Surfnerd B.V., Hoeveneind 60, 4847NG Teteringen, Netherlands. Contact: [email protected].
Category | Examples | Purpose | Legal Basis (GDPR) |
---|---|---|---|
Account Data | name, email, password hash | create & secure account | Art 6(1)(b) contract |
Surf Stats | page views, forecast views, IP, device | improve product, fight fraud | Art 6(1)(f) legitimate interest |
Payment Data | card last 4, billing address (via Stripe) | process Plus fees, comply with tax law | Art 6(1)(b) & (c) |
Cookies | session token, analytics cookie | keep you logged in, know what’s popular | Art 6(1)(f) |
If you choose to log in using Google or Apple, we receive your email address from them. We use this to create and manage your Surfnerd account. We do not access your contacts, calendar, or other data. Authentication is handled via secure OAuth2. Use of these services is subject to the privacy policies of Google and Apple.
We keep account data while you have an account. Backups purge after 30 days. Transaction records stay 7 years for tax compliance.
We don’t sell or rent data. We only disclose if the law compels us.
Our primary servers are in the EU (Germany), but we may also process or back up data outside the European Economic Area (EEA), including in the United States or other countries. In those cases, we rely on safeguards like Standard Contractual Clauses or adequacy decisions. You may request details via [email protected].
TLS everywhere, no passwords (we use email verification), least-privilege access, quarterly pentests.
Access, rectify, erase, restrict, object, export. Email us at [email protected]. You can also complain to the Dutch DPA (Autoriteit Persoonsgegevens).
Surfnerd is not directed to children under 16. We don’t knowingly collect their data.
We’ll notify you of material changes 14 days in advance via email or banner.
Last updated: 20 June 2025