Privacy Statement

Privacy Statement: Privacy Notice for Starnus Technology B.V.

Our Commitment to Privacy

1. Scope

This Privacy Notice explains how Starnus Technologies B.V. ("Starnus", "we", "us" or "our") handles personal data when you:

• visit http://starnustech.com ,

• use any Starnus software—including web, desktop, or mobile applications, browser extensions, command‑line tools, APIs, or SDKs—(collectively the “Services”),

• create a Starnus account as an individual professional or on behalf of a company, or

• deal with us as a client, supplier, or contractor.

The notice applies worldwide and is drafted to meet the requirements of the EU General Data Protection Regulation (GDPR) and other applicable laws.

2. Who is responsible for your data?

Starnus Technologies B.V. is the data controller. Our business address is Het Eeuwsel 57, 5612 AS Eindhoven, The Netherlands.
Email: info@starnustech.com.

We are not required to appoint a statutory Data Protection Officer because our core activities do not involve large‑scale processing of special‑category data or systematic monitoring of individuals. Questions about this Notice can be sent to the email address above.

3. Personal data we collect

Data you provide to us

• Account information – name, email address, password (hashed), billing country, optional company name and VAT ID.

• Payment information – tokenised card details, the last four digits of your card, currency and amount (processed by Stripe; we never store full card numbers).

• Workspace and configuration data – names and descriptions of projects, agent configurations, API keys you generate, integration settings, and other preferences you create within our developer tools or apps.

• Integration data – OAuth tokens, connection metadata, and the specific content (e.g., database records, files, browser tabs) that you authorise Starnus or third‑party agents to retrieve from your own apps, services, databases, or devices so they can perform tasks on your behalf.

• User content – prompts you submit to the Services, files or images you upload, and outputs returned by Starnus or third‑party agents and tools.

• Communications – emails, messages, or other information you send to us, including support tickets.

Data we collect automatically

• Log and usage data – IP address, browser type, device identifiers, timestamps, feature use (including API endpoints called, agent or tool identifiers invoked), credit balance, error logs.

• Device information – operating system, device type, application version, and settings.

• Approximate location – derived from your IP address to protect your account and maintain service quality.

• Cookies and similar technologies – small files placed on your device for authentication, analytics, and personalisation. Cookie consent and preferences are managed through Cookiebot.

Data from other sources

• Log and usage data – IP address, browser type, device identifiers, timestamps, feature use, credit balance, error logs.

• Device information – operating system, device type, and settings.

• Approximate location – derived from your IP address to protect your account and maintain service quality.

• Cookies and similar technologies – small files placed on your device for authentication, analytics, and personalisation. Cookie consent and preferences are managed through Cookiebot.

Data from other sources

We may receive information from trusted partners, such as fraud‑prevention and marketing vendors, to protect the Platform and reach potential customers.

We do not intentionally collect special‑category data. If you include such data in prompts or files, you confirm you have a lawful basis to share it.

4. How and why we use personal data

We use your data to:

1. Provide and maintain the Services (Platform, apps, APIs, tools, and third‑party integrations you connect, including access to data from your linked apps, databases, or browsers) – create your account, allocate 2,000 free credits per month, process purchases of 10,000‑credit bundles, and route prompts to Starnus or third‑party AI agents and tools.

2. Improve and develop our services – debug, conduct research, and analyse aggregated usage to enhance features and security.

3. Communicate with you – send transactional messages (e.g., payment confirmations, critical updates) and, with your consent, marketing emails.

4. Ensure safety and integrity – detect fraud, enforce our terms, and protect users.

5. Comply with legal obligations – tax, accounting, and know‑your‑customer requirements.

Our legal bases under Article 6 GDPR are contract performance, legitimate interests, consent, and compliance with legal obligations, as appropriate for each purpose above.

5. Disclosure of personal data

We share personal data only as necessary:

• Service providers – Stripe for payments, cloud‑hosting partners, email delivery services, security monitoring vendors, and support tools that process data under our instructions.

• Third‑party AI agents, tools, integration partners, and app developers – when you enable or invoke them, we share the prompt, relevant context, connection tokens, and minimal account details or data chunks required for functionality. Each acts as our processor under GDPR and must protect your data.

• Business transfers – in the event of a merger or acquisition, data may transfer to the successor entity subject to this Notice.

• Legal and safety – where required by law or to protect rights, safety, or property.** – where required by law or to protect rights, safety, or property.

We do not sell personal data.

6. International transfers

Where personal data are transferred outside the European Economic Area, we rely on European Commission standard contractual clauses or countries deemed to provide an adequate level of protection, and we implement additional safeguards where necessary.

7. Cookies and similar technologies

All cookies on the Platform are managed through the Cookiebot consent‑management service. Cookiebot groups cookies into four categories—Necessary, Preferences, Statistics, and Marketing—and presents these categories so you can give or withdraw consent granularly. Necessary cookies are always active to enable core site functions; the other categories are set only with your explicit consent. You can adjust your preferences at any time via the Cookiebot banner or the cookie‑settings link in the footer. 

8. Data retention

We retain personal data only for as long as needed to fulfil the purposes described:

• Data for active accounts are stored while the account remains open.

• When you delete your account, we permanently erase or irreversibly anonymise personal data within 30 days, except for limited records we must keep for legal reasons, such as invoices, which Dutch law requires us to store for seven years.

• Security logs are kept for up to five years to detect fraud or establish or defend legal claims before being anonymised or deleted.

9. Your rights

Under GDPR you can request to access, correct, erase, or transfer your data, restrict or object to certain processing, and withdraw consent at any time. To exercise your rights, email info@starnustech.com. We will respond within one month and may verify your identity before acting on the request. You can also lodge a complaint with the Dutch Data Protection Authority or your local regulator.

10. Security

We ensure end‑to‑end data privacy through encryption in transit, encryption at rest, role‑based access controls, regular penetration testing, and robust internal security policies. These measures follow recognised best‑practice guidance on safeguarding information systems. 

11. Children

The Platform is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us so we can delete it.

12. Changes to this Notice

We may update this Privacy Policy from time to time. When we do, we will publish an updated version and effective date on this page, unless another type of notice is required by applicable law.

© 2025 Starnus Technologies B.V.