Privacy Policy
Last updated: January 2025
Our Commitment
We practice what we preach. As a directory promoting privacy-focused EU alternatives, we hold ourselves to the same standards. We collect minimal data, store it in the EU, and never sell your information.
1. Data We Collect
We collect minimal data necessary to operate this directory:
Information You Provide
- Product Submissions: Product name, company information, and your optional contact email when you submit a product for review.
- Contact Forms: Your name, email, and message when you contact us.
Automatically Collected
- Basic Analytics: Aggregated, anonymous page view counts and click statistics. We do not track individual users across sessions.
- Essential Cookies: Only cookies necessary for the website to function. No tracking cookies, no third-party advertising cookies.
What We Do NOT Collect
- Personal browsing history or behavior profiles
- Precise location data
- Data from third-party sources
- Information from social media integrations (we have none)
2. How We Use Your Data
Data you provide is used only for its stated purpose:
- Product submissions are used to review and potentially add products to our directory. Your email (if provided) is only used to notify you about your submission status.
- Contact form messages are used to respond to your inquiry.
- Anonymous analytics help us understand which pages are useful and improve the directory.
We do not sell, rent, or share your personal information with third parties for their marketing purposes. Ever.
3. Your GDPR Rights
Under the General Data Protection Regulation, you have the right to:
- Access: Request a copy of any personal data we hold about you.
- Rectification: Request correction of inaccurate personal data.
- Erasure: Request deletion of your personal data ("right to be forgotten").
- Data Portability: Receive your data in a structured, commonly used format.
- Object: Object to processing of your personal data in certain circumstances.
- Restrict Processing: Request limitation of how we process your data.
To exercise any of these rights, please contact us at privacy@builtineu.eu. We will respond within 30 days.
Right to Lodge a Complaint: If you believe we have not handled your personal data properly, you have the right to lodge a complaint with your local Data Protection Authority (DPA). In the Netherlands, this is the Autoriteit Persoonsgegevens.
4. Cookie Policy
We use a consent-based cookie system that respects your choices:
Essential Cookies
- Session cookies: Temporary cookies that expire when you close your browser. These are required for the website to function.
- Consent cookie (gdpr_consent): Stores your cookie preferences. Without this, we'd have to ask you every time.
Analytics Cookies (Optional)
- Google Analytics (_ga, _gid): Help us understand how visitors use our site. We use IP anonymization to protect your privacy. Only enabled if you consent.
Preference Cookies (Optional)
- localStorage (recentSearches, favoriteProducts): Remember your recent searches and favorite products. Only stored if you consent.
Managing Your Preferences
You can change your cookie preferences at any time by visiting our Privacy Management page or clicking the cookie settings link in the footer.
Do Not Track
We respect the Do Not Track (DNT) browser setting. If you have DNT enabled, we will automatically disable all non-essential tracking, even if you've previously given consent.
5. Data Storage & Security
All data is stored on Supabase servers in the EU region. We do not transfer personal data outside the European Economic Area (EEA).
Security measures include:
- Encryption in transit (TLS/HTTPS)
- Encryption at rest for stored data
- Access controls limiting who can view data
- Regular security updates and monitoring
Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
- Notify affected individuals without undue delay if there is a high risk to their rights
- Document all breaches, including their effects and remedial actions taken
6. Third-Party Services (Sub-processors)
We use a minimal number of third-party services:
| Service | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database & Authentication | Submissions, contact forms | EU (Frankfurt) |
| Vercel | Website Hosting | Server logs (IP, minimal) | US (DPA compliant) |
| Google Analytics | Website analytics (if consented) | Anonymized usage data, IP anonymized | US (DPA compliant) |
We carefully select services with strong privacy practices. For US-based services, we ensure they have appropriate Data Processing Agreements (DPAs) in place and comply with applicable transfer mechanisms (SCCs/adequacy decisions).
7. Data Retention
- Product submissions: Kept indefinitely if approved, or deleted after 90 days if rejected.
- Contact messages: Kept for 2 years then deleted.
- Server logs: Automatically deleted after 30 days.
8. Children's Privacy
This website is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
9. Changes to This Policy
We may update this privacy policy from time to time. Significant changes will be announced on our website. The "last updated" date at the top indicates when this policy was last revised.
10. Contact Us
For privacy-related inquiries or to exercise your GDPR rights:
- Email: privacy@builtineu.eu
- Contact Form: builtineu.eu/contact
- Self-Service: Manage your data - View, export, or delete your data
We aim to respond to all requests within 30 days.