Privacy Policy

1. Data We Collect

We collect minimal data necessary to operate this directory:

Information You Provide

• Product Submissions: Product name, company information, and your optional contact email when you submit a product for review.
• Contact Forms: Your name, email, and message when you contact us.

Automatically Collected

• Cookieless Analytics: Aggregated, anonymous page view counts and click statistics via Simple Analytics and Vercel Analytics. Neither sets tracking cookies nor identifies individual users across sessions.
• No Tracking Cookies: This site does not set advertising, profiling, or cross-site tracking cookies. See the Cookie Policy section below for the few strictly necessary cookies that may be set.

What We Do NOT Collect

• Personal browsing history or behavior profiles
• Precise location data
• Data from third-party sources
• Information from social media integrations (we have none)

2. How We Use Your Data

Data you provide is used only for its stated purpose:

• Product submissions are used to review and potentially add products to our directory. Your email (if provided) is only used to notify you about your submission status.
• Contact form messages are used to respond to your inquiry.
• Anonymous analytics help us understand which pages are useful and improve the directory.

We do not sell, rent, or share your personal information with third parties for their marketing purposes. Ever.

3. Your GDPR Rights

Under the General Data Protection Regulation, you have the right to:

• Access: Request a copy of any personal data we hold about you.
• Rectification: Request correction of inaccurate personal data.
• Erasure: Request deletion of your personal data ("right to be forgotten").
• Data Portability: Receive your data in a structured, commonly used format.
• Object: Object to processing of your personal data in certain circumstances.
• Restrict Processing: Request limitation of how we process your data.

To exercise any of these rights, please contact us at info@builtineu.eu. We will respond within 30 days.

Right to Lodge a Complaint: If you believe we have not handled your personal data properly, you have the right to lodge a complaint with your local Data Protection Authority (DPA). In the Netherlands, this is the Autoriteit Persoonsgegevens.

4. Cookie Policy

This site does not set tracking cookies. We do not show a cookie banner because there is nothing to consent to — our analytics are cookieless, and the only cookies the site may set are strictly necessary for services you explicitly request (ePrivacy Art. 5(3)).

Strictly Necessary Cookies (no consent required)

These are only set in specific situations and are required for features you have requested:

• Supabase authentication cookies: Only set after you sign in via email OTP on the login page. They keep your session active and are removed when you sign out.
• NEXT_LOCALE: Only set when you pick a language in the language switcher. Remembers your chosen language so we do not redirect you on return visits.
• admin_session: Only set on the private admin area after password login. Not accessible to public visitors.

Anonymous visitors who do not log in and do not change language receive no cookies.

Analytics (Cookieless)

We measure traffic with Simple Analytics and Vercel Analytics. Neither service uses cookies, fingerprints visitors, or shares data with advertisers. Page views and referrers are aggregated and anonymized.

Local Storage (Optional Preferences)

Features like recent searches and favorite products are stored in your browser's localStorage only. This data never leaves your device. You can clear it at any time from your browser settings.

Do Not Track

We honor the Do Not Track (DNT) browser header as a courtesy. When DNT is set, we skip non-essential click-event recording entirely.

5. Data Storage & Security

All data is stored on Supabase servers in the EU region. We do not transfer personal data outside the European Economic Area (EEA).

Security measures include:

• Encryption in transit (TLS/HTTPS)
• Encryption at rest for stored data
• Access controls limiting who can view data
• Regular security updates and monitoring

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
• Notify affected individuals without undue delay if there is a high risk to their rights
• Document all breaches, including their effects and remedial actions taken

6. Third-Party Services (Sub-processors)

We use a minimal number of third-party services:

We carefully select services with strong privacy practices. For US-based services, we ensure they have appropriate Data Processing Agreements (DPAs) in place and comply with applicable transfer mechanisms (SCCs/adequacy decisions).

7. Data Retention

• Product submissions: Kept indefinitely if approved, or deleted after 90 days if rejected.
• Contact messages: Kept for 2 years then deleted.
• Server logs: Automatically deleted after 30 days.

8. Children's Privacy

This website is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to This Policy

We may update this privacy policy from time to time. Significant changes will be announced on our website. The "last updated" date at the top indicates when this policy was last revised.

10. Contact Us

For privacy-related inquiries or to exercise your GDPR rights:

• Email: info@builtineu.eu
• Contact Form: builtineu.eu/contact

We aim to respond to all requests within 30 days.