BridgekitBridgekit

Privacy Policy

Bridgekit is operated by Greenmango, Netherlands. This policy explains what personal data we collect, why we process it, and how we protect it.

Last updated: May 2026

Who we are

Bridgekit is operated by Greenmango, registered in the Netherlands. Greenmango is the data controller for data you provide directly to us, including account data you enter when signing up, billing contact details and usage information generated while you use the service.

Personal data we collect

Account data: name and email address you provide at sign-up, and any contact details you add to your profile. Payment data: billing name, address and VAT number; actual card and bank details are processed by Mollie and never stored on our servers. Usage data: workflow run logs, audit events and connector configuration, all tenant-scoped and encrypted at rest. Technical data: IP address and basic request metadata retained in server logs for up to 30 days for security purposes.

Legal basis for processing

We process account and payment data to perform the contract you have with us (Art. 6(1)(b) GDPR). Security logs and fraud prevention rely on legitimate interests (Art. 6(1)(f) GDPR), balanced against your rights. If we send product updates beyond transactional emails, we rely on your consent (Art. 6(1)(a) GDPR), which you can withdraw at any time.

How long we keep your data

Account and usage data is retained for the duration of your subscription plus 90 days after termination, to allow recovery and handle billing disputes. Audit logs follow the retention schedule of your plan. Server access logs are deleted after 30 days. Tax and invoice records are kept for 7 years as required by Dutch and EU tax law.

Who we share your data with

We use a small number of EU-jurisdiction sub-processors: Hetzner Cloud (Germany) for compute and database hosting; Scaleway (France) for off-site backups and transactional email; Mollie (Netherlands) for payment processing. We do not share personal data with any US-based cloud provider. We do not sell, rent or trade personal data.

Your rights under GDPR

You have the right to access, rectify, erase and port your personal data, and to object to or restrict certain processing. Email privacy@bridgekit.eu to exercise these rights; we respond within 30 days. If you believe we have not handled your data correctly, you may lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

Cookies and tracking

Bridgekit uses Plausible Analytics, a cookieless, privacy-preserving tool hosted in the EU. No advertising or third-party tracking cookies are used. Strictly necessary cookies: session tokens and CSRF tokens, are set when you log in. These cannot be disabled without breaking the application.

Contact

For privacy questions or data subject requests, write to privacy@bridgekit.eu or contact Greenmango in the Netherlands. For formal DPA enquiries, see our Data Processing Agreement page.