Skip to main content

Privacy Policy

Last updated: March 2026

What We Collect

When you create a Nett account, we collect your email address, name, and organization name. To deliver the service, we also process the financial data you choose to enter:

  • Bank balance — entered manually by you. We never connect to your bank or request banking credentials.
  • Recurring costs and commitments — entered manually by you.
  • Stripe revenue data — if you connect Stripe via OAuth, we receive read-only access to your subscription revenue (amounts and customer counts). We cannot charge customers, issue refunds, or access payment methods.

Why We Process Your Data

We process your data under the following legal bases (per GDPR Articles 6 and 9):

  • Contract — your account, financial data, and billing information are processed to deliver the Nett service you signed up for.
  • Consent — analytics cookies (Google Analytics) are only set after you accept cookie consent. Stripe Connect access is granted via OAuth authorization. Email communications beyond transactional are based on your email preferences.

How We Store It

Your data is stored in Supabase (PostgreSQL on AWS us-east-1, USA), encrypted at rest and in transit. We use row-level security (RLS) so your data is only accessible to your account. Payments are processed by Stripe. Our application is hosted on Vercel (USA, with edge functions on global CDN).

Service Providers (Sub-Processors)

We use the following third-party services to operate Nett. Each has a Data Processing Agreement (DPA) in place:

ServicePurposeLocation
SupabaseDatabase, authenticationUS (AWS)
StripePayments, revenue dataUS/EU
VercelHosting, serverless functionsUS (CDN global)
Google AnalyticsProduct analytics (with consent)US/EU
ResendTransactional emailUS

We do not sell, rent, or share your data with anyone outside this list.

Data Retention

  • Account and financial data — retained for the lifetime of your account plus 30 days after deletion.
  • After cancellation — your data is retained for 30 days in case you reactivate, then permanently deleted.
  • Email address (abuse prevention) — after account deletion, we retain a hashed record of your email address to prevent trial abuse. This contains no financial data and cannot be used to contact you.
  • Analytics data — automatically deleted after 90 days.
  • Billing data — retained by Stripe per their retention policy and applicable tax/legal requirements.

Cookies

We use two categories of cookies:

  • Essential — Supabase authentication session. Always active. Required for the service to function. No consent needed.
  • Analytics — Google Analytics. Default: off. Only activated after you accept via the cookie banner. You can withdraw consent at any time by clearing cookies or declining when re-prompted.

Your Rights

Under GDPR (and similar laws), you have the following rights regarding your personal data:

  • Access — request a copy of all data we hold about you.
  • Rectification — correct any inaccurate data (you can do this directly in-app).
  • Erasure — request deletion of your account and all associated data.
  • Portability — receive your data in a structured, machine-readable format.
  • Restriction — request that we pause processing of your data.
  • Objection — opt out of non-essential communications via email preferences in your account settings.

To exercise any of these rights, email hello@nett.fyi. We will respond within 30 days.

International Data Transfers

Nett stores and processes data in the United States. For users in the European Economic Area (EEA), United Kingdom, or Switzerland, data transfers are protected by Standard Contractual Clauses (SCCs) included in our agreements with each sub-processor listed above.

Do Not Sell or Share My Personal Information

Nett does not sell or share your personal information for cross-context behavioral advertising. We do not participate in data broker activities. If you are a California resident (or resident of any US state with similar consumer privacy laws), you have the right to request deletion of your data and to know what data we collect. To exercise these rights, email hello@nett.fyi.

Contact

For privacy questions, data requests, or concerns, email hello@nett.fyi.

If you believe your data rights have not been adequately addressed, you have the right to lodge a complaint with your local data protection supervisory authority.

Changes

If we update this policy, we'll update this page and the date at the top. For material changes, we will notify you by email.