Legal
Last updated: April 2, 2026
This Privacy Policy explains how MomentumLab ("we", "us", "our") collects, uses, stores, shares, and protects your personal data when you visit our website, use our application, or interact with our services (collectively, the "Service").
We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (GDPR), the Dutch Implementation Act (Uitvoeringswet AVG), and other applicable data protection laws.
By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.
The data controller responsible for your personal data is MomentumLab. For any privacy-related enquiries, you can reach us at support@getmomentumlab.com.
We collect the following categories of personal data:
2.1. Data you provide directly:
2.2. Data collected automatically:
2.3. Payment data:
Payment processing is handled entirely by Stripe, Inc. We do not collect, store, or have access to your credit card number, bank account details, or other payment instrument data. Stripe may share with us your Stripe customer ID, subscription status, and billing-related metadata. See Stripe's Privacy Policy for details.
Under the GDPR, we process your personal data on the following legal bases:
| Purpose | Legal Basis (GDPR Art.) |
|---|---|
| Account creation and management | Performance of contract (Art. 6(1)(b)) |
| Subscription billing and payment | Performance of contract (Art. 6(1)(b)) |
| Providing the Service and its features | Performance of contract (Art. 6(1)(b)) |
| Essential service communications (signal notifications, account updates) | Performance of contract (Art. 6(1)(b)) |
| Security, fraud prevention, and abuse detection | Legitimate interest (Art. 6(1)(f)) |
| Platform improvement and analytics | Legitimate interest (Art. 6(1)(f)) |
| Legal compliance (tax records, regulatory obligations) | Legal obligation (Art. 6(1)(c)) |
| Marketing communications (if opted in) | Consent (Art. 6(1)(a)) |
We use your personal data to:
We do not sell, rent, trade, or otherwise commercially share your personal data with third parties.
We may share data with the following categories of service providers, solely to the extent necessary to operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase (database & auth) | Account storage, authentication | Email, hashed password, profile data |
| Stripe (payments) | Subscription billing | Email, Stripe customer ID, subscription metadata |
| Vercel (hosting) | Application hosting and delivery | IP address, request metadata (logs) |
All third-party providers are bound by data processing agreements and are required to process data in accordance with applicable data protection laws.
We may also disclose personal data if required to do so by law, regulation, legal process, or enforceable governmental request, or to protect the rights, property, or safety of MomentumLab, our users, or the public.
Some of our service providers (including Supabase, Stripe, and Vercel) may process data outside the European Economic Area (EEA). Where such transfers occur, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other legally recognised transfer mechanisms.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:
8.1. The Service uses essential cookies and local storage required for authentication, session management, and core functionality. These are strictly necessary for the operation of the Service and do not require consent.
8.2. We may use analytics tools to understand how the Service is used. Where such tools involve non-essential cookies or tracking, we will obtain your consent before deploying them, in accordance with applicable cookie laws.
8.3. We do not use advertising cookies, retargeting pixels, or tracking technologies for the purpose of behavioural advertising.
Under the GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, please contact us at support@getmomentumlab.com. We will respond to your request within 30 days.
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or the supervisory authority in your country of residence.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security and are not liable for breaches beyond our reasonable control.
The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The updated version will be posted on the Platform with a revised "Last updated" date. Material changes will be communicated via email to registered users.
Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.
If you have any questions, requests, or concerns regarding this Privacy Policy or the processing of your personal data, please contact us at: