Technovize

Legal

Privacy Policy — Technovize

Version 1 · Effective June 13, 2026

DRAFT — NOT YET REVIEWED BY LEGAL COUNSEL. This document is a first-pass template based on Dutch and EU legal norms. Review with a lawyer or a service like Termly, iubenda, or Cookiebot before public launch or before accepting paying customers.

Privacy Policy

Effective date: See document header. Version: 1.

Technovize (“we”, “us”) respects your privacy. This policy explains what personal data we collect, why we collect it, and your rights under the General Data Protection Regulation (GDPR) and Dutch implementing law (UAVG).

1. Data controller

Technovize (KVK 98119133), operator of the Technovize platform. Contact: hello@technovize.com.

We are currently a small operator and have not appointed a Data Protection Officer. You may contact us directly with any privacy concern.

2. What we collect

  • Account data: email address, display name, preferred language.
  • Billing data: name, company, VAT ID (if provided), billing address, currency. Card details are handled by Stripe and never reach our servers.
  • Content data: books, chapters, project notes, author bios — the material you enter into the platform.
  • Usage data: pages visited, feature interactions, minimal server logs (IP, user-agent, timestamp) for security and debugging.
  • Communication: emails you send us and any attachments.

3. Why we process it (lawful bases)

  • Contract performance (Art. 6(1)(b) GDPR): account management, service delivery, billing, customer support.
  • Legal obligation (Art. 6(1)(c)): tax-record retention (7 years under NL tax law), KVK and VAT disclosures, responding to lawful requests.
  • Legitimate interests (Art. 6(1)(f)): fraud prevention, platform security, abuse detection, basic analytics. Balanced against your privacy rights.
  • Consent (Art. 6(1)(a)): optional marketing email, non-essential cookies. Withdrawable at any time.

4. Retention

  • Account + content: for as long as your account is active. Deleted within 30 days of account closure unless tax or legal obligations require longer retention.
  • Invoices and tax records: 7 years (NL Algemene wet inzake rijksbelastingen, Art. 52).
  • Download-token audit (buyer emails on book purchases): retained for the legal retention window, then pseudonymised.
  • Server logs: 30 days.

5. Third parties who process data for us

All processors are bound by GDPR-compliant data-processing agreements and, where applicable, Standard Contractual Clauses for transfers outside the EEA.

  • Stripe Payments Europe Ltd (Ireland) — payment processing.
  • Postmark / Resend (USA, SCCs) — transactional email delivery.
  • Hetzner Online GmbH (Germany) — primary hosting.
  • Cloudflare, Inc. (USA, SCCs) — CDN, DDoS protection.
  • Sentry / Functional Software, Inc. (USA, SCCs) — error monitoring.
  • S3-compatible object storage (EU region) — file storage.

6. International transfers

Where processors are based outside the EEA, transfers are protected by the European Commission’s Standard Contractual Clauses and, where applicable, additional safeguards per Schrems II guidance.

7. Your rights

Under GDPR you may:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Erase data (“right to be forgotten”), subject to legal retention.
  • Restrict or object to processing.
  • Portability — receive your data in a machine-readable format.
  • Withdraw consent at any time for consent-based processing.
  • Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, https://autoriteitpersoonsgegevens.nl).

Requests: hello@technovize.com. We respond within one month.

8. Automated decision-making

We do not carry out any automated decision-making or profiling that produces legal effects on you.

9. Security

We use TLS for all traffic, encrypted storage at rest, rate-limited authentication, hashed passwords with modern algorithms, and webhook signature verification. No system is perfectly secure; we notify affected users and the Autoriteit Persoonsgegevens of any personal-data breach within 72 hours as required by Art. 33 GDPR.

10. Cookies

See our separate Cookie Policy for the categories of cookies used and your consent options.

11. Changes

Material changes to this policy trigger a re-notification and, where appropriate, fresh consent. Previous versions are archived and available on request.