Privacy Policy
(GDPR – Belgium/EU)
Last updated: 17 June 2026
1. Who is the controller?
Hazze – Rozenlaan 14, 2531 Vremde
Company/VAT number: BE0780.362.624
Email: info@centpilot.be · Phone: +32 473 90 90 81
2. Who does this policy cover?
Visitors of our website, consumers who purchase the digital content (Excel file) or book a consult, and users of the CentPilot web app (app.centpilot.be). This website and app are not aimed at children.
3. Which personal data do we process?
- Identification and contact details (name, email, phone if supplied).
- Transaction data (order, price, date/time, invoice details).
- Payment data (processed by our payment provider; we do not receive full card numbers).
- Appointment data (chosen timeslot, channel in-person/video, optional notes).
- Technical data (IP address, basic browser/device information, server and security logs).
- Travel cost calculation (only when relevant: starting point "Rozenlaan, Vremde", distance to the location).
Only for users of the CentPilot web app:
- Account data (name and email address via Google OAuth or magic link).
- Budget data (income, fixed costs, recurring expenses, savings categories, and transaction descriptions you enter yourself). These are financial planning data you input — we never connect to your bank account or payment data.
- Session data (authentication tokens, session duration).
4. For what purposes and on which legal bases?
- Contract performance (Art. 6(1)(b) GDPR): delivering the digital download, planning and performing the consult, customer communication.
- Legal obligation (Art. 6(1)(c) GDPR): bookkeeping, fiscal obligations (invoicing/archiving).
- Legitimate interest (Art. 6(1)(f) GDPR): website/app security, fraud- and abuse-prevention, service optimisation (no profiling).
- Consent (Art. 6(1)(a) GDPR): only for optional items (e.g. marketing communication). You can withdraw consent at any time.
5. Who do we share data with?
- Payment provider: Stripe (payment processing; may act as its own controller for fraud prevention).
- Hosting: our infrastructure provider (to run the site and provide security).
- Email: our email provider for customer communication and invoices.
- Scheduling: our booking tool (only when you book a consult).
- Digital delivery: storage/delivery partner to provide your download securely.
- Backend & database: Convex (database storage and server logic for the web app; data is stored on EU servers in eu-west-1). A data processing agreement (DPA) has been signed with Convex. Convex encrypts all data at rest (AES-256) and in transit (TLS).
We sign data processing agreements with processors. Suppliers may be located outside the EEA; in that case we rely on appropriate safeguards (e.g. EU Standard Contractual Clauses).
6. Retention periods
- Orders/invoices: at least 7 years (tax retention requirement).
- Appointment/support data: up to 24 months after the last contact.
- Security/server logs: up to 12 months, unless required longer for incident handling.
- Marketing consent: until withdrawal plus a limited administrative retention period.
- Web app budget data: retained for as long as your account is active. When you delete your account, all budgets, transactions, and associated data are immediately and permanently deleted.
7. Cookies and tracking
We only use strictly necessary functionality (e.g. basic server logs and checkout via Stripe). We do not place marketing cookies or profiling scripts. Third-party services (such as Stripe on their own domain) may place their own cookies according to their policies.
8. Your rights
You have, within legal limits, the right to:
- access your data,
- rectification and erasure,
- restriction of processing,
- data portability,
- object to processing based on legitimate interest,
- withdraw consent (where applicable).
You can exercise these rights via info@centpilot.be. We usually respond within 30 days. You also have the right to lodge a complaint with the Belgian Data Protection Authority:www.gegevensbeschermingsautoriteit.be.
Users of the CentPilot web app can permanently delete their account and all associated data themselves via Settings → Delete account. Once deleted, data cannot be recovered.
9. Security
We take appropriate technical and organisational measures to protect your data (including encrypted transport layers, access control and need-to-know principles). No system is 100% secure; please report potential vulnerabilities to info@centpilot.be.
9bis. Specific to the CentPilot web app
- No bank connection. CentPilot never requests access to your bank account or payment data. All budget data is entered by you.
- Where your data is stored. Web app data is stored with Convex on EU servers (region eu-west-1). No transfer outside the EU takes place for the storage of budget data. A data processing agreement (DPA) has been signed with Convex in accordance with the GDPR.
- Application-level encryption. Sensitive text fields — such as descriptions of income, expenses, and transactions — are encrypted with AES-256-GCM before they reach the server. Amounts are not encrypted at rest because they are required for server-side calculations such as balances and totals. This means that even in the event of a technical incident, the readable text of your budget data remains protected.
- Developer access. As the data controller, Hazze has technical access to the database for maintenance and troubleshooting. Due to application-level encryption, text fields are not readable without the key. We only access user data when strictly necessary for technical support, never for commercial purposes or on our own initiative.
- Account deletion. You can delete your account and all associated data at any time via the app. After deletion, your data is permanently and immediately erased from our systems.
- Authentication. Sign-in is via Google OAuth or a magic link by email. We do not store passwords. A Google account and a magic link account with the same email address are treated as two separate accounts.
10. International transfers
If data is processed outside the EEA, we ensure appropriate safeguards (such as Standard Contractual Clauses) and additional measures where required. You can request more information about this.
11. Automated decision-making
We do not carry out automated decision-making with legal or similarly significant effects on individuals.
12. Contact and questions
Questions about this policy or your privacy? Email us at info@centpilot.be.
13. Changes
We may update this privacy policy. The current version is always available on this page with the date of last update.