Privacy Policy

BromeoGrid Privacy Policy

Effective date: April 1, 2026

1. Introduction

The Gatekeeper Enterprises ("we", "us", "our") operates the BromeoGrid desktop application and the BromeoGrid website (together, the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have. We are committed to protecting your privacy and handling your data transparently in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Data controller

The data controller for the personal data processed through the Service is:

The Gatekeeper Enterprises
Netherlands
Contact: support tickets page in your dashboard

3. What data we collect

3.1 Account data

When you create an account or sign in with Google, we collect and store: your email address, display name, and profile picture URL provided by Google. This data is necessary to identify your account, manage your license, and provide customer support.

3.2 License and transaction data

We store license keys, plan type (Free/Pro), activation status, expiry dates, transaction references, payment status, and payment method type. The payment method type may for example indicate iDEAL, card, PayPal, Apple Pay, Bancontact, Google Pay, Pay by Bank, Trustly, Billie, or another Mollie-supported method used during checkout. This data is required to deliver licensing features, process renewals, and handle billing inquiries.

3.3 Support tickets

When you submit a support ticket through your dashboard, we store the ticket content, any attachments, and correspondence history to resolve your inquiry and improve our support quality.

3.4 Website traffic data

The website tracks page views, paths, query strings, referrer URLs, user agent strings, response times, and IP-related visitor data. In reports we primarily use hashed IP-based counts and aggregated statistics, but the backend may also store raw IP addresses and derived location data for security, fraud prevention, internal traffic filtering, download statistics, and abuse investigation. We do not load Google Analytics or similar third-party analytics scripts on the public website.

3.5 Desktop application data

The BromeoGrid desktop application stores workspace layouts, settings, and preferences locally on your computer. Those local workspace layouts are not uploaded to our servers. Network communication from the desktop app is limited to release downloads and update checks, license validation or trial requests, paid extension checkout initiation, and optional support or bug-report submissions that you choose to send. License and trial requests send your email address, desktop API token, device ID, and app version to our backend, while the backend also receives the request IP address for licensing, abuse prevention, and location-based security review.

4. How we use your data

We use your personal data for the following purposes:

  • Account management: to create and maintain your account, authenticate sign-ins, and display your dashboard
  • Licensing: to activate, validate, and manage your software license
  • Payments: to process transactions and maintain billing records through Mollie
  • Customer support: to respond to your inquiries and resolve issues
  • Service improvement: to analyze aggregated, anonymized usage patterns and improve the Service
  • Security: to detect and prevent fraud, abuse, and unauthorized access
  • Legal compliance: to meet our obligations under applicable laws and regulations

5. Legal basis for processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract performance: processing necessary to deliver the Service you signed up for (account, licensing, payments, support)
  • Legitimate interest: website traffic analysis, fraud prevention, and service improvement, balanced against your rights
  • Legal obligation: where we are required by law to retain or disclose data

6. Data sharing and third parties

We do not sell, rent, or trade your personal data to third parties. We share data only in the following limited circumstances:

To make the roles in the processing chain explicit: the website frontend is the browser session on bromeogrid.com, the first-party backend is the BromeoGrid web application and API operated by us, first-party storage is our application database plus server-side file storage for support attachments and release files, and third parties only receive the subset of data needed for their own specific task.

6.1 Website visits and dashboard flow

User/browser -> bromeogrid.com frontend -> BromeoGrid backend -> first-party database/storage. When you browse the website, register, sign in, use the dashboard, open support pages, or download the desktop build, your browser sends requests to our frontend and backend on bromeogrid.com. The backend handles authentication, page rendering, dashboard logic, support workflows, download logging, and statistics, then stores the relevant account, support, traffic, and download records in our own database. If support attachments are uploaded, the files are stored in our own server-side attachment storage and linked to ticket records in the database.

