1. Introduction
WeSolidify B.V. (KvK: 99809826) ("WeSolidify", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (wesolidify.com), use our SolidScore platform (the "Platform"), or otherwise interact with our services.
We are based in the Netherlands and comply with the General Data Protection Regulation (GDPR), the Dutch Implementation Act of the GDPR (Uitvoeringswet AVG), and other applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) where applicable.
This Privacy Policy should be read together with our Terms of Service and our Data Processing Agreement (DPA), which governs our processing of personal data on behalf of our customers.
Data Controller: WeSolidify B.V. (KvK: 99809826), registered in the Netherlands. Depending on the context, we may act as a data controller or a data processor.
1.1 Our Role
Depending on the context, WeSolidify may act either as a data controller or as a data processor under applicable data protection law.
- We act as data controller for personal data relating to website visitors, account holders, billing contacts, support communications, security and usage data, and other personal data we process for our own business operations.
- We act as data processor when we process personal data on behalf of our customers through the Platform, including customer-uploaded or customer-collected prospect, lead, client, or other business contact data processed through reports, widgets, integrations, and related platform features.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, company name, phone number, and password when you create an account.
- Billing Information: Payment card details, billing address, and VAT number. Payment details are processed directly by our payment provider (Stripe) and are not stored on our servers.
- Profile Information: Profile picture, job title, and preferences you choose to provide.
- Communications: Messages, support tickets, and feedback you send us.
- API Credentials: Credentials for third-party tools that you connect to our platform. These are stored encrypted and used solely to retrieve data on your behalf.
- Lead Data: Information entered into the leads workspace or captured through embeddable widgets, which may include names, email addresses, phone numbers, and domain information of your prospects.
2.2 Information Collected Automatically
- Usage Data: Pages visited, features used, reports generated, actions taken, and time spent on the platform.
- Device Information: IP address, browser type and version, operating system, and device identifiers.
- Log Data: Server logs including access times, referring URLs, and error logs.
- Cookies and Similar Technologies: See Section 8. WeSolidify does not currently use cookies or similar tracking technologies.
2.3 Information from Third Parties
- Connected Tool Data: Data retrieved from third-party tools you connect to the Platform, processed as necessary to provide, maintain, and secure the service features you use, including report generation and related workflows.
- Payment Provider: Transaction status and payment confirmations from Stripe.
3. How We Use Information
3.1 Service Delivery
- Provide, maintain, and improve our platform
- Generate reports based on connected tool data
- Process payments and manage subscriptions
- Provide customer support and respond to inquiries
3.2 Communication
- Send service-related notifications (account updates, billing, security alerts)
- Send marketing communications (only with your explicit consent, and you may opt out at any time)
- Respond to your requests and feedback
3.3 Improvement and Analytics
- Analyze usage patterns to improve our services and develop new features
- Monitor platform performance and stability
- Conduct aggregated, anonymized research and analytics
3.4 Security and Compliance
- Detect and prevent fraudulent or unauthorized activity
- Enforce our Terms of Service
- Comply with legal obligations
4. Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds under Article 6(1) of the GDPR:
| Legal Basis | Description | Examples |
|---|---|---|
| Performance of Contract | Processing necessary to provide our services under the Terms of Service | Account management, report generation, billing, customer support |
| Legitimate Interests | Processing necessary for our legitimate business interests, where not overridden by your rights | Platform improvement, analytics, fraud prevention, security monitoring |
| Consent | Processing based on your freely given, specific, and informed consent | Marketing communications, optional analytics cookies |
| Legal Obligation | Processing necessary to comply with applicable laws | Tax records, fraud reporting, regulatory compliance |
Where we rely on legitimate interests, we have conducted a balancing assessment to ensure our interests do not override your fundamental rights and freedoms.
5. Data Sharing
We do not sell your personal data. We may share information with the following categories of recipients:
5.1 Service Providers (Sub-Processors)
We engage trusted third-party service providers to help us deliver our services. These providers process data on our behalf under contractual obligations to protect your data:
| Provider | Purpose | Data Location | Safeguards |
|---|---|---|---|
| Stripe | Payment processing | EU | DPA in place |
| DigitalOcean | Cloud hosting and infrastructure | EU (Frankfurt) | DPA in place |
| Amazon Web Services | Email delivery (transactional) | EU (Frankfurt) | DPA in place |
A complete and up-to-date list of sub-processors is maintained and available upon request.
