Datareaches B.V. ("we", "us") is the data controller for personal data collected through this website and our dashboard service. This policy describes what we collect, why, how long we keep it, and the rights you have under the EU General Data Protection Regulation (GDPR).
Contact form submissions: name, email, company, message content. Account data: name, email, organisation, hashed password, role. Usage data: pages visited, dashboard interactions, anonymised IP address. Customer dashboard data: whatever your team writes into your custom dashboard, we process this on your behalf as a processor.
To respond to enquiries, deliver the dashboard service you signed up for, send service-related communication, debug technical issues, and comply with legal obligations such as tax record-keeping. We do not sell data and we do not use your data to train external AI models.
We rely on (a) your consent for marketing communication and non-essential cookies, (b) contractual necessity for delivering the service, and (c) legitimate interest for security logging and abuse prevention.
All personal data is stored on EU-hosted infrastructure (Hetzner data centres in Germany). We do not transfer personal data outside the European Economic Area. Daily encrypted backups are retained for 30 days.
Contact form data: 12 months. Account data: for the duration of your contract plus 24 months. Financial records: 7 years (Dutch tax law). Anonymised analytics: 26 months.
You can request access to your data, correction of inaccurate data, deletion ("right to be forgotten"), restriction of processing, data portability, and you can object to processing based on legitimate interest. Email privacy@datareaches.com, we respond within 30 days.
If you are unhappy with how we handle your data, you can file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.