Privacy policy
How your personal data is collected, used, and protected.
1. Data controller
GrabYourSite is a product of Babylon Optima B.V., a company registered in the Netherlands. Babylon Optima B.V. is the data controller responsible for processing your personal data as described in this privacy policy.
| Company | Babylon Optima B.V. |
|---|---|
| Country | The Netherlands |
| Website | grabyoursite.com |
| Contact email | info@grabyoursite.com |
2. What data is collected
Only the data necessary to deliver the service is collected. When you submit the claim form, the following personal data is collected:
- Business name — to identify your business and personalize your one-pager design.
- Email address — to send you the preview of your one-pager and communicate about your order.
- Industry / business type — to tailor the design and content to your sector.
- Website URL (optional) — to research your existing online presence and extract relevant business information for the redesign.
Automatically collected data
When you visit the website, the hosting provider (Cloudflare) may automatically collect basic technical data such as your IP address, browser type, and referral URL. This data is processed by Cloudflare for security and performance purposes and is not used for tracking or profiling.
Data not collected
No sensitive personal data is collected (such as health data, political opinions, or biometric data). No tracking cookies, advertising pixels, or third-party analytics tools are used. No data is purchased from third parties or data brokers.
3. How your data is used
Your personal data is used for the following purposes:
- Service delivery — to research your business, generate your AI-powered one-pager redesign, and deliver the preview to you via email.
- Communication — to send you the preview link, order confirmations, and respond to your inquiries. Email is the primary communication channel.
- Payment processing — if you choose to claim your one-pager, to process your payment securely through Stripe.
- Service improvement — in aggregated, anonymized form, to improve AI models and service quality. Individual data is never used for this purpose without anonymization.
Your personal data is never sold to third parties. Your data is never used for purposes incompatible with the ones listed above without notifying you and, where required, obtaining your consent.
4. Legal basis for processing (GDPR)
Under the General Data Protection Regulation (GDPR), your personal data is processed on the following legal bases:
| Purpose | Legal basis |
|---|---|
| Generating and delivering your one-pager preview | Performance of a contract (Art. 6(1)(b) GDPR) — necessary to provide the service you requested |
| Processing payment after you claim your site | Performance of a contract (Art. 6(1)(b) GDPR) |
| Sending order-related emails (preview, confirmation) | Performance of a contract (Art. 6(1)(b) GDPR) |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f) GDPR) — protecting the service and its users |
| Compliance with legal obligations (e.g. tax records) | Legal obligation (Art. 6(1)(c) GDPR) |
5. Data sharing with third parties
Your personal data is shared only with the third-party service providers necessary to deliver the service. Your data is never sold, rented, or traded. Each provider processes data only for the purpose described and is bound by their own privacy policies and, where applicable, data processing agreements.
| Provider | Purpose | Data shared |
|---|---|---|
| Cloudflare | Website hosting, CDN, and DDoS protection | IP address, browser metadata (automatic, for security) |
| Supabase | Database storage (EU region) | Business name, email, industry, website URL |
| Anthropic (Claude AI) | AI-powered research and one-pager generation | Business name, industry, website URL (no email address) |
| Resend | Transactional email delivery | Email address, business name |
| Stripe | Payment processing | Email address, payment details (entered directly on Stripe) |
Personal data may also be disclosed if required by law, court order, or governmental request, or to protect the rights, property, or safety of Babylon Optima B.V., its users, or the public.
6. Data storage and retention
Where your data is stored
Your personal data is stored within the European Union. The database is hosted on Supabase in the EU region, and the website and application are served via Cloudflare's EU infrastructure. Personal data is not intentionally transferred outside the EU/EEA. Where sub-processors may process data outside the EU (e.g. Anthropic, Stripe), appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or adequacy decisions.
How long your data is kept
- Unclaimed leads — if you submit the form but do not claim or purchase, your data is retained for a maximum of 12 months, after which it is deleted.
- Active customers — your data is retained for the duration of the service relationship plus the legally required retention period for financial records (7 years in the Netherlands for tax purposes).
- Generated one-pagers — HTML files are stored on Cloudflare R2 (EU) and retained for the duration of the service. Unclaimed one-pagers are deleted after 12 months.
You may request deletion of your data at any time (see section 11). Your request will be fulfilled within 30 days, unless certain records must be retained by law.
7. Your rights under GDPR
As a data subject, you have the following rights under the GDPR. You may exercise any of these rights by contacting us at info@grabyoursite.com.
- Right of access (Art. 15) — you can request a copy of the personal data we hold about you.
- Right to rectification (Art. 16) — you can ask us to correct inaccurate or incomplete personal data.
- Right to erasure (Art. 17) — you can request that we delete your personal data, subject to legal retention obligations.
- Right to restrict processing (Art. 18) — you can ask us to limit how we process your data in certain circumstances.
- Right to data portability (Art. 20) — you can request your data in a structured, machine-readable format.
- Right to object (Art. 21) — you can object to processing based on legitimate interests.
Your request will be answered within 30 days. If more time is needed, you will be informed of the extension and the reasons for it.
If you believe that your rights have been violated, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl, or with the supervisory authority in your country of residence.
8. Cookies and local storage
GrabYourSite does not use cookies for tracking, advertising, or analytics. No third-party cookies are placed on your device.
A single localStorage item is used to remember your language preference (English or Dutch). This is strictly functional and does not involve personal data. You can clear it at any time through your browser settings.
| Item | Type | Purpose | Duration |
|---|---|---|---|
gys-lang |
localStorage | Stores your language preference (en/nl) | Until manually cleared |
Because no tracking cookies are used, no cookie consent banner is required. If this changes in the future, this policy will be updated and appropriate consent mechanisms will be implemented.
9. Data security
Appropriate technical and organizational measures are in place to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption in transit — all data transferred between your browser and the servers is encrypted using TLS/SSL (HTTPS).
- Encryption at rest — the database provider (Supabase) encrypts stored data at rest.
- Access control — access to personal data is restricted to authorized personnel and secured with authentication tokens.
- Webhook verification — all incoming webhooks (e.g. from Stripe, Resend) are verified using HMAC signatures to prevent tampering.
No method of transmission or storage is 100% secure. If you become aware of a security vulnerability, please contact info@grabyoursite.com.
10. Changes to this policy
This privacy policy may be updated from time to time to reflect changes in practices, technology, legal requirements, or other factors. When material changes are made, the "Last updated" date at the top of this page will be updated.
For significant changes that affect how your personal data is processed, reasonable efforts will be made to notify you, for example via email if you are an existing customer.
11. Contact
If you have questions about this privacy policy, want to exercise your rights, or have a complaint about how your data is handled, please reach out:
| Entity | Babylon Optima B.V. |
|---|---|
| info@grabyoursite.com | |
| Website | grabyoursite.com |
All inquiries receive a response within 30 days.