✨ Become an Affiliate (50%)!
home
Core

Privacy Policy

Your privacy is important to us. It is TurboStarter's policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website, https://www.turbostarter.dev, and other sites we own and operate.

In the event our site contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy information about how they collect and use personal information. This Privacy Policy does not apply to any of your activities after you leave our site.

Last updated: 5 September 2024

Who We Are and How to Contact Us

For the purposes of applicable data protection laws (including the EU General Data Protection Regulation, "GDPR"), the data controller of your personal data is:

Bartosz Zagrodzki
Email: hello@turbostarter.dev
Country of establishment: Poland

Operating under the brand name "TurboStarter".

If you have any questions about this Privacy Policy or how we handle your personal data, you can contact us using the details above.

Data Collection and Use

We collect personal information only when necessary to provide a service to you. This includes:

  • Email addresses when you subscribe to our newsletter. We use Resend to send transactional and marketing emails, and your email address will be processed by their service in accordance with their privacy policy.
  • Account and authentication data (for example, email address, name if provided, authentication identifiers) when you create an account, log in to a TurboStarter-hosted application, or otherwise use our services that require authentication. This data is stored in our Neon-hosted database and used only to operate, secure, and provide the service.
  • Usage data through PostHog analytics for improving our services.
  • Payment records through Lemon Squeezy for handling payments.
  • Data provided when you contact us directly.

We may also collect information that you voluntarily submit when using our demo applications (such as test data or user credentials you input). This data is used solely for demonstration purposes within the demo environment and is not used for any other purpose or shared outside of showcasing TurboStarter functionality.

We may also collect limited technical information automatically when you visit our website (such as IP address, browser type, device information, and pages visited) to operate, secure, and maintain our services.

Data TypeRetentionReason
Email addressesUntil unsubscribed + 30 daysNewsletter management
Account & authenticationFor as long as your account is active, unless a longer retention period is required by lawOperating and securing service
Usage data12 months, then anonymizedService improvement
Contact inquiries1 year after last contactSupport follow-up
Demo data30 days after sessionTesting only
Payment records7 yearsFinancial compliance

When we process personal data of individuals in the European Economic Area (EEA) or the United Kingdom, we rely on one or more of the following legal bases:

  • Consent (Art. 6(1)(a) GDPR):
    • Sending you newsletters and marketing emails when you subscribe.
    • Using non-essential cookies and analytics tools (for example, PostHog) after you have provided consent via our settings.
  • Contract (Art. 6(1)(b) GDPR):
    • Providing access to our website, demo applications, and any services you request.
    • Creating and managing your account, including storing authentication data, so that you can log in and use our services.
    • Processing payment-related information via Lemon Squeezy when you purchase our products or services.
    • Handling demo data you provide so that we can operate the demo or tool you are using.
  • Legal obligation (Art. 6(1)(c) GDPR):
    • Keeping payment and invoicing records for tax and accounting purposes.
  • Legitimate interests (Art. 6(1)(f) GDPR):
    • Responding to contact inquiries and general communication.
    • Maintaining and improving the security, stability, and performance of our website (for example, basic technical logs).
    • Producing aggregated, anonymized statistics that do not identify you.

Where we rely on consent, you can withdraw your consent at any time as described below. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

Cookies

Cookies are small text files that are stored on your device when you visit our website. We use cookies and similar technologies for the following purposes:

  • Essential / authentication cookies: These cookies are necessary to provide the service, for example to keep you logged in, maintain your session, and protect your account from unauthorized access. Without them, core features of the site would not function properly. The legal basis for using these cookies is the performance of a contract (Art. 6(1)(b) GDPR) and our legitimate interests in securing our services (Art. 6(1)(f) GDPR).
  • Analytics cookies (PostHog): We use PostHog to understand how visitors use our website and to improve our services (for example, which pages are visited and how users interact with features). These cookies are not strictly necessary and are only used after you have given your consent via settings. The legal basis for using these cookies is your consent (Art. 6(1)(a) GDPR).

Non-essential cookies (for example, analytics cookies) are not activated until you provide explicit consent through settings.

You can manage or withdraw your consent for non-essential cookies at any time using your browser settings and, where available, the cookie preferences tool on our website. Disabling certain cookies may affect the functionality of some features.

