Privacy & Cookie Statement

At Eddy, we place a high value on your privacy. This Privacy & Cookie Statement outlines the personal data we collect, the reasons behind it, how we use your information, and the measures we take to safeguard your privacy. Throughout this document, "Eddy" "we" "us" and "our" all refer to our organization.

Purposes

At Eddy, we process your personal data for a variety of purposes. In the following sections, we provide a detailed explanation of why we process certain types of personal data, the legal basis for doing so, and how long we retain your information.

  1. Website visit

During your visit to our website, we process the following personal data:

  • Your IP address
  • Visitor analytics using Fathom's privacy-first analytics
  • Language, country, and pricing settings
  • Cloudflare DDoS protection and analytics

This personal data is only kept as long as you visit the website; if you leave the website, this information is removed. The legal basis for processing this personal data is our legitimate interest in maintaining a website that functions properly and provides an optimal user experience.

  1. Purchasing and using our services

When you purchase and use our services via our website, we will process certain personal data, which may require you to create an account. To set up and maintain your account, we will need the following personal data:

  • Name
  • (Business) telephone number
  • (Business) email address
  • Name of your organization
  • Invoice & payment details
  • Content of correspondence
  • Account information (login credentials)

We require this information as part of our agreement with you and to maintain the relationship resulting from this agreement. We will store this information for the duration of our agreement, and certain information may be retained for a longer period if required by law (such as the legal tax retention period of seven years).

  1. Contact

We provide multiple channels for contacting us, including phone, email, and our contact form. To respond to your inquiries through these channels, we will process the following personal data:

  • Name
  • (Business) email address
  • (Business) telephone number
  • Name of your organization
  • Any additional information you provide to us in your message

We will use this information to effectively handle your request and fulfill our obligations under our agreement with you. We will retain this information until we determine that you are satisfied with our response.

  1. Newsletter

We provide several options for staying up-to-date with the latest news about our company and services, such as subscribing to our newsletter. To send you our newsletter, we will only process your (business) email address, and we will use this information for as long as you remain subscribed to our newsletter. We use the following solution as email sending service:

- Mailcoach (see <https://mailcoach.app/gdpr/>)

Social media and marketing

We maintain an active presence on various third-party platforms, which we use for marketing purposes. Examples of such platforms include Twitter, LinkedIn, and Google. Please note that we do not share your personal data with these platforms, as we highly value your privacy. Additionally, we do not use services like 'Custom Audiences' and 'Tailored Audiences', which require the sharing of customer relationship management (CRM) data.

Anonymization

We may choose to anonymize certain personal data, which involves removing any identifying information so that the data can no longer be attributed to a specific individual. This anonymized data no longer qualifies as personal data and poses no privacy risks.

We have a legitimate interest in anonymizing data, as it enables us to conduct statistical research and improve our website without compromising your privacy.

Third parties

As allowed by law and in accordance with our privacy statement, Eddy may engage third-party providers to deliver certain services. These third-party providers are authorized to use your personal data only for the purposes specified in our privacy statement. Eddy has taken all necessary technical and organizational measures to ensure that your personal data is only used by these third-party providers in accordance with our instructions and for the intended purposes.

Eddy collaborates with several third parties:

  1. Eddy uses OAuth2 to allow users to log in to our platform using their Git account credentials. If you choose to connect your Git account and explicitly agree to the terms and scope specified when connecting the OAuth2 provider, Eddy may also access your public and private repositories on the following Git providers:
  • Github (USA)
  1. Eddy uses an API token and/or username-password combination to interface with several Cloud Providers, but only if the customer chooses to deploy a virtual private server to the selected Cloud Provider. The Cloud Providers we work with for this purpose are:
  • Digital Ocean (USA)
  • Hetzner Cloud (Germany)
  1. Eddy uses the following payment providers for processing payments made by paying customers. Please note that this only applies to paying customers and not to users on the free trial:
  1. We utilize Cloudflare's reverse proxy as a measure of protection against DDoS attacks, which applies to all visitors. This falls under the necessary category since it is crucial in safeguarding our deployment infrastructure.

  2. Our application and SaaS are hosted on servers located at Hetzner, Germany. Their privacy policy, which can be found at https://www.hetzner.com/legal/privacy-policy, provides more information about their security protocols.

Transfer of personal data

Eddy and her (sub-)processors may transfer personal data outside the European Economic Area (EEA) insofar such transfer complies with the applicable privacy legislation, such as the GDPR. Transfer of personal data to companies outside of the EEA depends on which of our services you are using. Please see the information above or contact us if you have any questions.

Cookies

We use functional and analytical cookies to optimize your experience on our website. Functional cookies are necessary for logging into our SaaS service, Eddy. Our analytical tools do not use cookies to track users. Please visit the Fathom website for more information, and refer to Fathom's privacy policy for information on the privacy policies of our analytics solutions.

We retain this personal data for the duration of your website visit and delete it when you leave. We process this data based on our legitimate interest in enhancing and improving our website and services.

Necessary / Functional Cookies

These cookies are necessary for a properly functioning website and do not require an opt in.

Name Provider Purpose Retention Type
eddy_session Eddy Login status 2 hours Necessary
remember_web Eddy Login status 5 years Necessary
XSRF-TOKEN Eddy CSRF protection 2 hours Necessary
paddlejs_campaign_referrer Paddle Paddle Checkout 1 week Necessary

Rights

We respect your rights under the GDPR and your rights may include the following:

  • The right to access
  • The right to correct and supplement
  • The right to be forgotten
  • The right to data portability
  • The right to restriction of processing
  • The right to object to automated decision-making and profiling
  • The right to object to data processing

To exercise your rights or if you have any questions about the way we process your personal data, please use the contact information provided at the end of this privacy statement.

We take your feedback, requests, and complaints seriously and will make every effort to handle them properly. If you are not satisfied with the handling of your request and/or complaint, you have the right to file a complaint with the national authority responsible for supervising compliance with the GDPR. In the Netherlands, this authority is the Autoriteit Persoonsgegevens.

Security measures

Eddy has implemented various technical and organizational security measures to ensure the safety of your personal data. These security measures aim to prevent loss, abuse, unauthorized access or modification. Here are some examples:

  • We use TLS (Transport Layer Security) technology to protect the transmission of personal data through all online channels.
  • All equipment is password-protected.
  • Access to personal data is limited to a need-to-know basis.
  • We strive to comply with standard security norms related to our specific services.
  • We use a secure and properly certified hosting provider, and you can find more information about their system policies on Hetzner's website: https://www.hetzner.com/legal/system-policies/.

Contact details

If you have any questions or concerns about how we process your personal data at Eddy, you can reach out to us using the following contact details:

Changes to the Privacy & Cookie Statement

Eddy may update this Privacy & Cookie Statement from time to time. The latest version of this document was last modified on April 18, 2023. Any changes made to this statement will be posted on this website. It is recommended that you review this statement periodically to stay informed about how we are protecting your personal data.