Privacy Policy
Your data. Your rules.
Last updated: February 12, 2026
1 Introduction and Scope
This Privacy Policy ("Policy") governs the collection, processing, storage, and disclosure of personal data by Steadcloud ™, statutory name PeaceWeb B.V., a company registered in the Netherlands at Hedikhuizerweg 7F, 5222 BC 's-Hertogenbosch, Netherlands, registered with the Dutch Chamber of Commerce (Kamer van Koophandel) under number 88526461.
This Policy applies to all personal data collected from clients using Steadcloud services, website visitors, portal users, and individuals engaging with Steadcloud for inquiries or support.
By using our services, you acknowledge and consent to the collection and processing of your personal data as set forth in this Policy, in accordance with Dutch law and the General Data Protection Regulation (GDPR).
2 Data We Collect
2.1 Data Provided by You
Contact Information
Name, email, phone, postal address
Business Information
Company name, KvK number, VAT ID
Account Information
Username, password, authentication credentials
Payment Information
Billing details, payment method, transaction records
2.2 Data Collected Automatically
- • Log Data: IP address, browser type, operating system, access timestamps
- • Usage Data: Pages accessed, session duration, actions performed
- • Cookies: Essential and analytics cookies (see Cookie section)
3 How We Use Your Data
We process your personal data for the following purposes, each grounded in a legal basis under GDPR:
Service Provision
Delivering services, account management, billing, and support.
Security & Fraud Prevention
Detecting and preventing fraud, unauthorized access, or abuse.
Legal Compliance
Complying with Dutch and EU laws, tax obligations, and legal requests.
Marketing Communications
Sending updates and promotional content (with your explicit consent).
4 Disclosure of Personal Data
We share your personal data only with trusted third-party processors who assist in delivering our services. Each processor is bound by a Data Processing Agreement and processes data only on our documented instructions.
4.1 Sub-Processors
Stripe
USA (SCCs)Payment processing and billing
Mollie
NetherlandsPayment processing (iDEAL, Bancontact, etc.)
PostHog
EUProduct analytics and usage insights
Front
USA (SCCs)Customer support and communication
Cloudflare
Global (SCCs)CDN, DDoS protection, DNS security
Datacenter Providers
EU (Netherlands)Physical infrastructure hosting
4.2 Marketing Partners (Consent-Based)
Google Analytics and Google Ads conversion tracking
Microsoft
Consent RequiredMicrosoft Advertising and Microsoft Clarity
4.3 Legal Disclosure
We may disclose personal data to law enforcement, regulatory authorities, or courts when required by Dutch or EU law, or to protect our legitimate interests in legal proceedings. We do not sell your personal data to third parties.
5 Data Retention
We retain your personal data only as long as necessary for the purposes described in this Policy:
Account Data
Duration of account + 30 days
Billing Records
7 years (Dutch tax law)
Support Tickets
3 years after resolution
Log Data
90 days
6 Your Rights
Under GDPR, you have the following rights regarding your personal data:
Right of Access (Art. 15)
Request a copy of your personal data and information about how it is processed
Right to Rectification (Art. 16)
Correct inaccurate or incomplete personal data
Right to Erasure (Art. 17)
Request deletion of your data, subject to legal retention obligations
Right to Restrict Processing (Art. 18)
Request limitation of processing while accuracy or lawfulness is contested
Right to Data Portability (Art. 20)
Receive your data in a structured, machine-readable format
Right to Object (Art. 21)
Object to processing based on legitimate interests or direct marketing
Right to Withdraw Consent (Art. 7)
Withdraw consent at any time without affecting prior lawful processing
Right to Lodge a Complaint
File a complaint with the Autoriteit Persoonsgegevens (Dutch DPA)
How to Exercise Your Rights: Contact us at privacy@steadcloud.com. We will respond to your request within 30 days. We may request verification of your identity before processing your request.
7 Data Security
We implement industry-standard security measures to protect your data:
- ✓ TLS 1.3 encryption for all data in transit
- ✓ AES-256 encryption for data at rest
- ✓ Multi-factor authentication available
- ✓ Regular security audits and penetration testing
- ✓ EU-based data centers (Netherlands)
8 Cookies and Tracking
We use cookies and similar tracking technologies to enhance your experience. Our cookie usage includes:
Essential Cookies
Required for authentication, security, and basic functionality. Cannot be disabled.
Analytics Cookies
Help us understand how visitors use our website. Can be disabled via cookie settings.
Preference Cookies
Remember your settings and preferences. Optional.
Marketing Cookies
Used only with your consent for advertising purposes.
You can manage cookie preferences through your browser settings or our cookie consent banner. Our use of cookies complies with the ePrivacy Directive (2002/58/EC as amended by 2009/136/EC) and the Dutch Telecommunications Act (Telecommunicatiewet). Non-essential cookies are only placed with your prior consent.
9 International Data Transfers
All primary data storage and processing occurs within the European Union (Netherlands). We do not transfer your personal data outside the EU/EEA unless absolutely necessary and with appropriate safeguards:
- ✓ Standard Contractual Clauses (SCCs) approved by the EU Commission
- ✓ Adequacy decisions for recipient countries
- ✓ Binding Corporate Rules where applicable
Our infrastructure is explicitly designed to keep data within the EU to ensure GDPR compliance and avoid US CLOUD Act exposure. Where transfers to the USA are necessary (e.g., Stripe, Front), we rely on EU Standard Contractual Clauses with supplementary measures in accordance with the Schrems II ruling (CJEU C-311/18).
10 Data Breach Notification
In the event of a personal data breach, we follow the procedures mandated by GDPR:
Supervisory Authority Notification (Art. 33)
We notify the Autoriteit Persoonsgegevens within 72 hours of becoming aware of a breach that is likely to result in a risk to individuals' rights and freedoms.
Data Subject Notification (Art. 34)
When a breach is likely to result in a high risk to your rights and freedoms, we will notify affected individuals without undue delay, describing the nature of the breach, likely consequences, and measures taken.
For business customers who use Steadcloud as a data processor, breach notification timelines are governed by our Data Processing Agreement.
11 Children's Privacy
Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.
12 Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or through a prominent notice on our website at least 30 days before taking effect. Your continued use of services after changes take effect constitutes acceptance of the updated Policy.
13 Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Dutch Data Protection Authority:
Autoriteit Persoonsgegevens
Bezuidenhoutseweg 30, 2594 AV Den Haag, Netherlands
Website: autoriteitpersoonsgegevens.nl
Phone: +31 (0)70 888 8500
You may also contact the European Data Protection Board (EDPB) at edpb.europa.eu for cross-border data protection matters.
14 Contact Information
For privacy-related inquiries, contact our Data Protection team:
Privacy Inquiries: privacy@steadcloud.com
Legal Requests: legal@steadcloud.com
General Support: support@steadcloud.com
Steadcloud ™ (statutory name: PeaceWeb B.V.)
Hedikhuizerweg 7F, 5222 BC 's-Hertogenbosch, Netherlands
KvK: 88526461 | VAT: NL864668788B01