Checkout ShieldBack to App
Legal

Privacy Policy

Last updated: April 2026

1. Data Controller

The data controller responsible for your personal data is:

Ezzon (trading as Ezzon Trust Solutions)

Weigeliaplein 37, 2563PH Den Haag, Netherlands

KvK (Chamber of Commerce): 89179013

Email: checkout-shield@ezzon.nl

2. What Data We Collect

Account Information:

  • -Full name, email address when you register (via email/password or Google/LinkedIn OAuth)
  • -Profile information: display name, business name, business URL, company logo

Inspection Data:

  • -Property inspection reports you create (property name, inspector name, notes)
  • -Photos uploaded during inspections
  • -Precise GPS coordinates and timestamps associated with inspections

Payment Data:

  • -Billing information processed by Stripe (we do not store your card details)
  • -Subscription status and payment history

Technical Data:

  • -Browser type, device information, operating system
  • -IP address
  • -Usage analytics (only with your consent — see Section 7)

3. Purpose and Legal Basis

Under GDPR Article 6, we process your data on the following legal bases:

Contract performance (Art. 6(1)(b)): Creating and managing your account, generating inspection reports and certificates, processing payments, providing customer support.

Consent (Art. 6(1)(a)): Analytics cookies (PostHog), marketing communications. You can withdraw consent at any time (see Section 8).

Legitimate interest (Art. 6(1)(f)): Error monitoring (Sentry) to maintain service stability, fraud prevention, service improvement using aggregated anonymous data.

Legal obligation (Art. 6(1)(c)): Retaining payment records as required by Dutch tax law (7 years).

4. Third-Party Recipients

We do not sell your personal data. We share data with the following processors:

ServicePurposeLocation
SupabaseDatabase, authentication, file storageEU (Frankfurt)
StripePayment processingEU / US (SCCs)
PostHogProduct analytics (consent-based)EU (Frankfurt)
SentryError monitoringEU (Frankfurt)
ResendTransactional email deliveryUS (SCCs)
VercelHosting and CDNEU / US (SCCs)

All processors are bound by Data Processing Agreements (DPAs). For US-based services, Standard Contractual Clauses (SCCs) approved by the European Commission are in place to ensure adequate data protection.

5. International Data Transfers

Your data is primarily stored in the EU (Frankfurt). Where transfers to countries outside the EEA are necessary (Stripe, Resend, Vercel), we rely on EU-approved Standard Contractual Clauses (SCCs) as the transfer mechanism under GDPR Article 46(2)(c).

6. Data Retention

  • -Account data: Retained while your account is active, deleted within 30 days of account deletion request.
  • -Inspection reports & photos: Retained per your plan (Free: 3 days, Pro: 90 days, Business: unlimited). Deleted reports are permanently removed within 30 days.
  • -Payment records: Retained for 7 years as required by Dutch tax regulations (Belastingdienst).
  • -Technical logs: Retained for a maximum of 90 days, then permanently deleted.
  • -Analytics data: Retained for 12 months in PostHog, then automatically deleted.

7. Cookies and Tracking

Checkout Shield uses the following types of cookies:

  • -Strictly necessary cookies: Authentication session cookies (Supabase). These are essential for the Service to function and do not require consent.
  • -Analytics cookies: PostHog product analytics cookies. These are only activated after you give explicit consent via the cookie banner. You can withdraw consent at any time.

We do not use advertising cookies or share data with ad networks.

8. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

  • -Right of access (Art. 15) — obtain a copy of your personal data
  • -Right to rectification (Art. 16) — correct inaccurate data
  • -Right to erasure (Art. 17) — request deletion of your data
  • -Right to restrict processing (Art. 18) — limit how we process your data
  • -Right to data portability (Art. 20) — receive your data in a machine-readable format
  • -Right to object (Art. 21) — object to processing based on legitimate interests
  • -Right to withdraw consent (Art. 7(3)) — withdraw consent at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at checkout-shield@ezzon.nl. We will respond within 30 days.

9. Right to Complain

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Dutch Data Protection Authority:

Autoriteit Persoonsgegevens

Postbus 93374, 2509 AJ Den Haag

Website: autoriteitpersoonsgegevens.nl

Phone: +31 (0)70 888 85 00

10. Automated Decision-Making

Checkout Shield does not use automated decision-making or profiling that produces legal effects or similarly significant effects on you.

11. Security

We implement industry-standard security measures including TLS encryption in transit, encrypted data storage, secure authentication (OAuth 2.0 + JWT), and regular security reviews. All infrastructure runs in EU data centers. However, no system is 100% secure and we cannot guarantee absolute security.

12. Children's Privacy

The Service is not intended for users under the age of 16 (in accordance with Dutch GDPR implementation). We do not knowingly collect data from children under 16.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or a prominent notice within the Service at least 14 days before changes take effect.

14. Contact

For privacy-related questions, data access requests, or complaints:

Ezzon — Checkout Shield

Email: checkout-shield@ezzon.nl

Address: Weigeliaplein 37, 2563PH Den Haag, Netherlands

KvK: 89179013

Terms of ServiceBack to App