Privacy Policy
Effective date: 23 April 2026
This Privacy Policy explains what personal data Ripazo ("we", "us", "our") collects, how we use it, and the rights you have under the EU General Data Protection Regulation (GDPR) and the Dutch implementation of it (Algemene Verordening Gegevensbescherming, AVG).
Ripazo is a private dashboard for families and friends who co-own or share a vacation home. We are deliberately small, we do not have advertisers, and we do not train AI models on your content. This policy reflects that posture.
1. Who we are
Ripazo is operated by LexMulier (sole trader), KvK 92535755, Zeist, Netherlands. Email: info@ripazo.com.
We are the data controller for all personal data processed through Ripazo. That means we decide what is collected, why, and how long it is kept — and we are the party you hold responsible if something goes wrong.
Because we are a sole trader we do not have a statutory Data Protection Officer. For any privacy question or request you can write directly to info@ripazo.com.
2. What data we collect and where it comes from
We only collect data that is necessary to run the service or that you explicitly give us.
| Category | Examples | Source |
|---|---|---|
| Account data | Email, name, hashed password, preferred language, avatar URL, home-page slug | You, when you sign up |
| Content | Bookings, checklists, expenses, contact details, photos, albums, comments, reactions, house information | You, while using the product |
| Device + connection data | IP address, browser, operating system, approximate country | Automatically from your browser |
| Usage data | Page views, button clicks (anonymised) | Automatically, only if you consent to Analytics |
| Error diagnostics | Stack trace, URL, browser | Automatically, only if you consent to Error tracking |
| Billing data | Billing address, card last-4, invoice history, tax ID | You, when you subscribe — card numbers never touch our servers, they live with Stripe |
| Communications | Emails you send us, support conversations | You, when you contact us |
We do not collect special-category data (religion, health, political opinion, biometrics). If you enter that kind of data voluntarily into content fields, you do so at your own risk.
3. Why we collect it and our legal basis
For each purpose we rely on one of the six lawful bases in GDPR Article 6:
| Purpose | Data used | Legal basis |
|---|---|---|
| Create and operate your account | Account data, content, device + connection data | Art. 6(1)(b) — contract |
| Send transactional emails (invites, password reset, deletion confirmation) | Email, name | Art. 6(1)(b) — contract |
| Bill you for your subscription | Account data, billing data | Art. 6(1)(b) — contract |
| Comply with Dutch tax law (invoice retention) | Billing data | Art. 6(1)(c) — legal obligation |
| Analytics to improve the product | Usage data | Art. 6(1)(a) — consent (toggleable) |
| Error tracking to fix bugs | Error diagnostics | Art. 6(1)(a) — consent (toggleable) |
| Detect abuse, fraud, security incidents | Account + device data | Art. 6(1)(f) — legitimate interest |
| Respond to legal requests, enforce our Terms | All of the above, as necessary | Art. 6(1)(c), (f) |
You can withdraw consent for analytics and error tracking at any time via the Cookie preferences link in the footer.
4. Who we share data with
We share data only with the subprocessors listed on our Subprocessors page:
- Supabase (EU) — database, authentication, file storage.
- Vercel — hosting + CDN.
- Stripe — subscription billing.
- Resend (EU) — transactional email.
- PostHog (EU) — only if you consent to Analytics.
- Sentry (EU) — only if you consent to Error tracking.
We do not sell your data. We do not share it with advertisers or data brokers. We do not use your content to train AI models.
We may disclose data to comply with a court order, a lawful government request, or to protect our rights. When legally allowed, we will notify you before doing so.
5. International transfers
We prefer EU-hosted providers. Where we rely on a subprocessor with US infrastructure (Vercel, Stripe) the transfer is covered by the EU-US Data Privacy Framework and by Standard Contractual Clauses in their DPA. Details per processor are on the Subprocessors page.
