Privacy Policy

1. Introduction

DanLabs ("we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website (danlabs.me) and services.

We comply with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable data protection laws of Malta.

2. Data Controller

The data controller responsible for your personal data is:

3. Data We Collect

We collect the following categories of personal data:

3.1 Account Information

• Display name
• Email address
• Password (hashed, never stored in plain text)
• Authentication provider information (e.g. Google OAuth)

3.2 Project Request Information

• Business name and industry
• Website URLs and social media links
• Project requirements (features, pages, budget, timeline)
• Contact preferences and phone number
• Style preferences and reference materials

3.3 Technical Data

• IP address
• Browser type and version
• Device information
• Pages visited and interaction data

3.4 Payment Data

• Payment transactions are processed by Stripe — we do not store credit card numbers, CVVs, or full payment card details on our servers
• We retain transaction IDs and billing metadata for record-keeping

4. Legal Basis for Processing

We process your personal data under the following legal bases (Article 6 GDPR):

• Consent — when you create an account and agree to these terms
• Contractual necessity — to provide services you have requested or paid for
• Legitimate interest — for security, fraud prevention, and service improvement
• Legal obligation — to comply with applicable laws and regulations

5. How We Use Your Data

• To create and manage your account
• To process and respond to project requests
• To process payments and manage subscriptions
• To communicate about your projects and services
• To send marketing emails about features, offers, and promotions (with your consent)
• To improve our website and services
• To detect and prevent fraud or security threats
• To comply with legal obligations

6. Data Storage & Security

Your data is stored securely using the following infrastructure:

• Database — Supabase (PostgreSQL) with Row Level Security (RLS) policies
• File Storage — Cloudflare R2 with signed URLs and access controls
• Authentication — Supabase Auth with bcrypt password hashing
• Hosting — Cloudflare Pages with edge-level security
• Payments — Stripe with PCI DSS Level 1 compliance

All data is transmitted over HTTPS/TLS encryption. We implement rate limiting, input validation, and other security measures to protect against unauthorised access.

7. Data Sharing

We do not sell your personal data. We may share data with the following third-party processors:

• Supabase — authentication and database services
• Cloudflare — hosting, CDN, and file storage
• Stripe — payment processing
• Google — OAuth authentication (if you sign in with Google)

Each processor has their own privacy policy and GDPR compliance measures. We may also disclose data when required by law or to protect our legal rights.

8. Cookies & Tracking

We use essential cookies for:

• Authentication session management
• Security tokens (CSRF protection)

We do not use advertising or third-party tracking cookies. We do not use Google Analytics or similar tracking services.

9. Data Retention

• Account data — retained while your account is active, deleted within 30 days of account deletion request
• Project requests — retained for the duration of the business relationship plus 6 years for legal compliance
• Payment records — retained for 7 years as required by tax law
• Technical logs — retained for up to 90 days

10. Your Rights (GDPR)

Under the GDPR, you have the following rights:

• Right of access — request a copy of your personal data
• Right to rectification — request correction of inaccurate data
• Right to erasure — request deletion of your personal data ("right to be forgotten")
• Right to restriction — request restriction of processing
• Right to data portability — receive your data in a structured format
• Right to object — object to processing based on legitimate interest
• Right to withdraw consent — withdraw consent at any time

To exercise any of these rights, contact us at hello@danlabs.me. We will respond within 30 days.

11. Marketing Communications

By creating an account, you consent to receive marketing communications from DanLabs. You can withdraw this consent at any time by:

• Clicking "unsubscribe" in any marketing email
• Contacting us at hello@danlabs.me

Withdrawing marketing consent does not affect transactional communications related to your account or active services.

12. International Transfers

Your data may be processed by third-party services located outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.

13. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a minor, we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the Service. The "Last updated" date at the top reflects the most recent revision.

15. Supervisory Authority

If you are not satisfied with our handling of your data, you have the right to lodge a complaint with the Information and Data Protection Commissioner (IDPC) of Malta:

16. Contact

For any privacy-related enquiries, contact us at:

hello@danlabs.me