Privacy Policy for setupapp.io

1. About us

This privacy policy explains how setupapp.io collects and processes personal data when you join our waiting list. Under the EU General Data Protection Regulation (GDPR), we must inform individuals in clear, plain language about what data we process, why, and for how long. We must identify ourselves and provide contact.

  • Data controller: Tudor Cristea, Schaatsbaan 95A, 3013AR, Rotterdam, The Netherlands.

  • Contact email: contact@setupapp.io

2. What personal data we collect

We only collect data that is necessary to operate our waiting list. When you join the waiting list, we collect:

  • Email address.

  • Consent indicator. We record whether you checked the agreement box on the sign‑up form.

We do not intentionally collect sensitive personal data. We do not use cookies or tracking technologies beyond those necessary to operate the sign‑up form.


3. Why we collect your data (purpose and legal basis)

We process your data for specific purposes and only when we have a legal basis:

  1. Waiting‑list management (consent). We use your email address to register your interest and notify you when our product is available. Your consent is given when you check the agreement box on the sign‑up form.

  2. Marketing communication (consent). If you agree to receive updates or promotional emails, we will use your email address to send you news about our product. You can withdraw your consent at any time (email contact@setupapp.io)

  3. Compliance with legal obligations. We may process data to comply with legal requirements or respond to lawful requests.

We do not collect more data than is necessary for these purposes, and we do not use the data for purposes other than those listed here.

4. How we use and share your data

Internal use. We store your data in our customer‑relationship systems solely to manage the waiting list and send communications. Only authorised employees and contractors who need the data to perform their duties have access.

  • Third‑party services. We may use service providers (e.g., email‑marketing platforms) to send emails. These providers act as data processors on our behalf. We ensure they offer adequate protections and sign data‑processing agreements as required by the GDPR.

  • No sale of data. We do not sell or rent your data to third parties. We will only disclose data if required by law or to enforce our legal rights.

5. International transfers

Our main servers are located in the European Economic Area (EEA). If we transfer your data outside the EEA (for example, to a mailing‑list provider in another country), we will ensure that the recipient country provides an adequate level of data protection or we will implement appropriate safeguards such as standard contractual clauses.

6. Data retention

We keep personal data only as long as necessary. Your email address and consent record will be retained while you remain on the waiting list and for a reasonable period after we inform you about the product, unless you ask us to delete it. We will delete or anonymise data once it is no longer needed for the purposes described above.

7. Security

We take appropriate technical and organisational measures to secure personal data. These include using secure servers (HTTPS), access controls, encryption, and regular software updates. Despite these measures, no system is completely secure; if we detect a data breach involving your data with a serious risk to your rights, we will notify the Dutch Data Protection Authority and affected individuals as required by law.

8. Your rights

Under the GDPR, you have several rights regarding your personal data. We must ensure that you can easily exercise them:

  • Access: You can request a copy of the data we hold about you.

  • Rectification: You can ask us to correct inaccurate or incomplete data.

  • Erasure: You can ask us to delete your data (the “right to be forgotten”).

  • Restriction: You can request that we limit the processing of your data.

  • Withdrawal of consent: You can withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

  • Data portability: You can request that we transfer your data to you or another organisation.

  • Object: You can object to processing based on legitimate interests or direct marketing.

To exercise any of these rights, contact us using the details in Section 1. If you believe we are not handling your data properly, you can lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

9. Links to other websites

Our website may contain links to third‑party websites (e.g., our legal page or social‑media profiles). We are not responsible for the privacy practices of these websites. When you leave our site, we encourage you to read the privacy statements of every website you visit.

10. Changes to this privacy policy

We may update this privacy policy to reflect changes in our practices or legal requirements. When we do, we will publish the updated policy on this page and indicate the date of the last update. If changes are significant, we will notify waiting‑list members by email.

Last updated: 28.09.2025