Privacy Policy & GDPR
Last updated: May 2026
1. Who we are
Klaxo is a personal subscription management service built for the European market. For any privacy-related matter, contact us at privacy@klaxo.app.
2. What data we collect
- Account data: name, email address, and (for password accounts) a bcrypt-hashed password.
- Subscription data: service names, amounts, currencies, billing cycles, and renewal dates that you enter manually.
- Billing data: your Stripe customer ID and subscription ID. We never store full card numbers — Stripe handles all payment data.
- Usage analytics: anonymous, cookieless page-view data via Plausible. No personal identifiers, no cross-site tracking.
3. Why we collect it (legal bases)
- Contract performance (Art. 6(1)(b) GDPR): to provide the Klaxo service you signed up for.
- Legitimate interest (Art. 6(1)(f) GDPR): to detect abuse and improve the service using aggregated, anonymous analytics.
- Consent (Art. 6(1)(a) GDPR): for optional email alerts — you can disable them at any time in Settings.
4. How we use your data
- To display your subscription dashboard and calculate spending totals in EUR.
- To send renewal alert emails and monthly summary emails (opt-out available in Settings).
- To process payments via Stripe.
- We never sell your data or share it with advertisers.
5. Sub-processors
| Service | Purpose | Location |
|---|---|---|
| Supabase | Database (PostgreSQL) | EU (Frankfurt) |
| Vercel | Hosting & serverless functions | EU (Dublin) |
| Stripe | Payment processing | EU (Ireland) |
| Resend | Transactional email | EU region |
| Plausible | Anonymous analytics | EU (Germany) |
6. Data retention
Your data is retained for as long as your account is active. When you delete your account (Settings → Delete account), all personal data is permanently removed from our database within 30 days. Anonymised analytics data is retained indefinitely.
7. Your rights under GDPR
As a data subject in the EU/EEA you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — correct inaccurate data (available directly in Settings).
- Erasure — delete your account and all associated data.
- Portability — export your subscriptions as CSV (Pro feature).
- Objection / Restriction — object to or restrict certain processing.
- Withdraw consent — disable email alerts at any time in Settings.
To exercise any of these rights, email privacy@klaxo.app. We will respond within 30 days.
8. Cookies
Klaxo uses a single session cookie required for authentication. We use no advertising cookies and no third-party tracking cookies. Plausible analytics is cookieless.
9. Security
All data is encrypted in transit (TLS 1.3) and at rest. Passwords are hashed with bcrypt (12 rounds). We conduct periodic security reviews.
10. Contact
For privacy and GDPR enquiries: privacy@klaxo.app
For general support: support@klaxo.app
Website: www.klaxo.app