate data.
- Erasure — request deletion of your data.
- Restriction — limit how we process your data.
- Portability — receive your data in a machine-readable format.
- Objection — object to processing based on legitimate interest.
To exercise any of these rights, email privacy@trustyourwebsite.nl. We will respond within 30 days.
You also have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
6. Cookies
We use minimal cookies. Stripe may set cookies during payment for fraud prevention (strictly necessary — no consent required). We do not use marketing or advertising cookies. See our cookie policy for full details.
7. International transfers
Some of our processors are based in the United States. These transfers are covered by EU Standard Contractual Clauses (SCCs) or equivalent safeguards to ensure your data receives adequate protection.
8. Changes to this policy
We may update this privacy policy from time to time. Changes will be published on this page with an updated date. We do not send email notifications for minor changes.
Last updated: 29 March 2026. This document was drafted with AI assistance and reviewed by the business owner. For legal questions, consult a qualified legal professional.