Disclosyr
FR
ENFRNL

Privacy Policy

Last updated: April 2026 · Governed by GDPR (Regulation (EU) 2016/679)

1. Controller

The data controller is the operator of Disclosyr, based in Belgium. Contact details are on the Imprint page.

2. Data we collect

  • Account data: email address, name (optional), locale preference. Collected when you register.
  • Subscription data: Stripe customer ID, subscription tier. Processed via Stripe. We do not store card numbers.
  • Usage analytics: anonymous ID (cookie), session ID, page path, paywall interaction events. No name, email, or IP address is stored in analytics tables. Legal basis: Art. 6(1)(f) GDPR (legitimate interest: product improvement).
  • Auth sessions: session tokens stored in Postgres, associated with your user ID.

3. Cookies

We set the following first-party cookies:

  • disclosyr_aid — anonymous ID (UUID), 1-year expiry. Used solely to link pre-signup sessions to your account on registration. Not shared with third parties.
  • next-auth.session-token — authentication session. Session-scoped or 30 days.

We do not use advertising cookies, third-party tracking cookies, or cross-site identifiers.

4. Third-party processors

  • Stripe — payment processing. DPA in place. Data transferred under SCCs.
  • Resend — transactional email. Receives your email address to deliver magic links and digests.
  • Hetzner — VPS hosting (Germany, EU). All data stored in the EU.

5. Your rights

Under GDPR you have the right to: access your data, correct inaccurate data, erase your data (right to be forgotten), restrict processing, data portability, and object to processing on legitimate interest grounds.

To exercise any right, contact us via the Imprint page. We will respond within 30 days. You also have the right to lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit).

6. Retention

Account data is retained until you request deletion. Analytics events are retained for 24 months. Stripe data is governed by Stripe's own retention policy.

7. Changes

We will notify registered users by email of material changes to this Policy at least 30 days before they take effect.