RoofeedRoofeed
Get started
Legal

Privacy Policy

Last updated: April 27, 2026

This policy explains what data Roofeed collects, why, and how we protect it. We try to keep it short and human — if anything is unclear, email us at support@roofeed.com.

Who we are

Roofeed is operated by Beyond Git, a sole proprietorship (eenmanszaak) registered in the Netherlands.

Tjalk 19 35, 8232 LN Lelystad, The Netherlands.
Contact: support@roofeed.com.

Beyond Git is the data controller for personal data processed through Roofeed.

What we collect and why

  • Account data — your email address and a hashed password, so you can sign in.
  • Reading data — the feeds you subscribe to, your lists, bookmarks, and read/unread state. Without this we cannot show you your magazine.
  • Billing data — if you upgrade to a paid plan, our payment processor handles your card details directly. We only store your plan, status, and billing email.
  • Server logs — IP address, user agent, and timestamps for requests, used to keep the service secure and debug problems.
  • Analytics — aggregated, IP-anonymised page views via Google Analytics, so we can understand which parts of the product people use.

Legal bases (GDPR Art. 6)

  • Contract — account, reading, and billing data are processed to provide the service you signed up for.
  • Legitimate interest — server logs and analytics let us run Roofeed safely and improve it. We balance this against your privacy by keeping data minimal.
  • Consent — where the law requires it (e.g. for non-essential cookies), we ask first and you can withdraw at any time.

Sub-processors

We rely on a small set of providers to run Roofeed:

  • Supabase — authentication and Postgres database, hosted in the EU. Privacy.
  • Vercel — application hosting and the background tasks that keep your feeds up to date. We deploy to EU regions where available. Privacy.
  • Postmark — transactional email (sign-in confirmations, password resets, billing receipts). Privacy.
  • Google Analytics — usage analytics with IP anonymisation. Privacy.

We will update this list before adding any new sub-processor that handles personal data.

Where your data is stored

Your account and reading data are stored on servers in the European Union. Some sub-processors (e.g. Google Analytics) may process aggregated data outside the EU under standard contractual clauses.

How long we keep it

  • Reading data — kept while your account is active. Deleted within 30 days of account deletion.
  • Server logs — rotated within roughly 90 days.
  • Billing records — kept for 7 years to comply with Dutch tax law.

Your rights

Under the GDPR you can:

  • access the personal data we hold about you,
  • correct it if it is wrong,
  • have it deleted,
  • export it in a portable format,
  • object to or restrict our processing,
  • lodge a complaint with the Dutch DPA (Autoriteit Persoonsgegevens).

To exercise any of these rights, email support@roofeed.com. We will respond within 30 days.

Cookies

Roofeed uses two kinds of cookies:

  • Essential — Supabase sets a session cookie so you can stay signed in. Without it the app cannot work.
  • Analytics — Google Analytics sets cookies to count visits. You can opt out using your browser settings, an ad-blocker, or the Google Analytics opt-out add-on.

What we will never do

  • We do not sell your data.
  • We do not train AI models on what you read.
  • We do not share your reading history with anyone outside the sub-processors listed above.

Children

Roofeed is not directed at children under 16. If you believe a child has created an account, contact us and we will delete it.

Changes to this policy

When we make material changes we will update the date at the top of this page and, where appropriate, email account holders. Minor wording changes will not be flagged.

Contact

Questions, requests, or concerns about your data? Email support@roofeed.com.