Brainwired

Legal

Privacy Policy

Last updated: [DATE] · Placeholder template — please review with a legal advisor before publishing.

1. Controller

The data controller is [LEGAL NAME], [ADDRESS, COUNTRY], KvK [KVK NUMBER]. For privacy questions, contact sarah@getbrainwired.eu.

2. What we collect

  • Order data: email address, billing country, purchased product, order ID, timestamp.
  • Payment data: handled directly by Stripe. We never see or store your full card details.
  • Technical data: IP address and basic device/browser information, captured by our hosting provider for security and abuse prevention.
  • Email engagement: whether delivery emails were opened or clicked, via our email provider.

3. Why we use it (legal basis)

  • To deliver your purchase (Art. 6(1)(b) GDPR — performance of contract).
  • To comply with tax and accounting obligations (Art. 6(1)(c) GDPR — legal obligation).
  • To prevent fraud and secure the service (Art. 6(1)(f) GDPR — legitimate interest).
  • To send transactional emails related to your order (contract).

We do not use your data for marketing without your explicit consent.

4. Who processes your data (subprocessors)

  • Stripe Payments Europe Ltd (Ireland) — payment processing, tax compliance, invoicing.
  • Lovable Cloud / Supabase (EU) — database and file storage for order records and download links.
  • Resend (United States) — sending transactional email. Data transfers are covered by Standard Contractual Clauses.
  • Cloudflare — content delivery, hosting, and security.

5. International transfers

Some subprocessors are based outside the EU/EEA (e.g. the United States). Where this is the case, transfers are protected by the EU Standard Contractual Clauses and equivalent safeguards required under the GDPR.

6. Retention

  • Order and invoice records: 7 years (statutory tax retention period).
  • Download links: up to 1 year after purchase.
  • Email logs: up to 12 months.
  • Server access logs: up to 30 days.

7. Your rights

Under the GDPR you have the right to access, rectify, erase, restrict, or object to processing of your personal data, and the right to data portability. To exercise these rights, email sarah@getbrainwired.eu — we will respond within one month.

You also have the right to lodge a complaint with your national data protection authority (in the Netherlands: Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl).

8. Cookies and analytics

Brainwired does not currently use tracking cookies or third-party analytics. Strictly necessary cookies may be set by Stripe during checkout for fraud prevention and session security; these do not require consent under the ePrivacy Directive.

9. Security

We use TLS encryption in transit, signed download tokens scoped to your purchase, and access controls on stored files. No system is perfectly secure; if a breach affects your data, we will notify you in line with Art. 33–34 GDPR.

10. Changes

We may update this policy. The current version is always available at getbrainwired.eu/privacy with the "last updated" date above.