Privacy Policy
Last updated: February 11, 2026
This Privacy Policy explains how Just Enough Solutions ApS ("we", "us", or "our") collects, uses, and protects your personal data when you use SaaS Template (the "Service"). This policy complies with the General Data Protection Regulation (GDPR) and the Danish Data Protection Act.
Data Controller
The data controller responsible for your personal data is: Just Enough Solutions ApS
Information We Collect
Information You Provide Through Authentication
When you create an account using OAuth providers (Google, Microsoft, or Apple), we receive:
- Profile Information: Your name and email address
- Profile Picture: If provided by your OAuth provider
- Account Identifier: A unique identifier from your OAuth provider
We do not receive or store your OAuth provider password.
Information You Provide While Using the Service
- Account Preferences: Settings and preferences you configure
- Subscription Information: Your selected plan and billing status
Information Collected Automatically
With your explicit consent, we may collect:
- Usage Analytics: Pages visited, features used, and interaction patterns
- Error Reports: Technical errors and performance data to improve the Service
Without consent, we only collect essential technical data required for the Service to function (e.g., authentication sessions).
Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR Article 6(1):
| Purpose | Legal Basis | GDPR Article |
|---|---|---|
| Account creation and authentication | Performance of contract | Art. 6(1)(b) |
| Subscription and payment processing | Performance of contract | Art. 6(1)(b) |
| Service communication (e.g., account updates) | Performance of contract | Art. 6(1)(b) |
| Security and fraud prevention | Legitimate interest | Art. 6(1)(f) |
| Service improvement and bug fixes | Legitimate interest | Art. 6(1)(f) |
| Usage analytics | Consent | Art. 6(1)(a) |
| Error monitoring (client-side) | Consent | Art. 6(1)(a) |
| Bookkeeping and tax records | Legal obligation | Art. 6(1)(c) |
Legitimate Interests: Where we rely on legitimate interest, our interests are: maintaining Service security, preventing fraud and abuse, and improving Service quality and reliability. We have assessed that these interests do not override your fundamental rights and freedoms.
How We Use Your Information
We use your personal data to:
- Provide the Service: Create and manage your account, authenticate your sessions
- Process Payments: Manage subscriptions and process payments through our payment provider
- Communicate: Send essential service updates, security alerts, and account notifications
- Improve the Service: Analyze usage patterns (with consent) and fix technical issues
- Ensure Security: Detect and prevent fraud, abuse, and security threats
- Comply with Law: Meet legal obligations including tax and bookkeeping requirements
We do not use your personal data for automated decision-making or profiling that produces legal effects.
Data Recipients and Third-Party Services
We share your personal data with the following categories of recipients:
Service Providers
| Provider | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Vercel | Application hosting | Technical metadata, request logs | Vercel Privacy |
| Clerk | Authentication | Name, email, profile picture, session data | Clerk Privacy |
| Convex | Database and backend (EU-hosted) | Account data, preferences, subscription status | Convex Privacy |
| Polar.sh | Payment processing | Email, subscription details | Polar.sh Privacy |
| Stripe | Payment processing (via Polar.sh) | Payment card details, billing address | Stripe Privacy |
| Sentry | Error monitoring | Error logs, device info, IP address (anonymized) | Sentry Privacy |
| Axiom | Operational logging | Application logs, user actions, system events | Axiom Privacy |
Other Recipients
We may also disclose your personal data to:
- Legal Authorities: When required by law or to respond to valid legal process
- Professional Advisors: Accountants, lawyers, or auditors under confidentiality obligations
- Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)
We do not sell your personal data to third parties.
Data Hosting and International Data Transfers
Our Service uses a combination of EU-based and U.S.-based infrastructure:
- Backend and database (Convex): Hosted in the European Union. Your account data, preferences, and subscription status are stored and processed within the EU.
- Frontend hosting (Vercel): Hosted in the United States. Serves the application interface and processes technical metadata and request logs.
- Authentication (Clerk): Hosted in the United States. Processes authentication sessions, profile information, and login data.
Because some of our service providers are based in the United States, your personal data may be transferred to and processed in the United States, which is outside the European Economic Area (EEA). We ensure appropriate safeguards are in place for all such transfers.
EU-Based Providers
The following service providers store and process your data within the European Union:
- Convex (database and backend) - Data is hosted in the EU. No international data transfer is required.
Data Privacy Framework (DPF) Compliance
Several of our U.S.-based service providers are certified under the EU-U.S. Data Privacy Framework (DPF), which provides adequate protection for personal data transferred from the EU to the United States:
- Vercel (hosting provider) - DPF certified
- Clerk (authentication) - DPF certified
- Sentry (error monitoring) - DPF certified
The DPF is recognized by the European Commission as providing an adequate level of protection for personal data transferred to participating U.S. organizations.
Other U.S.-Based Providers
- Polar.sh/Stripe (payment processing) - Process data in accordance with their respective privacy policies and data protection commitments
- Axiom (operational logging) - Processes data in accordance with their privacy policy and data protection commitments
For questions about data hosting or international data transfers, please contact us at Support@justenoughsolutions.com.
Data Retention
We retain your personal data for the following periods:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Until you delete your account | Required to provide the Service |
| Authentication sessions | Automatically expire after inactivity | Security |
| Payment and subscription records | Handled by Polar.sh/Stripe per their policies | Payment provider retention |
| Analytics data (if consented) | Handled by service providers per their policies | Analytics provider retention |
| Error logs | Handled by Sentry per their policy | Error monitoring provider retention |
Account Deletion: When you request account deletion, we will delete or anonymize your personal data within 30 days, except where we are required to retain it by law (e.g., bookkeeping records for 5 years under Danish law).
Your Rights Under GDPR
Under the GDPR and Danish data protection law, you have the following rights:
- Right of Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restriction: Request that we limit how we use your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interest or for direct marketing
- Right to Withdraw Consent: Withdraw consent at any time (does not affect prior processing)
How to Exercise Your Rights
- Access and Portability: Visit your Account Settings to request a data export
- Rectification: Update your profile in Account Settings or contact us
- Erasure: Request account deletion in Account Settings
- Other Rights: Contact us at Support@justenoughsolutions.com
We will respond to your request within 30 days. We may request verification of your identity before processing your request.
Right to Lodge a Complaint
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet):
Datatilsynet Carl Jacobsens Vej 35 2500 Valby, Denmark Website: www.datatilsynet.dk Email: dt@datatilsynet.dk
Cookies and Tracking Technologies
We use cookies and similar technologies for authentication and, with your consent, for analytics. Essential cookies are required for the Service to function and cannot be disabled.
For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.
Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption of data in transit (HTTPS/TLS)
- Encryption of data at rest
- Secure authentication via OAuth providers
- Access controls limiting who can access your data
- Regular security assessments of our service providers
While we take reasonable precautions, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.
Children's Privacy
The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us immediately at Support@justenoughsolutions.com.
Changes to This Policy
We may update this Privacy Policy when our practices change or when required by law. We will:
- Update the "Last updated" date at the top of this page
- Notify you of significant changes via email or a prominent notice in the Service
We encourage you to review this policy periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:
Email: Support@justenoughsolutions.com
Company: Just Enough Solutions ApS
CVR: 45958388