🔒 Privacy Policy

Version 1.1 · Effective 1 March 2026 · GDPR compliant

Data Controller: MijnBouwApp · mijnbouwapp@gmail.com · KVK: [uw nummer]

1. Data We Collect

Account: name, email, company name, KVK number
Project data: names, addresses, descriptions, amounts
Receipts & invoices: suppliers, amounts, files
Banking data (via EnableBanking): account statements, transactions — only with your explicit PSD2 consent
Trip records: addresses, distances, vehicle data
Technical: IP address, browser, login timestamp

2. Purpose & Legal Basis

Contract performance (GDPR art. 6(1)(b)): providing the service
Legal obligation (sub c): 7-year tax retention (Dutch Tax Act art. 52)
Explicit consent (sub a) + PSD2: bank account connection via EnableBanking AISP
Legitimate interest (sub f): security, abuse prevention

3. Third Parties & Sub-processors

We share data only with the processors below, under data processing agreements (GDPR art. 28).

🏦

Enable Banking Oy PSD2 · AISP EU

Open Banking / PSD2 bank connection (AISP licensed)

Privacy · Terms · PSU Privacy (bank users)

🤖

Google LLC VS (SCCs)

Gemini AI analysis of project and receipt data

Privacy · Terms

🤖

OpenAI LLC VS (SCCs)

AI analysis (optional)

Privacy · Terms

💳

Stripe, Inc. VS/EU (SCCs)

Payment processing (subscriptions)

Privacy · Terms

🏠

Hostingprovider EU NL / EU

Server hosting (VPS, NL/EU datacenter)

🔒 EnableBanking note: banking data is processed by Enable Banking Oy as a licensed Account Information Service Provider (AISP) under PSD2. Access requires your explicit consent and can be revoked at any time at enablebanking.com/data-sharing-consents.

4. Retention Periods

Account data: 30 days after deletion
Financial data: 7 years — statutory obligation (Dutch Tax Act art. 52)
Banking data (EnableBanking): not stored after processing; session-based
AI cache: maximum 24 hours
Log files: maximum 90 days

5. Your Rights (GDPR Art. 15–22)

Access (art. 15)
Rectification (art. 16)
Erasure (art. 17)
Restriction (art. 18)
Portability (art. 20)
Objection (art. 21)
Withdrawal of PSD2 consent (banking data) at any time

Requests to mijnbouwapp@gmail.com — response within 30 days. Complaints: Dutch Data Protection Authority.

6. Cookies

Functional cookies only (login session). No tracking or marketing. No cookie banner required.

Last updated: 1 March 2026.