6. How long we keep data
| Category | Retention period | Why |
|---|---|---|
| Account + content | For as long as your subscription is active, plus 30 days after you request deletion | Contract + 30-day grace window for you to cancel the deletion |
| Billing records | 7 years after invoice date | Dutch Wet op de Omzetbelasting (tax retention requirement) |
| PostHog events | 12 months from event | Product-analytics window is enough for seasonal analysis |
| Sentry events | 90 days from event | Long enough to debug; short enough to minimise data stored |
| Email logs (Resend) | 30 days | Deliverability troubleshooting only |
| Abuse / security logs | 90 days (rolling) | Incident response |
| Deleted accounts — invoice stubs | 7 years | As above; name and email are scrubbed and replaced with a hash at deletion |
After retention we delete or anonymise. Anonymised data (without any identifier we could use to re-link it to you) is not personal data under GDPR and may be retained for aggregate product metrics.
7. Your rights under GDPR
Under GDPR and the AVG you have the following rights:
- Access (Art. 15) — get a copy of the personal data we hold about you.
- Rectification (Art. 16) — correct inaccurate data. Most of this is self-service in Settings.
- Erasure / "right to be forgotten" (Art. 17) — delete your account. Self-service from Settings → Account; data removed within 30 days except records we are legally required to retain.
- Restrict processing (Art. 18) — pause our use of your data while a complaint is pending.
- Portability (Art. 20) — receive your data in a machine-readable format (JSON). Until the self-service export ships, email info@ripazo.com and we will provide a JSON export within 30 days.
- Object (Art. 21) — to processing based on legitimate interest, or to direct marketing (we currently don't do any).
- Withdraw consent — for analytics + error tracking via Cookie preferences; takes effect immediately.
- Not be subject to solely automated decision-making (Art. 22) — we don't make automated decisions that produce legal effects about you. This is noted here for completeness.
- Lodge a complaint (Art. 77) — with the Dutch supervisory authority below.
How to exercise a right
- Email info@ripazo.com with the right you want to exercise.
- We may ask you to confirm your identity (typically by emailing from the address on your account). We only ask for as much as is needed to verify — no passport scans.
- We respond within 30 days. For complex or multiple requests we may extend by two months and will tell you within the first month if we need to.
- Our response is free. We may charge a reasonable fee (or refuse) for repeated, manifestly unfounded, or excessive requests — this is allowed by Art. 12(5) GDPR.
Complaints
If you think we are handling your data incorrectly, talk to us first — info@ripazo.com. You also have the right to complain directly to the Dutch supervisory authority:
Autoriteit Persoonsgegevens Hoge Nieuwstraat 8, 2514 EL Den Haag autoriteitpersoonsgegevens.nl
8. Account deletion
From Settings → Account you can request deletion. We send a confirmation link to your email, valid 7 days. After you confirm, your account enters a 30-day grace period during which you can cancel the deletion by logging back in and clicking "Cancel deletion". After 30 days your account and all associated content are permanently removed. Invoices we are legally required to retain are kept but scrubbed of your name and email.
9. Cookies
See our Cookie Policy.
10. Children
Ripazo is intended for adults coordinating a shared vacation home. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe a child has created an account, email us and we will delete it.
11. Security
We encrypt data in transit with TLS 1.2 or higher. Data at rest in Supabase is encrypted with AES-256. Access to our admin interfaces requires two-factor authentication. We rotate service credentials every 24 hours. We run automated dependency scanning on every deploy.
No online service is 100% secure; if we ever identify an incident affecting your data we will notify you and the supervisory authority in line with GDPR Art. 33/34 timelines (72 hours).
12. Automated decisions + profiling
We do not perform solely-automated decision-making that produces legal or similarly significant effects about you. Anti-abuse heuristics (e.g. rate limits) are technical and non-discriminatory.
13. Changes to this policy
We review this policy periodically and will update it when our practices change. For material changes (new data category, new subprocessor, new legal basis) we notify you by email at least 14 days before the change takes effect and reset your consent choices for cookie categories that were affected. The effective date at the top of this page always shows the current version. Past versions are available on request.
14. Contact
info@ripazo.com — for any question, request, or complaint about how we handle your data.
LexMulier Zeist, Netherlands
