OutboundrOutboundr
Sign in

Legal

Privacy Policy

Version 1.0 · Last updated: 21 May 2026

1. Data controller

Outboundr is a product of Hagenweb, a sole proprietorship registered in Arnhem, the Netherlands. Hagenweb is the data controller within the meaning of the General Data Protection Regulation (GDPR).

  • CoC number: 97702463
  • VAT number: NL003438808B09
  • Email: max@hagenweb.nl

2. What data do we process?

We process the following categories of personal data:

  • Account data: Name and email address, obtained via Google authentication upon registration.
  • Usage data: Login timestamps, features used and scrape jobs, for the operation of the platform.
  • Lead data: Company names, contacts, phone numbers, email addresses and addresses you enter or import via the scraper. These are data about third parties (your prospects), not about yourself.
  • Payment data: Payment transactions are processed by Stripe. We do not store complete payment details.
  • Technical data: IP address, browser type and session information, solely for security and debugging purposes.

3. Purposes and legal bases

Performance of the agreement

We process your account data to give you access to Outboundr and to deliver the service. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).

Legitimate interest

We process technical data for security, fraud prevention and improvement of the platform. Legal basis: legitimate interests (Art. 6(1)(f) GDPR).

Legal obligation

Invoice data is retained in accordance with Dutch fiscal retention requirements (7 years). Legal basis: legal obligation (Art. 6(1)(c) GDPR).

4. Retention periods

  • Account data: for as long as your account is active + 30 days after deletion.
  • Lead data: for as long as your account is active + 30 days after deletion.
  • Invoice data: 7 years (statutory retention requirement).
  • Technical log data: maximum 90 days.

5. Third parties (sub-processors)

We use the following sub-processors. A data processing agreement has been concluded with each of these parties, or they include standard contractual clauses (SCCs) in their terms:

ClerkAuthentication and session managementUS (SCCs)
VercelPlatform hostingUS/EU (SCCs)
Supabase / PostgreSQLDatabase storageEU
StripePayment processingUS/EU (SCCs)

We do not share your data with other third parties unless legally required.

6. Your rights

Under the GDPR, you have the following rights:

  • Access: You may request what data we process about you.
  • Rectification: You may have incorrect data corrected.
  • Erasure: You may have your account and data deleted.
  • Objection: You may object to processing based on legitimate interests.
  • Data portability: You may request your data in a machine-readable format.
  • Complaint: You may file a complaint with the Dutch Data Protection Authority (autoriteitpersoonsgegevens.nl).

To submit a request, send an email to max@hagenweb.nl. We respond within 30 days.

7. Lead data and GDPR responsibility

The lead data you collect via Outboundr (name, phone, email of prospects) constitutes personal data under the GDPR. You are the data controller for this data. You are therefore personally responsible for having a valid legal basis for outreach (e.g. legitimate interest in B2B communications) and for complying with the Telecommunications Act when making email contact.

Hagenweb acts as processor for the storage of this data and processes it solely on your instruction.

8. Security

We take appropriate technical and organisational measures to secure your data, including encrypted connections (HTTPS/TLS), access controls, and restricted access by staff to production data.

9. Contact

For questions about this privacy policy or a request based on your rights, please contact us at: max@hagenweb.nl