5.2 Connected Third-Party Tools
To provide the Platform, we may access, process, and where necessary temporarily store data from third-party tools you connect. We use this data only as necessary to provide, maintain, and secure the services and features you use. We may use aggregated, anonymized data derived from platform usage to improve our services, provided such data cannot be used to identify any individual or customer. Your relationship with those third-party providers is governed by their own terms and privacy policies.
5.3 Legal Requirements
We may disclose information if required by law, court order, or governmental authority, or where we reasonably believe disclosure is necessary to protect our rights, your safety, or the safety of others, or to investigate fraud.
5.4 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and ensure the receiving party is bound by equivalent data protection obligations.
6. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption: All data is encrypted in transit (TLS) and at rest.
- Access Controls: Role-based access controls and multi-factor authentication for internal systems.
- Infrastructure: Hosted on DigitalOcean with data centers located in the European Union (Frankfurt).
- Monitoring: Security monitoring and incident detection systems.
- Backups: Regular encrypted backups with geographic redundancy.
- Assessments: Periodic security assessments and reviews.
Security Notice: While we implement strong security measures, no method of electronic transmission or storage is completely secure. We encourage you to use strong passwords and protect your account credentials.
7. Your Rights
Under the GDPR (and UK GDPR where applicable), you have the following rights regarding your personal data:
Right to Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your data, subject to legal retention.
Right to Restrict Processing
Request limitation of processing in certain circumstances.
Right to Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing for legitimate interests or direct marketing.
Right to Withdraw Consent
Withdraw consent at any time without affecting prior processing.
To exercise any of these rights, please contact us at Click to reveal email. We will respond to your request within one month of receipt. If the request is complex or we receive a large number of requests, we may extend this period by a further two months and will inform you of any extension within the first month.
You also have the right to lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens.
9. Data Retention
We retain your data only for as long as necessary to fulfill the purposes described in this Privacy Policy and to comply with our legal obligations:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Data | Duration of account and up to 30 days following account closure or termination | Service delivery and account recovery |
| Generated Reports | For the duration of the subscription, subject to the retention limits of the selected plan and customer deletion actions | Service delivery |
| Billing Records | 7 years | Dutch tax law (fiscale bewaarplicht) |
| Usage Logs | 90 days | Security and operational purposes |
| Support Tickets | 2 years after resolution | Service quality and dispute resolution |
| Lead Data | Duration of account plus 30 days after deletion | Managed by customer (data controller) |
After the applicable retention period expires, data will be securely deleted or anonymized.
10. International Data Transfers
We seek to host customer data primarily within the European Union and use service providers that support EU data hosting where available.
Some service providers or their affiliates may, depending on the service provided, process limited personal data outside the European Economic Area ("EEA"). Where such transfers occur, we implement appropriate safeguards as required by applicable law, including where appropriate:
- Standard Contractual Clauses approved by the European Commission
- Data Processing Agreements with relevant service providers
- Reliance on adequacy decisions where applicable
We will update this Privacy Policy to reflect material changes to our international data transfer practices.
11. Data Processed on Behalf of Our Customers
When our customers use our platform, they may input or collect personal data relating to their own clients and prospects (for example, through the leads workspace or embeddable widgets). In this context:
- Our customer is the data controller and determines the purposes and means of processing this data.
- WeSolidify is the data processor and processes this data solely on the customer's behalf and in accordance with their instructions.
The processing of this data is governed by our Data Processing Agreement (DPA), which is incorporated into the Terms of Service and accepted at the time of account registration.
If you are a prospect or lead whose data has been processed through our platform by one of our customers, please direct any data subject requests (access, correction, deletion) to the relevant agency or business that collected your information. If you need assistance identifying the relevant party, you may contact us at Click to reveal email and we will help where reasonably possible.
12. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you, as described in Article 22 of the GDPR. Scoring and grading within the Platform is applied to website and SEO performance data, not to individuals.
13. Updates to This Policy
We may update this Privacy Policy from time to time. When we make changes:
- We will update the "Last updated" date at the top of this page
- For material changes, we will notify you via email or a prominent notice on our platform
- We encourage you to review this policy periodically
The updated Privacy Policy will apply from the effective date shown in the revised version. Where required by law, or where changes are material, we will provide additional notice through email or a prominent notice on our website or Platform.
14. Contact Information
For privacy-related inquiries or to exercise your data protection rights:
WeSolidify B.V.
KvK: 99809826
Meeuwenplein 19-H
1022 BK Amsterdam
The Netherlands
Email: Click to reveal email
Website: wesolidify.com