Skip to main content
AphidoAphido

Privacy Policy

Last updated: April 13, 2026

1. Who we are

Aphido is operated by Soulbatical BV, registered in the Netherlands (KvK: 94498369). Contact: privacy@aphido.dev.

2. What data we collect

  • Account data: email address, name (when you sign up)
  • Scan data: URLs you submit for scanning, scan results, timestamps
  • Payment data: processed by Stripe — we never store card numbers
  • Usage data: page views, feature usage (via Sentry error tracking)

3. How we use your data

  • To perform security scans on URLs you submit
  • To generate PDF security reports
  • To manage your account and subscription
  • To improve our scanning engine and fix bugs
  • To send transactional emails (password resets, scan notifications)

4. Legal basis (GDPR)

We process your data based on: (a) your consent when creating an account, (b) contract performance when providing scan services, and (c) legitimate interest for error tracking and service improvement.

5. Data storage and security

Data is stored in Supabase (EU region, eu-west-1) with Row Level Security enabled on all tables. All connections use TLS encryption. We follow the principle of least privilege for data access.

6. Third-party services

  • Supabase — database and authentication (EU)
  • Stripe — payment processing (PCI DSS compliant)
  • Netlify — frontend hosting
  • Railway — backend hosting (EU)
  • Sentry — error tracking (minimal PII)
  • Anthropic (Claude) — AI-generated report introductions (no PII sent)

7. Data retention

Scan results are retained for the lifetime of your account. Free tier scan history is limited to 7 days. You can request deletion of your data at any time.

8. Your rights

Under GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data (data portability)
  • Object to processing
  • Lodge a complaint with the Dutch DPA (Autoriteit Persoonsgegevens)

Contact privacy@aphido.dev to exercise these rights.

9. Cookies

We use essential cookies only: authentication session cookies managed by Supabase Auth. We do not use advertising or tracking cookies.

10. Changes

We may update this policy. Significant changes will be communicated via email to registered users. The latest version is always available at this URL.