Privacy Policy

1. Introduction

thijn.tech ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at thijn.tech and use our services.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our services. By accessing and using thijn.tech, you acknowledge that you have read and understand this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

• Account Registration: Email address, password, and name
• Temporary Accounts: Email address, first name, and last name (for one-time download access)
• Profile Information: Any additional profile details you choose to add
• Contact Form: Name, email, subject, and message when you contact us
• File Uploads: Materials, documents, and media you upload

2.2 Information Collected Automatically

• Log Data: IP address, browser type, operating system, referral source
• Usage Data: Pages visited, time spent, content accessed, downloads
• Cookies: Session tokens for authentication (HTTP-only, secure)
• Device Information: Device type, resolution, operating system

2.3 Information from Third Parties

We do not currently collect information from third parties, but may do so in the future. Any such collection will be disclosed in an updated Privacy Policy.

3. How We Use Your Information

We use your information for the following purposes:

• Account Management: Create and manage your account
• Authentication: Secure login and session management
• Content Delivery: Provide access to resources and exclusive content
• Analytics: Monitor usage patterns and improve our services
• Communication: Respond to contact form enquiries and provide support
• Temporary Account Cleanup: Send deletion notifications when temporary accounts expire
• Security: Detect and prevent fraud, abuse, and unauthorized access
• Legal Compliance: Comply with applicable laws and regulations
• Service Improvement: Develop new features and enhance existing functionality

4. Legal Basis for Processing (GDPR)

Under GDPR and Dutch privacy law (AVG), we process your information based on the following legal grounds:

• Contract: Necessary to perform our service agreement with you
• Legitimate Interests: Necessary for our legitimate business interests (security, fraud prevention, analytics)
• Consent: You have explicitly consented to the processing
• Legal Obligation: Required by law (tax, financial, or other legal requirements)

5. Data Sharing and Disclosure

We do not sell, trade, or rent your information to third parties. Your information may only be shared in the following circumstances:

• Service Providers: Third parties who assist us in operating our website (hosting, email delivery)
• Legal Requirements: When required by law, court order, or government request
• Safety: To protect our rights, privacy, or safety
• Business Transfer: In case of merger or acquisition (with notice to you)

Any third parties we work with are contractually obligated to maintain the confidentiality and security of your information.

6. Temporary Accounts

thijn.tech offers temporary one-time accounts for download access. These accounts:

• Expiry: Automatically expire 24 hours after creation
• Auto-Deletion: Upon expiry, the account and all associated session data are permanently deleted from our systems
• Deletion Notification: An automated email is sent to the address used when the account is deleted
• Deletion Log: A minimal log entry (email, name, deletion timestamp, reason) is retained for 90 days for legal compliance. This log is automatically and permanently purged after 90 days

The 90-day deletion log retention is required under legitimate interests (fraud prevention, audit trail) and complies with GDPR Article 5(1)(e) (storage limitation).

7. Data Security

We implement comprehensive security measures to protect your information:

• Encryption: Passwords hashed with PBKDF2 (10,000 iterations)
• Secure Transmission: HTTPS/SSL for all data transmission
• Secure Cookies: HTTP-only, Secure, SameSite attributes
• Access Control: Limited access to personal data within our organization
• Authentication: JWT-based secure authentication
• Rate Limiting: Protection against brute force attacks

While we strive to use commercially acceptable means to protect your information, no method of transmission over the internet is 100% secure.

8. Your Rights (GDPR)

As a data subject under GDPR, you have the following rights:

• Right to Access: You can request a copy of your personal data
• Right to Rectification: You can correct inaccurate information
• Right to Erasure: You can request deletion of your data (subject to legal obligations)
• Right to Restrict Processing: You can limit how we process your data
• Right to Data Portability: You can receive your data in a portable format
• Right to Object: You can object to certain processing activities
• Right to Withdraw Consent: You can withdraw consent at any time

To exercise any of these rights, please contact us at privacy@thijn.tech. We will respond within 30 days.

9. Data Retention

We retain your personal data only for as long as necessary:

• Account Data: Retained while your account is active
• Temporary Account Data: Deleted upon account expiry (24 hours after creation)
• Temporary Account Deletion Logs: Retained for 90 days, then automatically purged
• Contact Form Submissions: Retained for up to 12 months, then reviewed for deletion
• Login Data: Retained for security purposes (180 days)
• Analytics Data: Retained for 12 months
• Uploaded Content: Retained until deleted by you or up to 7 years (per Dutch legal requirements)

Upon request, we will delete or anonymize your data, except where legal obligations require retention.

10. Children's Privacy

thijn.tech is not intended for children under 13 years of age. We do not knowingly collect information from children under 13. If we become aware that a child under 13 has provided us with personal data, we will delete such information immediately. If you are a parent or guardian and believe your child has provided personal data, please contact us at hello@thijn.tech immediately.

11. Cookies and Tracking

When you first visit thijn.tech, you will see a cookie consent banner. This banner allows you to accept or reject our use of essential cookies.

Essential Cookies (Always Active)

• Authentication Cookie: auth_token (HTTP-only, Secure, SameSite, 7 days)
• Purpose: Keeps you logged in securely
• Security: Cannot be accessed by JavaScript (HTTP-only flag)

Preference Cookies (LocalStorage)

• Cookie Consent: thijn-tech-cookie-consent (Stored in browser localStorage)
• Purpose: Remember your privacy preference (accept/reject)
• Data Stored: Your choice and timestamp

What We DON'T Use

• ❌ No third-party tracking cookies
• ❌ No Google Analytics or similar trackers
• ❌ No advertising cookies
• ❌ No behavioral profiling
• ❌ No cross-site tracking

12. Third-Party Links

thijn.tech may contain links to external websites. We are not responsible for the privacy practices of third-party websites. We encourage you to review their privacy policies before providing any personal information.

13. Data Processing Agreement

For users in the European Union, we comply with GDPR and Dutch privacy law (AVG). A Data Processing Agreement is available upon request for business users.

Contact: legal@thijn.tech

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of our services following the posting of a revised Privacy Policy means that you accept and agree to the changes.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe your rights have been violated.