Privacy Policy

Last updated: March 31, 2026

1. Who we are

This website and the SEO Report Tool are operated by Thommacc Labs, a sole proprietorship (eenmanszaak) registered in the Netherlands.

Contact: hello@thommacclabs.com

2. What data we collect

  • Account data — name, email address, and hashed password when you register.
  • Report data — the website URLs you submit for analysis and the resulting report content.
  • Payment data — handled entirely by Stripe. We receive a transaction reference and email but never see your card details.
  • Usage data — basic server logs (IP address, browser type, timestamps) for security and diagnostics.

3. Why we process your data

  • To create and manage your account.
  • To generate, store, and deliver your SEO reports.
  • To process payments via Stripe.
  • To send transactional emails (report delivery, receipts).
  • To improve our service and fix issues (legitimate interest).

Legal bases: contract performance (Art. 6(1)(b) GDPR), legitimate interest (Art. 6(1)(f) GDPR).

4. Third-party processors

  • Stripe — payment processing (Stripe Privacy Policy).
  • Resend — transactional email delivery.
  • Vercel / hosting provider , application hosting and CDN.
  • Google PageSpeed API — performance analysis (public data only).

5. Data retention

Account and report data are retained for as long as your account is active. You can request deletion at any time. Payment records are retained for the legally required period (7 years in the Netherlands for tax purposes).

6. Your rights (GDPR)

Under the GDPR you have the right to access, rectify, erase, restrict processing, data portability, and object to processing. To exercise any of these rights, email us at hello@thommacclabs.com. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

7. Cookies

We use only essential cookies required for authentication and session management. No advertising or analytics cookies are used. See our Cookie Policy for details.

8. Security

We use HTTPS encryption, hashed passwords, and role-based access controls. Payment data is handled exclusively by Stripe (PCI DSS compliant). We regularly review our security practices.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or a notice on our website.