Legal
Privacy Policy
Effective April 4, 2025 · Papertrail B.V. · Amsterdam, Netherlands
What we collect
We collect the minimum necessary to operate the service.
- Web app accounts: email address, organisation name, and usage logs (number of API calls, verification events). Provided directly by you at sign-up.
- Mobile app: a random cryptographic device identifier generated on your device and stored locally. Used solely to verify the device is legitimate (App Attest / Play Integrity). We never receive your name, email, or location through the mobile app.
- Server logs: standard request metadata (IP address, timestamp, endpoint). Retained for up to 30 days for security monitoring.
How we use it
- To provide and operate the service (embedding watermarks, verifying images).
- To enforce rate limits and prevent abuse.
- To send transactional emails (magic-link sign-in, billing receipts). No marketing emails without explicit opt-in.
Who can see it
We do not sell, share, or rent your data to third parties. Sub-processors with access to personal data:
- Neon — database hosting (EU region)
- Upstash — Redis cache (EU region)
- Vercel — hosting and serverless functions
- Resend — transactional email
All sub-processors are subject to data processing agreements compliant with GDPR.
Your rights (GDPR)
If you are in the EU / EEA you have the right to access, correct, export, or delete your personal data at any time. Email privacy@usebitfrost.com and we will respond within 30 days.
You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
Retention
- Account data: retained while your account is active, deleted within 30 days of account closure.
- Verification logs: retained for 1 year, then anonymised.
- Server logs: deleted after 30 days.
Cookies
The web app uses a single session cookie to keep you signed in. No advertising or analytics cookies are set.
Changes
Material changes will be communicated by email at least 14 days in advance. The effective date at the top of this page is updated on each revision.
Questions: privacy@usebitfrost.com