Privacy Policy

1. Controller

SVENLOL is the controller responsible for the personal data described in this policy. SVENLOL is registered with the Dutch Chamber of Commerce under KvK number 99917947.

This policy applies to the SVENLOL panel, subscriptions, connected services, integrations, billing, support, security logging, and related digital services.

Where a third-party service, platform, payment provider, or integration independently determines how it processes your personal data, that third party is responsible for its own processing under its own terms and privacy policy.

2. Data we process

Depending on how you use the service, SVENLOL may process the following categories of personal data:

• Account data, including your name, email address, profile image, username, user ID, role, permissions, organization or team association, account status, and login-related information.
• Authentication and security data, including hashed credentials where applicable, session identifiers, session tokens, authentication events, IP addresses, user agents, device information, login history, failed login attempts, access logs, audit logs, abuse signals, and security records.
• Subscription and billing data, including billing name, billing address, email address, subscription status, payment status, payment identifiers, customer identifiers, mandate identifiers, transaction identifiers, invoices, invoice numbers, VAT or tax information where applicable, payment failure records, cancellation records, and chargeback or dispute information.
• Integration data, including linked-account identifiers, integration usernames, external platform IDs, OAuth tokens, refresh tokens, access scopes, token expiry data, webhook configuration, permission data, and settings for services such as Twitch, Google, Philips Hue, Govee, WLED, Mollie, and other integrations you connect.
• Device and service data, including device identifiers, device names, local or public IP addresses where relevant, connection status, enabled status, lighting configuration, automation settings, command history, service configuration, feature usage, diagnostic information, and technical event logs.
• Panel usage data, including pages viewed, actions taken in the panel, settings changed, buttons clicked, admin actions, subscription actions, cancellation actions, consent records, cookie preferences, language preferences, and timestamps.
• Communications and support data, including messages you send to SVENLOL, support requests, bug reports, feedback, attachments, Discord or email communication where applicable, and related metadata.
• Legal and compliance data, including records needed to prove agreement to the Terms of Service, Privacy Policy, cookie choices, direct digital access, withdrawal waiver where applicable, consent records, abuse investigations, legal notices, complaints, and enforcement records.

SVENLOL does not intentionally request special categories of personal data. You should not submit sensitive personal data unless it is strictly necessary for your request.

3. Sources of personal data

SVENLOL receives personal data directly from you when you create or use an account, purchase a subscription, configure the panel, connect an integration, contact support, or otherwise interact with the service.

SVENLOL also receives personal data automatically through the operation of the service, including logs, technical data, security data, payment status updates, webhook events, and integration responses.

SVENLOL may receive personal data from third parties you choose to connect, including payment providers, authentication providers, connected platforms, device integrations, and other services required to operate the features you enable.

4. Why we process data

SVENLOL processes personal data for the following purposes:

• To create, provide, maintain, and secure your account.
• To provide subscriptions, paid features, panel access, service access, connected services, integrations, automations, and device controls.
• To process payments, mandates, invoices, subscriptions, failed payments, cancellations, refunds where legally required, chargebacks, disputes, and accounting records.
• To authenticate users, manage sessions, enforce permissions, prevent unauthorized access, detect abuse, investigate suspicious activity, and protect the service.
• To communicate with integrations, APIs, platforms, devices, and third-party services that you connect or configure.
• To provide customer support, respond to questions, troubleshoot issues, investigate bugs, and improve reliability.
• To send service, billing, security, legal, administrative, and account-related communications.
• To monitor performance, diagnose errors, maintain infrastructure, prevent misuse, enforce the Terms of Service, and improve the service.
• To comply with legal obligations, including tax, accounting, consumer, security, data protection, and administrative obligations.
• To establish, exercise, or defend legal claims, collect unpaid amounts, handle disputes, and protect SVENLOL’s legitimate business interests.

