Last updated: 2026-05-09
Privacy Policy
This Privacy Policy describes how GRW5 (operated by Rogier van Wagtendonk, sole proprietor, Breda, Netherlands) collects, uses, and protects personal data when you use grw5.com and related services.
This policy is governed by the General Data Protection Regulation (GDPR) and Dutch law.
1. Data Controller
Rogier van Wagtendonk
Breda, Netherlands
Email: rogier.vwagtendonk@gmail.com
2. Data We Collect
2.1 Account and assessment data
- Name and email address (required to access free tools and guides)
- Assessment responses (Cognitive Style Scan, GRW5 business scan)
- Payment information (processed by Stripe; GRW5 does not store card data)
2.2 Usage and behavioral data
- Pages visited, time on page, feature interactions (via PostHog)
- Browser type, operating system, approximate location (IP-derived)
- Ad interaction data (via Meta Pixel and Conversions API)
2.3 Communications
- Email address for transactional and newsletter messages
- Any information you provide when contacting us directly
3. Legal Basis for Processing
- Contract (Art. 6(1)(b) GDPR) - processing necessary to deliver paid assessments and services you purchase
- Legitimate interest (Art. 6(1)(f) GDPR) - product analytics to improve the platform
- Consent (Art. 6(1)(a) GDPR) - marketing emails; you can withdraw consent at any time via the unsubscribe link in every email
4. How We Use Your Data
- To create and manage your account
- To deliver assessment results and guides you requested
- To send transactional emails (results, receipts, access links)
- To send newsletters and product updates (opt-in only)
- To improve the platform through behavioral analytics
- To measure advertising effectiveness
5. Retention
We retain your personal data for as long as your account is active or as necessary to provide services. Assessment data is retained for the lifetime of your account so you can access historical results. You may request deletion at any time (see section 7).
Financial records (invoices) are retained for 7 years to comply with Dutch tax law (Belastingdienst).
6. Sub-processors
We share data with the following third-party service providers. Each is bound by GDPR-compatible data processing agreements.
| Processor | Purpose | Data shared | Privacy policy |
|---|---|---|---|
| Meta Platforms | Advertising - Pixel + Conversions API for ad performance measurement | Email (hashed), browsing events, conversion events | facebook.com/privacy/policy |
| PostHog | Product analytics - page views, feature usage, behavioral events | Pseudonymous user ID, event data, browser/OS metadata | posthog.com/privacy |
| Lettermint | Transactional email delivery (scan results, receipts, newsletters) | Email address, name, email content | lettermint.co/privacy |
| Supabase | Database and authentication (account data, assessment results) | Account information, assessment responses, session tokens | supabase.com/privacy |
| OpenAI | AI-assisted scan analysis - LLM processing of assessment responses | Assessment responses (pseudonymized where possible); retained per OpenAI's data retention policy | openai.com/policies/privacy-policy |
| Cloudflare | CDN and hosting (OpenNext deployment) | IP addresses, request metadata (standard CDN logs) | cloudflare.com/privacypolicy |
| Stripe | Payment processing | Payment card data, billing address, purchase amount | stripe.com/privacy |
We do not sell your personal data to third parties.
7. Your GDPR Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15) - Request a copy of the personal data we hold about you.
- Right to rectification (Art. 16) - Request correction of inaccurate or incomplete personal data.
- Right to erasure (Art. 17) - Request deletion of your personal data. We will honor this request unless we are legally required to retain certain records.
- Right to data portability (Art. 20) - Receive your data in a structured, machine-readable format.
- Right to object (Art. 21) - Object to processing based on legitimate interest, including profiling for direct marketing.
- Right to lodge a complaint - File a complaint with the Dutch supervisory authority: Autoriteit Persoonsgegevens ( autoriteitpersoonsgegevens.nl).
To exercise any of these rights, contact us at rogier.vwagtendonk@gmail.com. We will respond within 30 days.
8. Cookies and Tracking
GRW5 uses cookies and similar tracking technologies for:
- Session management (authentication cookies - strictly necessary)
- Product analytics (PostHog - can be declined)
- Advertising measurement (Meta Pixel - can be declined)
You can control cookies through your browser settings. Disabling analytics or advertising cookies will not affect your ability to use core platform features.
9. International Data Transfers
Some sub-processors operate outside the European Economic Area (EEA). Where data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission to ensure an equivalent level of protection.
10. Children's Privacy
GRW5 is intended for users aged 18 and older. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us so we can delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of GRW5 after the effective date constitutes acceptance of the revised policy.
12. Contact
Questions or requests regarding this Privacy Policy:
Rogier van Wagtendonk
Breda, Netherlands
rogier.vwagtendonk@gmail.com