6.2 Payments and renewals

User/browser -> BromeoGrid backend -> Mollie checkout -> Mollie webhook -> BromeoGrid backend -> first-party database. When you start a paid purchase, our backend creates a checkout session and redirects you to Mollie. Depending on your region, device, and checkout type, Mollie may present methods such as iDEAL, card, PayPal, Apple Pay, Bancontact, Google Pay, Pay by Bank, Trustly, Billie, or other supported methods. Mollie then sends the payment result back to our backend by webhook, after which our backend updates the transaction record, billing status, and license status in our own database. We do not store your full payment card or bank details ourselves.

6.3 Desktop app licensing and update flow

Desktop app (BromeoGrid) -> BromeoGrid license/update endpoints -> first-party database/storage. The desktop app contacts our backend for release metadata, release downloads, license validation, and trial requests. For license and trial requests the app sends your email address, desktop API token, device ID, and app version; our backend also sees the source IP address of that request and may enrich it with country, region, or city data for security and licensing review. The backend returns the license result, enabled features, and expiry information to the desktop app. Your local workspace layout itself remains on your own computer unless you explicitly send it in a support or bug report.

6.4 Optional third-party steps inside those flows

Some flows add a specific third party only when that feature is used: Google for Google sign-in, Mollie for payment processing, our IP geolocation provider for IP-to-location enrichment, OpenAI if the public AI assistant is enabled and you use it, and Firebase Cloud Messaging if mobile push notifications are enabled for the dashboard app.

  • Mollie (payment processor): receives transaction data necessary to process your payment. Mollie operates under its own privacy policy.
  • Google (authentication): when you sign in with Google, data is exchanged according to Google's privacy policy. We receive only your email, name, and profile picture.
  • Hosting provider: our website frontend, backend application, database, release storage, and support attachment storage run on hosting infrastructure that processes data on our behalf under a data processing agreement.
  • IP geolocation provider: when we enrich a request with country, region, or city data, the request IP address may be sent to our geolocation provider (currently ipapi.co) so we can add approximate location context to security, statistics, download, payment, or licensing records.
  • OpenAI (website AI assistant, if enabled and used): if you choose to use the public AI assistant, the submitted chat content, current page path, and locale may be sent to OpenAI to generate a reply.
  • Firebase Cloud Messaging (mobile dashboard notifications, if enabled): notification metadata may be sent through Firebase so push notifications can be delivered to the BromeoGrid Dashboard app.
  • Legal requirements: we may disclose data if required by law, court order, or governmental authority.

7. Cookies

The BromeoGrid website uses essential cookies required for authentication and session management. These cookies are strictly necessary for the Service to function and do not require consent. We do not use advertising cookies, tracking cookies, or third-party analytics cookies.

8. Data retention

We retain your data for the following periods:

  • Account data: retained for as long as your account is active, and up to 12 months after account deletion to handle any outstanding billing or support matters
  • Transaction data: retained for 7 years as required by Dutch tax and accounting regulations
  • Support tickets: retained for 24 months after the last interaction on the ticket
  • Traffic statistics: aggregated data is retained indefinitely; raw visitor logs are purged after 90 days

9. Data security

We take appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted connections (HTTPS/TLS), secure server infrastructure, access controls limiting data access to authorized personnel only, and regular security reviews. While we strive to protect your data, no method of transmission over the internet or electronic storage is completely secure.

10. Your rights

Under the GDPR and applicable privacy laws, you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of your personal data, subject to legal retention requirements
  • Right to restriction: request that we limit the processing of your data in certain circumstances
  • Right to data portability: receive your personal data in a structured, commonly used, machine-readable format
  • Right to object: object to the processing of your data based on legitimate interest
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us through the support tickets page in your dashboard. We will respond to your request within 30 days.

11. Children's privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that data promptly.

12. International data transfers

Your data is primarily stored and processed within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or an adequacy decision.

13. Changes to this policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. For material changes, we will make reasonable efforts to notify active users through the dashboard or email. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.

14. Supervisory authority

If you believe that we have not handled your personal data properly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or with the supervisory authority in your country of residence.

Autoriteit Persoonsgegevens — autoriteitpersoonsgegevens.nl

15. Contact

If you have questions about this Privacy Policy or how your data is handled, use the support tickets page from your dashboard or visit our website at thegatekeeperenterprises.com.

The Gatekeeper Enterprises
Netherlands