5. Legal bases

SVENLOL processes personal data only where it has a legal basis under applicable data protection law. Depending on the processing activity, the legal bases include:

• Performance of a contract, where processing is necessary to provide your account, subscription, panel access, connected services, integrations, billing functionality, or support.
• Compliance with legal obligations, including tax, accounting, consumer law, data protection, security, and administrative obligations.
• Legitimate interests, including operating, securing, maintaining, developing, and protecting the service; preventing fraud and abuse; enforcing terms; logging security events; handling disputes; and protecting SVENLOL, users, integrations, and third parties.
• Consent, where required by law, including for certain cookies, optional communications, optional integrations, or specific processing that legally requires consent.

Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect processing that took place before withdrawal, and it does not affect processing based on another legal basis.

6. Integrations and third-party services

If you connect an integration, you authorize SVENLOL to process the data necessary to connect to that integration, maintain the connection, execute configured actions, receive events, and provide related service functionality.

Integration data may include account identifiers, usernames, profile information, tokens, scopes, permissions, device identifiers, configuration, status data, command data, webhook data, and technical responses from the connected service.

You are responsible for ensuring that you are allowed to connect the relevant account, device, platform, or integration to SVENLOL. Third-party services may process personal data independently under their own terms and privacy policies.

If you disconnect an integration, SVENLOL will stop using that integration for future actions where technically possible. Some related records may remain where necessary for security, billing, audit logs, legal compliance, dispute handling, backups, or legitimate business purposes.

7. Service providers and recipients

SVENLOL may share personal data where necessary with service providers and recipients that help operate the service, including:

• Hosting, infrastructure, storage, database, monitoring, logging, security, and backup providers.
• Email, communication, support, and notification providers.
• Payment providers, including Mollie, for payments, subscriptions, mandates, payment status, refunds where applicable, disputes, and related processing.
• Accounting and invoicing providers, including e-Boekhouden, for invoices, administration, tax records, and bookkeeping.
• Authentication providers, where used for login, account provisioning, or access management.
• Third-party integrations you choose to connect, such as Google, Twitch, Philips Hue, Govee, WLED, and other supported services.
• Professional advisers, legal advisers, accountants, insurers, collection providers, authorities, courts, regulators, or law enforcement where necessary or legally required.
• Parties involved in a business transfer, merger, acquisition, restructuring, financing, sale of assets, or similar transaction, where relevant and legally permitted.

Where a provider processes personal data on behalf of SVENLOL, SVENLOL aims to use appropriate contractual, technical, and organizational safeguards. Where a third party acts as an independent controller, that third party is responsible for its own processing.

8. International transfers

SVENLOL primarily aims to use providers and infrastructure suitable for users in the European Economic Area. However, some providers, integrations, support systems, or technical services may process personal data outside the European Economic Area.

Where personal data is transferred outside the European Economic Area and data protection law requires safeguards, SVENLOL relies on an adequacy decision, standard contractual clauses, transfer impact assessments, supplementary safeguards, or another lawful transfer mechanism.

Because third-party integrations may be operated globally, data you choose to send to or receive from those integrations may be processed in countries outside the European Economic Area according to the relevant third party’s terms and privacy policy.

9. Retention

SVENLOL retains personal data only for as long as reasonably necessary for the purposes described in this policy, unless a longer retention period is required or permitted by law.

• Account and service data is generally retained while your account is active or while needed to provide the service.
• Subscription, payment, invoice, tax, and accounting records may be retained for the statutory Dutch administration period or longer where necessary for disputes, audits, legal obligations, or enforcement.
• Security logs, audit logs, abuse records, access logs, and fraud-prevention records may be retained for as long as reasonably necessary to protect the service, investigate abuse, enforce terms, or defend legal claims.
• Integration tokens are retained while the integration remains connected or while needed to provide the configured service, unless revoked, replaced, deleted, or no longer required.
• Support communications may be retained for as long as necessary to handle the request, maintain records, resolve disputes, improve service reliability, and defend legal claims.
• Consent, checkout, legal acceptance, withdrawal waiver, and policy acceptance records may be retained for as long as necessary to prove compliance and enforce legal rights.
• Backups may retain deleted or changed data for a limited period until overwritten or deleted according to backup cycles.

