Privacy Policy

1. Who we are

The controller responsible for personal data processed via this website is [Operator legal entity], [Registered address] (the “operator”, “we”, “us”). For full company details, see our Imprint. You can reach us about any privacy matter at [email protected].

2. What data we collect

• Review submissions. The content of your review, the star rating, and any details you choose to include (such as your display name and the product concerned). You may optionally attach proof of interaction (for example a redacted statement or dashboard screenshot). Proof is stored privately, used solely to verify authenticity, and is never published or shown alongside your review.
• Business enquiry data. If you submit a business or contact form, we process the information you provide — typically your name, email address, company and message — to respond to your request.
• Server logs. Like most websites, our hosting provider automatically records technical data such as your IP address, browser type, the pages requested and timestamps. This is used to operate, secure and troubleshoot the service.

3. Legal basis for processing

We process personal data under the following legal bases of GDPR Article 6(1):

• Consent — Art. 6(1)(a). When you voluntarily submit a review (including any optional proof you upload).
• Contract / pre-contract — Art. 6(1)(b). When you contact us or a business about our services and we act on your request.
• Legitimate interests — Art. 6(1)(f). To operate, secure and improve the platform, prevent fraud and abuse, and maintain the integrity of our reviews and TrustScores.

4. Cookies and tracking

We currently use no advertising or tracking cookies and no third-party analytics that profile you. We rely only on strictly necessary functionality required for the site to work. If this ever changes, we will update this policy and seek consent where the law requires it.

5. Data retention

Published reviews are retained for as long as the review remains on the platform. Optional proof of interaction is retained only as long as needed to verify a review and to defend the integrity of our scores, after which it is deleted. Business enquiry correspondence is kept for as long as needed to handle your request and to meet any legal obligations. Server logs are kept for a limited period for security and operational purposes.

6. Third-party processors

We share data only with the processors needed to run the service, under appropriate data processing terms:

• GitHub, Inc. — powers our review submission and content pipeline.
• Vercel Inc. — provides hosting and content delivery for the website.

Where a processor transfers data outside the EU/EEA, such transfers are made under appropriate safeguards (for example the EU Standard Contractual Clauses).

7. Your rights

Under GDPR Articles 15–21, you have the right to:

• Access (Art. 15) — obtain a copy of the personal data we hold about you.
• Rectification (Art. 16) — have inaccurate data corrected.
• Erasure (Art. 17) — request deletion of your data, subject to legal limits.
• Restriction (Art. 18) — limit how we process your data in certain cases.
• Portability (Art. 20) — receive your data in a structured, machine-readable format.
• Objection (Art. 21) — object to processing based on our legitimate interests.

You also have the right to withdraw consent at any time and to lodge a complaint with a supervisory authority.

8. How to exercise your rights

To make any request, email [email protected]. We may need to verify your identity before acting, and we will respond within the timeframes required by law.

9. Changes to this policy

We may update this policy from time to time. Material changes will be reflected here with an updated “Last updated” date above.