Data Storage

We use Neon as our primary managed database provider. User account and authentication data, as well as data from demo applications and free tools, is stored in a Neon database and processed only to the extent necessary to provide, secure, and maintain our services, in line with our contractual relationship with you and applicable data protection laws.

GDPR Compliance

If you are an EU resident, you have the right to request access to and deletion of your personal data at any time. Non-EU residents will also be granted these rights, ensuring the same level of privacy protection.

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing of your data
  • Portability – receive your data in a portable format
  • Object to processing based on legitimate interests – we will stop processing unless we demonstrate compelling legitimate grounds
  • Withdraw consent at any time (for consent-based processing)

To exercise any right, email hello@turbostarter.dev with your request. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. If you are located in the European Union, you can contact your local data protection authority. Our lead supervisory authority is the Polish Data Protection Office (UODO).

Data Sharing

We do not sell, trade, or rent your personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information with our business partners, trusted affiliates, and advertisers.

We may share your personal data with trusted service providers (data processors) who support us in operating our services (for example, hosting, databases, email delivery, analytics, and payments). These providers only process your data on our documented instructions and are contractually required to implement appropriate technical and organizational measures to protect your data.

We may also disclose your personal data where required to do so by law or in response to valid requests by public authorities (for example, a court or government agency).

Third Parties

We use third-party services, including:

  • Resend for sending transactional and marketing emails.
  • PostHog for page view analytics.
  • Lemon Squeezy for handling payments.
  • Neon for hosting our primary database, which stores user account, authentication, and demo/free tools data.

These services may collect personal and/or non-personal data as part of providing their services. We ensure that their privacy policies and contractual commitments provide an appropriate level of protection for your personal data and align with applicable data protection laws.

Where these third parties act as our data processors, they only process your personal data on our documented instructions and are bound by contractual obligations to implement appropriate technical and organizational measures to protect your data.

Data Processing & International Transfers

We use the following third-party processors under Data Processing Agreements (GDPR Article 28):

  • Resend (email): EU-US Data Privacy Framework certified
  • PostHog (analytics): EU-US Data Privacy Framework certified with SCCs backup
  • Neon (database: account, authentication, demo/free tools data): EU-US Data Privacy Framework certified; GDPR-compliant DPA available
  • Lemon Squeezy (payments): Standard Contractual Clauses; PCI DSS Level 1 compliant

This may involve transferring your personal data outside the European Economic Area. Where we do so, we rely on appropriate safeguards such as adequacy decisions (including the EU-US Data Privacy Framework) or Standard Contractual Clauses to ensure your data continues to receive a level of protection essentially equivalent to that in the EU.

Data Breach Notifications

In the event of a personal data breach, we will:

  • Notify affected individuals and supervisory authorities without undue delay, and where feasible, within 72 hours of becoming aware of the breach
  • Provide information about the nature of the breach, affected data categories, likely consequences, and remedial measures taken
  • Document all breaches for regulatory verification

Security

We implement appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

While we work hard to protect your personal data, no method of transmission or storage is completely secure. We cannot guarantee absolute security of your data; however, we review and improve our safeguards on an ongoing basis.

Age Restrictions

Our website and services are not directed to children under the age of 16. We do not knowingly collect personal information from children under the age of 16.

If we become aware that we have collected personal data from a child under 16 in violation of this section, we will take reasonable steps to delete such information as soon as possible. If you believe that a child has provided us with personal data, please contact us at hello@turbostarter.dev.

Our website may contain links to external sites that are not operated by us. We have no control over the content and practices of these sites and cannot accept responsibility or liability for their respective privacy policies.

Changes to This Privacy Policy

We may update this privacy policy from time to time. When we do, we will revise the updated date at the top of this page. We encourage users to frequently check this page for any changes to stay informed.

Contacting Us

For any questions or concerns regarding your privacy, you may contact us using the following details:

Bartosz Zagrodzki
hello@turbostarter.dev

Your continued use of our website will be regarded as acceptance of our practices around privacy and personal information.

Ship your startup everywhere. In minutes.

Skip the complex setups and start building features on day one.

Get TurboStarter