Privacy Policy
Last updated: 1 May 2026
1. Data controller
StackDetox is a brand of Joachim Nolten BV, a private limited company incorporated in the Netherlands (KvK 92685498).
Contact: hello@stackdetox.eu
2. Personal data we collect
| Category | Data | Purpose | Legal basis |
|---|---|---|---|
| Assessment data | Your answers to the sovereignty questionnaire (technology stack, contracts, vendors) | Generate your risk score and report | Legitimate interest / contract performance |
| Contact details | Name, email address, company name (entered when unlocking results) | Send your report PDF, follow-up on your sovereignty journey | Legitimate interest / your consent |
| Account data | Email, hashed password, organisation name | Provide and secure your StackDetox account | Contract performance |
| Billing data | Company name, VAT number, billing address (for invoices) | Invoicing and tax compliance | Legal obligation / contract performance |
| Usage data | Page views (no cookies, no fingerprinting) via Simple Analytics | Understand which features are used | Legitimate interest |
3. Sub-processors
We use the following third-party processors, all located in the EU or covered by an adequate transfer mechanism:
| Processor | Country | Purpose |
|---|---|---|
| Hetzner Online GmbH | Germany π©πͺ | Hosting and data storage (all data stored in EU) |
| Brevo (Sendinblue SAS) | France π«π· | Transactional email (report delivery, account emails) |
| Mollie B.V. | Netherlands π³π± | Payment processing |
| Simple Analytics | Netherlands π³π± | Privacy-first analytics (no cookies, no personal data) |
We do not use Google Analytics, Facebook Pixel, or any US-based advertising technology.
4. Cookies
StackDetox uses only a single session cookie to keep you signed in. No tracking cookies, advertising cookies, or third-party cookies are set. Simple Analytics collects aggregate page-view data without using cookies or fingerprinting.
5. Retention
- Assessment data β kept until you delete your account or request erasure.
- Leads (unlocked results without an account) β kept for 12 months, then deleted.
- Account and billing data β kept for 7 years to comply with Dutch accounting law (Burgerlijk Wetboek Boek 2), then deleted.
- Invoices β retained for 7 years from issue date.
6. Your rights (GDPR)
Under the GDPR you have the right to:
- Access β request a copy of the personal data we hold about you.
- Rectification β correct inaccurate data.
- Erasure β request deletion of your data ("right to be forgotten").
- Portability β receive your data in a machine-readable format.
- Objection β object to processing based on legitimate interest.
- Restriction β ask us to restrict processing while a dispute is resolved.
To exercise any of these rights, email us at hello@stackdetox.eu. We will respond within 30 days.
You also have the right to lodge a complaint with the Dutch data protection authority (Autoriteit Persoonsgegevens).
7. Security
All data is transmitted over HTTPS. Passwords are stored as bcrypt hashes. The server runs in a private network with automated daily backups. We apply security patches promptly and conduct periodic security reviews.
8. Changes to this policy
We may update this policy as the product evolves. Material changes will be communicated by email to registered users at least 14 days before they take effect. The "last updated" date at the top always reflects the current version.
9. Contact
Questions about this policy? Email hello@stackdetox.eu and we will get back to you within 2 business days.
StackDetox is a brand of Joachim Nolten BV · Netherlands