Privacy Policy

Last updated: January 2025

1. Data Controller

ProductRecallRadar is operated by a sole proprietorship registered in the Netherlands:

  • KvK (Chamber of Commerce): 99250926
  • BTW (VAT): NL005377643B18
  • Email: privacy@productrecallradar.com

2. Data We Collect

Account Data

  • Email address (required)
  • Name (optional)
  • Company name (optional)
  • Password (hashed, never stored in plain text)

Usage Data

  • Alert preferences and filters
  • Login timestamps and IP addresses
  • Email delivery and open tracking

Payment Data

Payment processing is handled by Stripe. We do not store credit card numbers.

3. Legal Basis (GDPR Art. 6)

  • Contract: Processing necessary to provide our service
  • Legitimate Interest: Security, fraud prevention, service improvement
  • Consent: Marketing communications (opt-in only)

4. Data Retention

  • Account data: Until you delete your account + 30 days
  • Audit logs: 7 years (legal requirement)
  • Payment records: 7 years (tax requirement)

5. Your Rights (GDPR)

You have the right to:

  • Access: Request a copy of your data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion ("right to be forgotten")
  • Portability: Receive your data in machine-readable format
  • Object: Object to processing based on legitimate interest
  • Withdraw consent: At any time for consent-based processing

To exercise these rights, email privacy@productrecallradar.com

6. Data Processors

  • Supabase: Database hosting (EU region)
  • Vercel: Web hosting
  • Stripe: Payment processing
  • Resend: Email delivery

All processors are GDPR compliant with appropriate safeguards.

7. International Transfers

Some processors may transfer data outside the EU/EEA. We ensure adequate protection through Standard Contractual Clauses (SCCs) or adequacy decisions.

8. Security

We implement appropriate technical measures including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews.

9. Complaints

You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl

10. Contact

privacy@productrecallradar.com