Privacy Policy
Last updated: May 2026
1. Controller
2. Principles
Toolpulse processes personal data only to the extent necessary for the operation of the service. We use exclusively EU-based infrastructure. Cookies are only set with explicit consent.
3. Hosting — Vercel EU (fra1)
Toolpulse is hosted on Vercel Inc. servers in the Europe (Frankfurt, Germany) region. Vercel processes technically necessary data on each page request (IP address, timestamp, requested URL, HTTP headers). This data is required for the operation and security of the service. A data processing agreement (DPA) with Vercel is in place. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure operation).
4. Database — Supabase EU (Frankfurt)
We use Supabase as our database service on servers in Frankfurt, Germany (AWS eu-central-1). Supabase stores user data (email address on registration, subscription status) and editorial content (tool profiles, scores). For authenticated users, session tokens are stored in HTTP-only cookies. A data processing agreement is in place. Legal basis: Art. 6(1)(b) GDPR (contract performance) for customer data.
5. Authentication
Toolpulse offers two authentication methods for the vendor dashboard:
Magic Link (Email)
When requesting a magic link, the entered email address is processed via Supabase and a one-time link is sent via Brevo (EU Paris). The email address is stored in the user database. Legal basis: Art. 6(1)(b) GDPR.
Google OAuth
When signing in with Google, name and email address are transmitted from Google to Supabase. Google is a US-based provider; data transfer is based on Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR. You can avoid this login method by using the Magic Link instead.
6. Analytics — Plausible (cookie-free)
We use Plausible Analytics (Plausible Insights OÜ, Estonia — EU). Plausible sets no cookies, collects no personal data, and creates no user profiles. Only aggregated page view statistics are collected (page views, referrer, device class). The IP address is neither stored nor shared. No consent is required. More information: plausible.io/data-policy.
7. Payment processing — Stripe
Payments are processed via Stripe, Inc. (USA). When completing a paid subscription, payment data (credit card data, billing address) is transmitted directly to Stripe and processed there. Toolpulse does not store complete payment data. Stripe is a US-based provider; data transfer is based on Standard Contractual Clauses (SCCs). Stripe is PCI-DSS certified. Legal basis: Art. 6(1)(b) GDPR. Stripe privacy policy: stripe.com/privacy.
8. Transactional email — Brevo (EU)
For sending transactional emails (magic links, confirmations) we use Brevo SAS (formerly Sendinblue), Paris, France. Brevo processes only email address and timestamp. Servers: EU (Paris). A data processing agreement is in place. Legal basis: Art. 6(1)(b) GDPR.
9. Cookies
Toolpulse sets cookies only in the following cases:
sb-auth-token
Authentication session (HTTP-only, Secure)
Legal basis: Contract performance · Duration: Session / max. 1 week
Analytics cookies: none (Plausible is cookie-free). Marketing cookies: none.
10. Your rights
You have the following rights regarding your personal data:
To exercise your rights, contact: paulo.fernandes@axxento.com
11. Retention
User data (email, subscription status) is stored for the duration of the contractual relationship and deleted within 30 days thereafter, unless statutory retention obligations apply. Server logs are automatically deleted after 30 days.
12. Data security
All transmission is exclusively encrypted (HTTPS/TLS). Authentication tokens are transmitted as HTTP-only cookies and are protected from JavaScript access. Our infrastructure providers (Vercel, Supabase) hold SOC 2 certifications.
13. Changes to this policy
We reserve the right to update this privacy policy when our service or the legal situation changes. The date of the last update is shown above. For material changes, we will notify registered users by email.
Last updated: May 2026 · Toolpulse / axxento · paulo.fernandes@axxento.com