1. Introduction
WeSolidify B.V. (KvK: 99809826), ("WeSolidify", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our SolidScore platform, or otherwise interact with our services.
We are based in the Netherlands and comply with the General Data Protection Regulation (GDPR), the Dutch Implementation Act of the GDPR (Uitvoeringswet AVG), and other applicable data protection laws, including the UK GDPR where applicable.
This Privacy Policy should be read together with our Terms of Service and our Data Processing Agreement (DPA), which governs our processing of personal data on behalf of our customers.
Data Controller: WeSolidify B.V. (KvK: 99809826), registered in the Netherlands. Depending on the context, we may act as a data controller or a data processor.
1.1 Our Role
- We act as data controller for personal data relating to website visitors, account holders, billing contacts, support communications, security and usage data, and other data we process for our own business operations.
- We act as data processor when we process personal data on behalf of our customers through the Platform, including customer-uploaded or customer-collected prospect, lead, client, or other business contact data processed through reports, widgets, integrations, and related platform features.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, company name, phone number, and password when you create an account.
- Billing Information: Payment card details, billing address, and VAT number. Payment details are processed directly by Stripe and are not stored on our servers.
- Profile Information: Profile picture, job title, and preferences you choose to provide.
- Communications: Messages, support tickets, and feedback you send us.
- API Credentials: Credentials for third-party tools that you connect to our platform. These are stored encrypted and used solely to retrieve data on your behalf.
- Lead Data: Information entered into the leads workspace or captured through embeddable widgets, which may include names, email addresses, phone numbers, and domain information of your prospects.
2.2 Information Collected Automatically
- Usage Data: Pages visited, features used, reports generated, actions taken, and time spent on the platform.
- Device Information: IP address, browser type and version, operating system, and device identifiers.
- Log Data: Server logs including access times, referring URLs, and error logs.
- Cookies and Similar Technologies: See Section 7 for details on our cookie usage.
2.3 Information from Third Parties
- Connected Tool Data: Data retrieved from third-party tools you connect to the Platform, processed as necessary to provide, maintain, secure, troubleshoot, and improve the service features you use.
- Payment Provider: Transaction status and payment confirmations from Stripe.
3. How We Use Information
3.1 Service Delivery
- Provide, maintain, and improve our platform
- Generate reports based on connected tool data
- Process payments and manage subscriptions
- Provide customer support and respond to inquiries
3.2 Communication
- Send service-related notifications (account updates, billing, security alerts)
- Send marketing communications only with your explicit consent
- Respond to your requests and feedback
3.3 Improvement and Analytics
- Analyze usage patterns to improve our services
- Develop new features and functionality
- Conduct aggregated, anonymized research and analytics
3.4 Security and Compliance
- Detect and prevent fraudulent or unauthorized activity
- Enforce our Terms of Service
- Comply with legal obligations
Legal Basis (GDPR): We process your data on the basis of performance of contract, legitimate interests, consent, and legal obligations, depending on the specific processing activity.
4. Data Sharing
4.1 Service Providers
- Stripe: Payment processing (EU)
- DigitalOcean: Cloud hosting and infrastructure (EU, Frankfurt)
- Amazon Web Services: Transactional email delivery (EU, Frankfurt)
A complete and up-to-date list of sub-processors is maintained and available upon request.
4.2 Connected Third-Party Tools
To provide the Platform, we may access, process, and where necessary temporarily store data from third-party tools you connect. We use this data only as necessary to provide, maintain, secure, troubleshoot, and improve the services and features you use.
4.3 Legal Requirements
We may disclose information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
4.4 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred. We will notify you of any such change and ensure the receiving party is bound by equivalent data protection obligations.
5. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption: All data is encrypted in transit (TLS) and at rest.
- Access Controls: Role-based access controls and multi-factor authentication for internal systems.
- Infrastructure: Hosted on DigitalOcean with data centers located in the European Union (Frankfurt).
- Monitoring: Security monitoring and incident detection systems.
- Backups: Regular encrypted backups with geographic redundancy.
- Assessments: Periodic security assessments and reviews.
Security Notice: While we implement strong security measures, no method of electronic transmission or storage is completely secure. We encourage you to use strong passwords and protect your account credentials.
6. Your Rights (GDPR)
Under GDPR, you have the following rights regarding your personal data:
Right to Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data, subject to legal retention requirements.
Right to Restrict Processing
Request limitation of processing in certain circumstances.
Right to Portability
Receive your data in a structured, commonly used, machine-readable format.
Right to Object
Object to processing based on legitimate interests or for direct marketing purposes.
To exercise these rights, contact us at Click to reveal email. You also have the right to withdraw consent at any time where processing is based on consent.
You also have the right to lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens.
8. Data Retention
We retain your data only for as long as necessary to fulfill the purposes described in this Privacy Policy and to comply with our legal obligations:
- Account Data: Duration of the account and up to 30 days following account closure or termination.
- Generated Reports: For the duration of the subscription, subject to the retention limits of the selected plan and customer deletion actions.
- Billing Records: 7 years under Dutch tax law.
- Usage Logs: 90 days for security and operational purposes.
- Support Tickets: 2 years after resolution.
- Lead Data: Duration of the account plus 30 days after deletion, managed by the customer as data controller.
After the applicable retention period expires, data will be securely deleted or anonymized.
9. International Transfers and Customer Data
We seek to host customer data primarily within the European Union and use service providers that support EU data hosting where available.
Some service providers or their affiliates may, depending on the service provided, process limited personal data outside the European Economic Area. Where such transfers occur, we implement appropriate safeguards as required by applicable law, including:
- Standard Contractual Clauses approved by the European Commission
- Data Processing Agreements with relevant service providers
- Reliance on adequacy decisions where applicable
9.1 Data Processed on Behalf of Our Customers
When our customers use our platform, they may input or collect personal data relating to their own clients and prospects, for example through the leads workspace or embeddable widgets. In this context, our customer is the data controller and WeSolidify is the data processor.
If you are a prospect or lead whose data has been processed through our platform by one of our customers, please direct any data subject requests to the relevant agency or business that collected your information. If you need assistance identifying the relevant party, you may contact us and we will help where reasonably possible.
10. Contact Information
For privacy-related inquiries or to exercise your rights:
We aim to respond to privacy-related inquiries without undue delay and in line with applicable data protection law.
11. Updates to This Policy
We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top of this page and, for material changes, notify you via email or a prominent notice on our platform.
We encourage you to review this policy periodically. Where required by law, or where changes are material, we will provide additional notice through email or a prominent notice on our website or Platform.