Who we are
Bridgekit is operated by Greenmango, registered in the Netherlands. Greenmango is the data controller for data you provide directly to us, including account data you enter when signing up, billing contact details and usage information generated while you use the service.
Personal data we collect
Account data: name and email address you provide at sign-up, and any contact details you add to your profile. Payment data: billing name, address and VAT number; actual card and bank details are processed by Mollie and never stored on our servers. Usage data: workflow run logs, audit events and connector configuration, all tenant-scoped and encrypted at rest. Technical data: IP address and basic request metadata retained in server logs for up to 30 days for security purposes.
Legal basis for processing
We process account and payment data to perform the contract you have with us (Art. 6(1)(b) GDPR). Security logs and fraud prevention rely on legitimate interests (Art. 6(1)(f) GDPR), balanced against your rights. If we send product updates beyond transactional emails, we rely on your consent (Art. 6(1)(a) GDPR), which you can withdraw at any time.
How long we keep your data
Account and usage data is retained for the duration of your subscription plus 90 days after termination, to allow recovery and handle billing disputes. Audit logs follow the retention schedule of your plan. Server access logs are deleted after 30 days. Tax and invoice records are kept for 7 years as required by Dutch and EU tax law.
Who we share your data with
We use a small number of EU-jurisdiction sub-processors: Hetzner Cloud (Germany) for compute and database hosting; Scaleway (France) for off-site backups and transactional email; Mollie (Netherlands) for payment processing. We do not share personal data with any US-based cloud provider. We do not sell, rent or trade personal data.
Your rights under GDPR
You have the right to access, rectify, erase and port your personal data, and to object to or restrict certain processing. Email privacy@bridgekit.eu to exercise these rights; we respond within 30 days. If you believe we have not handled your data correctly, you may lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
Cookies and tracking
Bridgekit uses Plausible Analytics, a cookieless, privacy-preserving tool hosted in the EU. No advertising or third-party tracking cookies are used. Strictly necessary cookies: session tokens and CSRF tokens, are set when you log in. These cannot be disabled without breaking the application.
Contact
For privacy questions or data subject requests, write to privacy@bridgekit.eu or contact Greenmango in the Netherlands. For formal DPA enquiries, see our Data Processing Agreement page.