Privacyverklaring

Ingangsdatum: 2 maart 2026

Data Controller

Nyenbeek B.V.
Postbus 6, 7380 AA Klarenbeek, Netherlands
Chamber of Commerce: 98122630
Email: info@nyenbeek.com

1. Introduction

1.1. This Privacy Statement explains how Nyenbeek B.V. ("we", "us") handles your personal data in connection with ThinkTower software.

1.2. ThinkTower is designed with privacy as a core principle. The Software runs locally on your device, and we have deliberately limited our access to your data.

1.3. We process personal data in accordance with the General Data Protection Regulation (GDPR).

2. Our Core Privacy Commitment

Data that is designed to NEVER leave your device (any license tier):

  • Chat conversations (your questions and AI responses)
  • Document contents (text from PDFs, Word files, etc.)
  • Analysis results (calculations, summaries)
  • File names
  • File paths
  • Personal information extracted from your content
  • Search queries within the Software

This is by design. We do not have technical access to this content because it is processed entirely on your device.

Note: While our architecture is designed to keep this data local, no software system can guarantee absolute security. See Section 7 for details on our security measures and limitations.

3. Data We Do Collect

3.1 Account and License Data

When you purchase a license, we collect:

  • Name
  • Email address
  • Company name (for business purchases)
  • Billing address
  • VAT number (for EU business purchases)
  • License key
  • Purchase date and tier

Legal basis: Contract performance (Art. 6(1)(b) GDPR)
Retention: Duration of license + 7 years (legal requirement)

3.2 Payment Data

Payment is processed by our payment provider. We receive:

  • Transaction reference
  • Last 4 digits of payment method
  • Payment date and amount

We do not store full payment card details.

Legal basis: Contract performance (Art. 6(1)(b) GDPR)
Retention: 7 years (legal requirement)

3.3 License Verification Data

Every 14 days, the Software verifies your license. We receive:

  • License key
  • Software version
  • IP address (for abuse prevention, not stored long-term)

Legal basis: Contract performance (Art. 6(1)(b) GDPR)
Retention: IP address logs deleted after 30 days

3.4 Legal Acceptance Records

When you accept our Terms of Service or Privacy Statement in the Software, we record the following for legal compliance purposes:

  • Document type (Terms of Service or Privacy Statement)
  • Version of the document accepted (date-based identifier)
  • Timestamp of acceptance as recorded on your device
  • IP address at time of server receipt (recorded server-side)
  • Anonymous device fingerprint (hardware-based hash, not linked to personal identity)

This record is stored locally on your device (SQLite) and transmitted to our servers during the next license verification. It is used exclusively to demonstrate that you were presented with and accepted the applicable version of our legal documents.

Legal basis: Legal obligation (Art. 6(1)(c) GDPR)
Retention: Duration of license + 7 years (statutory requirement for contract records)

3.5 Telemetry Data (varies by tier)

FREE TIER: Telemetry is required as part of the service.
PAID TIERS: Telemetry is optional (disabled by default).

When telemetry is enabled, we collect:

  • Feature usage (which functions are used)
  • Session information (duration, frequency)
  • Technical information (OS, RAM, model version)
  • Performance metrics (response times)
  • Error reports (error type, anonymized stack trace)

Legal basis: Free tier: Contract performance (Art. 6(1)(b) GDPR). Paid tiers: Consent (Art. 6(1)(a) GDPR).
Retention: 1 year, then anonymized

4. Telemetry: Tier Differences

FREE TIER

  • Telemetry: Required (part of service agreement)
  • You cannot opt out while using the free tier
  • Alternative: Upgrade to a paid tier

PAID TIERS

  • Telemetry: Optional (disabled by default)
  • Enable/disable anytime in Settings
  • No impact on functionality

UPON UPGRADING from Free to Paid

You may request deletion of historical telemetry data collected during your free tier usage.

5. Data Sharing

5.1. We share data only with:

  • Payment processor: To process your payment
  • Hosting provider: For license verification infrastructure

5.2. We do NOT:

  • Sell your data
  • Share data for advertising
  • Use data for profiling

5.3. We may disclose data if required by law or court order.

6. International Transfers

Your data is primarily processed within the EU/EEA. If transfer outside the EU/EEA is necessary, we ensure appropriate safeguards (Standard Contractual Clauses or adequacy decisions).

7. Data Security

7.1. We implement appropriate technical and organizational measures:

  • Encrypted transmission (TLS) for all network communications
  • Access controls for our systems
  • Regular security assessments

7.2. Your data is stored locally on your device. You are responsible for the security of your device, including:

  • Operating system updates
  • Antivirus and security software
  • Access controls and passwords
  • Regular backups

7.3. The Software includes security measures such as code sandboxing and network restrictions. However, no security measure is perfect.

7.4. Despite our privacy-by-design approach:

  • No software system can guarantee 100% security
  • Unforeseen technical issues could potentially result in unintended data transmission
  • Third-party components may have vulnerabilities
  • New attack techniques may emerge

7.5. We recommend installing security updates promptly when available.

8. Your Rights

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a portable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: For optional telemetry on paid tiers
Note: Free tier users cannot object to required telemetry while using the free tier. The alternative is to upgrade to a paid tier or stop using the Software.

To exercise your rights, contact us at: info@nyenbeek.com

9. Data Retention

  • Account/License data: Duration of license + 7 years
  • Payment data: 7 years (legal requirement)
  • License verification logs: 30 days
  • Legal acceptance records: Duration of license + 7 years
  • Telemetry data: 1 year, then anonymized
  • Aggregated statistics: Indefinitely (non-personal)

10. Cookies

The ThinkTower desktop application does not use cookies. Our website uses only functional cookies necessary for operation.

11. Children's Privacy

ThinkTower is not intended for children under 16. We do not knowingly collect data from children.

12. Changes to This Statement

We may update this Privacy Statement. Material changes will be communicated via email or in-app notification at least 30 days before taking effect.

13. Complaints

If you have concerns about our data practices, please contact us first. You also have the right to lodge a complaint with your local supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

14. Contact

Email: info@nyenbeek.com
Address: Postbus 6, 7380 AA Klarenbeek, Netherlands

Version: March 2, 2026
© 2026 Nyenbeek B.V. All rights reserved.