Privacy
Privacy Policy
Last updated: 11 May 2026
This Privacy Policy describes how Statty ("we", "us", "our") collects, uses, and shares your personal information when you use getstatty.com(the "Service").
By using Statty, you agree to this Privacy Policy.
1. Who we are
Statty is operated by DKLH Services, a sole proprietorship registered in the Netherlands.
- —Trade name: Statty
- —Legal entity: DKLH Services (eenmanszaak)
- —KvK number: 74855077
- —Establishment number: 000042780705
- —Address: Tolstoistraat 22, 1506 RT Zaandam, Netherlands
- —Website: https://getstatty.com
- —Contact: contact@getstatty.com
If you have any questions about this Privacy Policy, email us at contact@getstatty.com.
2. What we collect
We collect the following categories of personal information:
2.1 Information you provide
- —Email address — required for account creation and login (magic-link authentication)
- —Payment information— processed by Stripe; we don't store your card details
- —Assessment answers — your responses to the 25-question life assessment
- —Photos — only if you choose to use the optional Looks module (AI photo analysis)
- —Intake details — optional info you provide for personalized training/nutrition plans
2.2 Information collected automatically
- —Technical data — IP address, browser type, device info, operating system (via Vercel server logs)
- —Usage data — pages visited, time spent, basic interaction patterns
- —Cookies— essential cookies for authentication; we don't use tracking cookies for advertising
3. How we use your information
We use your personal information to:
- —Provide the Service (process your assessment, generate your reports)
- —Send transactional emails (login links, payment confirmations)
- —Improve and debug the Service
- —Comply with legal obligations
- —Communicate with you if you contact us
We do not use your data for:
- —Advertising or remarketing
- —Selling to third parties
- —Training AI models (your data is not used to improve any AI system, including ours)
4. Legal basis for processing (GDPR)
If you are in the EU/EEA, we process your data under the following legal bases:
- —Contract performance — to deliver the Service you paid for
- —Legitimate interest — for security, fraud prevention, and improving the Service
- —Consent — for optional features (e.g., photo upload for the Looks module)
- —Legal obligation — to comply with applicable laws
5. Third parties
We share data with the following service providers, who are bound by their own privacy obligations:
| Service | Purpose | Data shared | Location |
|---|---|---|---|
| Stripe | Payment processing | Email, payment info | EU/US (GDPR-compliant) |
| Resend | Transactional emails | Email address, email content | EU (Ireland) |
| Vercel | Website hosting | Technical data, all submitted data | EU/US (GDPR-compliant) |
| Neon | Database hosting (your account, assessment data) | Email, assessment answers, account data | EU/US (GDPR-compliant) |
| Vercel Blob | Photo storage (Looks module only) | Photos you upload | EU/US (GDPR-compliant) |
| Anthropic | AI processing (Claude API) | Assessment answers, photo content (Looks module only) | US (GDPR-compliant) |
We don't sell your data to advertisers, brokers, or any other third parties.
6. Data retention
- —Account data — kept as long as your account is active
- —Assessment history — kept indefinitely so you can track progression over time
- —Payment records — kept for 7 years as required by Dutch tax law
- —Server logs — typically deleted after 30 days
- —Deleted accounts — all personal data permanently wiped within 30 days of account deletion
7. Your rights under GDPR
If you are in the EU/EEA, you have the following rights:
- —Access — request a copy of your personal data
- —Rectification — correct inaccurate data
- —Erasure— request deletion of your data ("right to be forgotten")
- —Restriction — limit how we process your data
- —Portability — receive your data in a machine-readable format
- —Objection — object to certain types of processing
- —Withdraw consent — for processing based on consent
To exercise any of these rights, email contact@getstatty.com. We respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).
8. International data transfers
Some of our service providers (Stripe, Vercel, Anthropic) are based in the United States. When your data is transferred outside the EU/EEA, we rely on:
- —Standard Contractual Clauses (SCCs) approved by the European Commission
- —The provider's own GDPR-compliance measures
9. Security
We take reasonable measures to protect your personal information:
- —Encrypted connections (HTTPS) on all pages
- —Secure password-less authentication (magic-link)
- —Payment data handled by Stripe (PCI-DSS compliant)
- —Limited access to personal data
- —Regular security review
No system is 100% secure. If we discover a data breach affecting your data, we will notify you within 72 hours as required by GDPR.
10. Age requirement
Statty is intended for users 16 years and older. If you are under 16, do not use the Service. If we learn that we have collected data from a child under 16, we will delete it.
If you are a parent or guardian and believe your child has provided us with data, contact us at contact@getstatty.com.
11. Cookies
We use a minimal set of cookies:
- —Essential cookies — required for authentication (login session). You cannot opt out of these.
- —No tracking cookies — we do not use advertising or cross-site tracking cookies.
12. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent version. If we make material changes, we will notify you by email.
13. Contact
For any privacy-related questions or requests:
Email: contact@getstatty.com
Company: DKLH Services (KvK 74855077)
Address: Tolstoistraat 22, 1506 RT Zaandam, Netherlands
This privacy policy is provided as-is for informational purposes. For legally binding advice, consult a qualified attorney.