Privacy statement

1. Who is responsible for your data?

Noxtrack is a sole proprietorship of Esmee Peters, established in the Netherlands (Chamber of Commerce no.: 88332217). In this statement we refer to ourselves as 'Noxtrack', 'we', or 'us'.

For questions about this statement or about your personal data, you can reach us at hello@noxtrack.com.

2. What data we process

We process as little personal data as possible. Specifically:

• Email address and language preference — when you sign up for the waitlist.
• Pseudonymised behavioural data — when you consent to analytics: page views, session duration, device and browser information, geographic region at city level.
• Technical log data — IP address and user-agent are processed temporarily by our hosting provider for security and debugging.

3. Why we process this data

Each processing activity has a purpose and a legal basis under the GDPR:

• Waitlist sign-up: to inform you when Noxtrack becomes available and to grant you access — basis: performance of your request (art. 6(1)(b) GDPR).
• Analytics via Google Analytics 4: to understand which parts of the site work and improve the site — basis: your consent (art. 6(1)(a) GDPR). You can withdraw consent at any time via the cookie statement.
• Hosting and security: to keep the site safe and available — basis: legitimate interest (art. 6(1)(f) GDPR).

4. How long we keep your data

We don't keep data longer than necessary:

• Waitlist sign-ups are kept until you unsubscribe or for up to 24 months after Noxtrack becomes publicly available.
• Analytics data is kept by Google for up to 14 months.
• Server logs are usually deleted by the hosting provider within 30 days.

5. Who we share data with

We don't sell your data. We do rely on a number of processors to deliver the service. We have a data processing agreement with each of them:

• Brevo (Sendinblue SAS, France) — for managing waitlist sign-ups and email communication. Processing within the EU.
• Google Ireland Ltd. (Google Analytics 4) — for website statistics based on your consent. Data may be transferred to the United States under the EU–US Data Privacy Framework.
• Netlify, Inc. — for hosting the website. Transfer to the United States under the EU–US Data Privacy Framework, with appropriate safeguards.

6. Transfers outside the EU

Some processors (Google, Netlify) are based in the United States. Transfers take place under the EU–US Data Privacy Framework, supplemented by standard contractual clauses where needed. We prefer EU-based processors and EU data centres wherever possible.

7. Your rights

Under the GDPR, you have a number of rights regarding your personal data:

• Access — request which data we hold about you.
• Rectification — have inaccurate data corrected.
• Erasure — have your data deleted ('right to be forgotten').
• Restriction — temporarily pause processing.
• Objection — object to processing based on legitimate interest.
• Data portability — receive your data in a common format.
• Withdraw consent — withdraw consent (e.g. for analytics) at any time, without affecting prior processing.

Send a request to hello@noxtrack.com. We respond within 30 days.

8. Security

We take appropriate technical and organisational measures to protect your data: encrypted connections (TLS), access controls, and carefully selected processors with demonstrable security standards.

9. Complaints

Have a complaint about how we handle your data? Please contact us first at hello@noxtrack.com — we'd like to resolve it. You also have the right to lodge a complaint with the Dutch Data Protection Authority (autoriteitpersoonsgegevens.nl).

10. Changes

We may update this statement when needed, for example when adding new functionality or new processors. The most recent version is always on this page, with the date of last update at the top.