Skip to main content
Stacklane

Legal

Privacy Policy

May 2026

Stacklane is a small product engineering team in Groningen. We collect very little personal data, only what you give us when you book a discovery call, email us, or work with us as a client. We do not sell or rent your data. This page explains exactly what we collect, why, and what you can do about it.

1. Who we are

Stacklane is the controller of your personal data within the meaning of the EU General Data Protection Regulation (GDPR / Dutch AVG).

Name
Stacklane
Location
Groningen, the Netherlands
KvK
91500982
VAT (BTW)
NL004895851B52
Contact
hello@stacklane.co

We do not have a statutory obligation to appoint a Data Protection Officer. Privacy questions and rights requests reach us directly at hello@stacklane.co.

2. What we collect

We try to collect as little as the job requires. In practice that means three buckets:

  • Website visitors. Aggregated usage data via PostHog (EU instance) so we can see which pages get read. No cross-site tracking, no advertising identifiers. IP addresses are not retained alongside events.
  • Discovery call bookings. Name, work email, company, and any message you include when you book through Cal.com.
  • Clients. Business contact details for the people we work with, project communications (email, chat, design and code review), and billing information needed to invoice you and meet our tax obligations.
  • Email and other inbound contact. Whatever you choose to send us when you email hello@stacklane.co.

We do not knowingly collect personal data from anyone under 16. The site is built for business buyers, not children.

3. Why we collect it (legal bases)

  • Discovery call bookings and email replies: to take steps at your request before entering into a contract (Art. 6(1)(b) GDPR).
  • Service delivery to clients: to perform our contract with you (Art. 6(1)(b)).
  • Invoicing, accounting, and tax records: to comply with Dutch tax law (Art. 6(1)(c)).
  • Aggregated website analytics: legitimate interest in understanding which parts of the site are useful (Art. 6(1)(f)). You can disable analytics by sending a Do-Not-Track signal from your browser; PostHog honours it.

4. Who else touches your data

We use a small number of processors to run the business. Each one signs a data processing agreement. We do not sell, rent, or trade your data, and we do not pass it to advertising networks.

  • PostHog (EU): website and product analytics, hosted in the EU.
  • Cal.com: discovery call scheduling. Cal.com Inc. is US-based and operates under EU Standard Contractual Clauses.
  • Email and document hosting (e.g. Google Workspace or equivalent): correspondence and contract documents.
  • Payment processor and accounting tooling: invoicing and reconciliation. Specific provider named on each invoice.
  • Infrastructure providers used for client projects (e.g. cloud hosting, error monitoring): only where the client engagement makes it necessary, and only with the client's awareness.

We will tell you about any new processor that gets material access to your personal data before we add it.

5. How long we keep it

  • Aggregated website analytics: retained at PostHog's default rolling window. Individual events are not associated with named visitors.
  • Discovery call inquiries that do not become engagements: kept for up to 12 months, then deleted.
  • Active client records (contracts, project files, correspondence): kept for the duration of the engagement plus any active warranty period.
  • Invoices, tax records, and accounting documents: kept for 7 years, as required by Dutch tax law (Algemene wet inzake rijksbelastingen, art. 52).

After the retention period, data is deleted or fully anonymised.

6. International transfers

Some processors are located outside the European Economic Area (notably Cal.com, in the United States). Transfers happen under EU Standard Contractual Clauses (SCCs). We do not transfer personal data to processors in countries without an adequacy decision or SCCs in place.

7. Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you.
  • Have inaccurate data corrected.
  • Have your data erased (where the legal basis allows it).
  • Restrict or object to processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time where consent is the legal basis.

Email hello@stacklane.co and we will respond within 30 days. You also have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

8. Cookies and similar tech

We use only what the site needs to work. PostHog analytics is configured to avoid cross-site identifiers and respects Do-Not-Track. We do not use advertising cookies, retargeting pixels, or session replay on visitors who have not become clients.

9. Security

We use commercially reasonable technical and organisational measures to protect personal data: encrypted storage and transit, access on a need-to-know basis, and 2FA on every account that touches client data. No internet system is perfectly secure; we keep our practices current and document them on request.

10. Changes to this policy

We may update this policy as the business or the law changes. The “Last updated” date at the top reflects the most recent revision. Material changes that affect existing clients will be communicated by email at least 30 days in advance.

11. Contact

Privacy questions, rights requests, or anything else about how we handle your data: email hello@stacklane.co. We answer.

If anything in this policy is unclear, email hello@stacklane.co and we will explain in plain language.