Privacy Policy

Last updated: 4/13/2026

1. Introduction

Welcome to Inbu. We assist you in your integration journey in the Netherlands. This Privacy Policy applies to the use of the Inbu platform and explains how we collect, use, and act on your personal data.

We are committed to protecting your privacy and personal data in accordance with the General Data Protection Regulation (GDPR) / Algemene Verordening Gegevensbescherming (AVG).

2. Data Controller

Inbu ("we", "us", or "our") is the controller of your personal data.

3. Data We Collect & Legal Basis

We process your data based on the following legal grounds:

A. Account Data

Legal Basis: Performance of Contract

  • Identity data (Name, Email address)
  • Authentication data (Passwords, Login tokens via Supabase)
  • Subscription status and Purchase history

B. Usage & Educational Data

Legal Basis: Performance of Contract & Legitimate Interest

  • Learning progress, exam results, and practice scores
  • Written and spoken answers submitted for review
  • Platform usage metrics to improve our service

C. Technical & Analytics Data

Legal Basis: Consent

  • IP address, browser type, device information
  • Interaction data collected via PostHog (only if Analytics consent is granted)

4. Third-Party Processors

We use trusted third-party service providers to help us operate our business. We have Data Processing Agreements (DPAs) in place with these providers:

Infrastructure & Auth

  • Supabase: Database and Authentication (Hosted in EU/Frankfurt usually, verify region)
  • Vercel: Hosting and Deployment

Payments

  • Stripe: Payment processing. We do not store your full card details.

AI & Features

  • OpenAI: AI-powered feedback and content generation.
  • Microsoft Azure / Deepgram: Specific voice technology features.
  • Resend: Transactional emails.

Analytics

  • PostHog: Product analytics and user sessions (Only with consent).

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Account Data: Retained as long as your account is active.
  • Transaction Data: Retained for 7 years for tax purposes (Dutch fiscal obligation).
  • Analytics Data: Retained for a limited period in accordance with PostHog's retention policies.

6. Your Rights (AVG)

Under the GDPR/AVG, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the data we hold about you.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure: Request that we delete your data ("Right to be forgotten").
  • Right to Restrict Processing: Request us to suspend processing of your data.
  • Right to Data Portability: Request transfer of your data to you or a third party.
  • Right to Object: Object to processing where we rely on legitimate interest.

To exercise these rights, please contact us at hello@inbu.nl.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not adequately complied with the applicable data protection rules.

7. International Transfers

Some of our service providers may process data outside the European Economic Area (EEA). Whenever such transfers occur, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We strictly transfer data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers (like OpenAI or Stripe), we may use specific contracts approved by the European Commission or rely on the Data Privacy Framework (DPF) where applicable.