When personal data is no longer needed, SVENLOL will delete, anonymize, or restrict it where reasonably possible. Immediate deletion from all systems, logs, and backups may not be technically possible.

10. Security

SVENLOL uses reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, and disclosure.

Measures may include encryption, access controls, authentication controls, least-privilege access, logging, monitoring, backups, secure credential handling, token encryption, and other security practices appropriate to the nature of the service.

OAuth tokens and other sensitive integration tokens are stored encrypted where technically feasible. You are responsible for keeping your own credentials, devices, sessions, API keys, connected accounts, and access to your email or authentication provider secure.

No online service, network, device, or storage system can be guaranteed to be completely secure. SVENLOL cannot guarantee absolute security.

If SVENLOL becomes aware of a personal data breach, it will assess the incident and, where legally required, notify the competent supervisory authority and affected individuals.

11. Your responsibilities

You are responsible for providing accurate information, keeping your account secure, using strong passwords, protecting your devices, managing access to your email or authentication provider, and ensuring that your integrations, automations, devices, and connected accounts are used lawfully and safely.

If you connect accounts, platforms, devices, or integrations that involve other people’s personal data, you are responsible for ensuring that you have the necessary rights, permissions, notices, and legal basis to do so.

You must notify SVENLOL promptly if you suspect unauthorized access, compromised credentials, misuse of your account, or a security issue involving the service.

12. Your rights

Depending on applicable law and the specific processing activity, you may have the right to request access to your personal data, correction of inaccurate data, deletion of data, restriction of processing, data portability, objection to processing, or withdrawal of consent where processing is based on consent.

These rights are not absolute. SVENLOL may refuse, limit, or delay a request where permitted by law, including where processing is necessary for legal obligations, security, fraud prevention, freedom of expression, establishment or defense of legal claims, accounting records, dispute handling, or overriding legitimate grounds.

SVENLOL may need to verify your identity before completing a privacy request. If a request is manifestly unfounded, excessive, repetitive, technically impossible, or legally restricted, SVENLOL may refuse the request or charge a reasonable fee where permitted by law.

You may lodge a complaint with the Dutch Data Protection Authority or another competent supervisory authority. SVENLOL asks that you contact SVENLOL first where possible, so the issue can be reviewed and potentially resolved directly.

13. Cookies and similar technologies

The panel uses necessary cookies and similar technologies for authentication, session management, security, language preferences, service functionality, and recording your cookie notice choice.

SVENLOL may also use optional cookies or similar technologies for analytics, preferences, or other purposes where enabled and legally permitted. Where consent is required, these cookies or technologies will only be used after consent.

See the Cookie Policy for more information about cookies and similar technologies.

14. Children

The service is not intended for children below the age at which they can lawfully use the service or provide valid consent under applicable law. SVENLOL does not knowingly target children or knowingly collect personal data from children without appropriate legal basis or required permission.

If SVENLOL becomes aware that it has processed personal data of a child without the required legal basis or permission, it may delete or restrict the relevant account and data where required or appropriate.

15. Automated decisions

SVENLOL may use automated systems to support security, abuse prevention, rate limiting, account protection, payment status handling, subscription state management, and service operation.

SVENLOL does not intend to make decisions based solely on automated processing that produce legal effects or similarly significant effects for you, unless such processing is necessary, legally permitted, or based on your explicit consent.

16. Changes to this policy

SVENLOL may update this policy from time to time to reflect changes to the service, integrations, providers, legal requirements, security practices, or business operations.

If changes are material, SVENLOL will take reasonable steps to notify you, such as through the panel, email, website notice, or another appropriate channel.

Continued use of the service after the updated policy becomes effective means the updated policy applies to the processing described in it, to the extent permitted by law.

17. Contact

For privacy questions, data requests, security concerns, or complaints, contact SVENLOL through the communication channel used to provision your account, through the panel, or through any contact method made available on the SVENLOL website.

Please include enough information for SVENLOL to understand and verify your request. Do not include unnecessary sensitive personal data in privacy or support requests.