Version 0.1 (pre-launch draft) — last updated 2026-07-04
We process (a) account data about you as a user, and (b) observational data about public internet infrastructure, which is what the product analyses.
Email, organisation, access-key hashes, and usage records (which tools were called, with which parameters, when). Purpose: providing the service, enforcing usage limits, abuse prevention, and product improvement. Query parameters are reduced to theme-level aggregates after 90 days (research confidentiality). We do not sell account or usage data, and query subjects are never disclosed to other customers.
Our dataset is derived from publicly available internet infrastructure signals (DNS configuration, certificates, web server responses) at domain level. Where a domain belongs to a sole proprietor, some of this may constitute personal data under GDPR. We process it under legitimate interest (Art. 6(1)(f)): market research on aggregate infrastructure, with data minimisation — no consumer profiling, no marketing to data subjects, aggregate-level reporting by default.
Your rights: if a domain concerns you, you may request access, correction or objection at [email protected]. Objections are honoured by excluding the domain from analytical output.
Infrastructure runs on our own EU-located hardware behind Cloudflare (CDN/security; EU data residency where available). Payment processing (when launched) by Stripe. No other processors. [Draft note: add processor list + DPA references at launch.]
Account data: life of the account + 12 months. Usage events: 90 days at parameter level, aggregates thereafter. Observational data: retained as the historical record that the product's time-series analysis is built on.
Controller: HostingBrain ApS (under formation), Denmark — [email protected]. CVR published upon registration. You may lodge a complaint with your supervisory authority (Denmark: Datatilsynet).