Privacy Policy

1. The “No-Storage” Principle

Our platform is built on a “pass-through” architecture.

• Your End-User Data: We do not store, persist, or “own” any clickstream data from your websites or apps.
• Cloud Users: We act as a stateless router, forwarding data immediately to your own storage (e.g., Google Cloud). Data exists in our volatile memory only during transit.
• On-Premises Users: We have zero access to your infrastructure or data. You are the sole controller and processor.

2. Information We Collect

We only collect data necessary to manage your account and provide the service:

• Account Information: Name, email, and company details provided during sign-up.
• Billing Data: Processed securely via Stripe; we do not store credit card numbers on our servers.
• Usage Metadata: Information on how you interact with our dashboard (e.g., login frequency, configuration changes) to improve the platform.

3. How We Use Your Information

• To provide and maintain the d8a.tech routing service.
• To manage your subscription and process payments.
• To send essential system updates or security alerts.
• To comply with legal obligations under Dutch law.

4. How We Use d8a.tech (Our Own Website)

We believe in our product. We use the d8a.tech platform on our own website to collect clickstream analytics.

• The Goal: To understand how visitors use our site and improve the user experience.
• The Destination: This data is routed through our service and stored in our own secure, private data warehouse.
• Privacy: Like our customers, we treat this data with the highest level of confidentiality and do not sell it to third parties.

5. Sub-processors

We use a minimal set of trusted partners to run our platform. These partners never see your raw clickstream data; they only support our business operations:

Sub-processor	Purpose	Location
Vercel / AWS	Website Hosting & Routing	EU/Global
Stripe	Payment Processing	Global
Postmark	System Emails	US

6. Data Security

• Encryption: All data in transit is protected by TLS 1.3 encryption.
• Isolation: Your configurations are logically isolated from other users.
• On-Premises: For self-hosted instances, security is entirely under your control.

7. Your Rights (GDPR)

Under the GDPR, you have the right to access, correct, or delete your account information.

Note on End-Users: Because we do not store your end-users’ data, we cannot fulfill “Right to be Forgotten” requests on their behalf. You must handle these within your own data warehouse.

8. Data Retention

• Account Data: Retained for the duration of your active subscription.
• Deletion: Upon account cancellation, your configuration metadata is deleted within 30 days. Billing records are kept longer as required by Dutch tax law.

9. Governing Law

This Privacy Policy is governed by the laws of the Netherlands. Any disputes will be resolved in the courts of Amsterdam.

10. Contact Us

For any privacy-related inquiries or to exercise your data rights: Email: legal@d8a.tech