Skip to main content

Privacy Policy

Last updated: March 31, 2026

Bijstra AI & Engineering Consultancy (hereinafter: 'we', 'us', 'our') respects your privacy and processes personal data in accordance with the GDPR. This policy describes how we collect, use and protect your data when using AI Act Scanner.

1. Data Controller

Bijstra AI & Engineering Consultancy is responsible for the processing of your personal data.

  • โ€ขBijstra AI & Engineering Consultancy
  • โ€ขHoofdweg 246, 8475CE Nijeholtpade, the Netherlands
  • โ€ขEmail: info@aiactscanner.com
  • โ€ขCoC: 97971898 | VAT: NL005300763B37

2. Data We Collect

  • โ€ขEmail address โ€” upon registration and for scan notifications
  • โ€ขName โ€” optional, upon registration
  • โ€ขWebsite URLs โ€” that you enter for scanning
  • โ€ขIP address โ€” for rate limiting and security
  • โ€ขPayment data โ€” via Mollie (we do not store credit card numbers)
  • โ€ขSession data โ€” for authentication (session token in cookie)
  • โ€ขLog data โ€” error logs, audit trail and rate limiting logs (IP address, route, timestamp)

3. Purpose of Processing

  • โ€ขPerforming website scans and reporting
  • โ€ขProcessing payments
  • โ€ขSending scan results by email
  • โ€ขSecurity and abuse prevention
  • โ€ขLegal obligations

4. Legal Basis

We process your data on the basis of: (a) performance of the contract (performing the scan), (b) legitimate interest (security, abuse prevention), and (c) consent (email notifications).

5. Third Parties

We share your data with the following processors:

  • โ€ขCloudflare โ€” hosting, CDN and DDoS protection (EU/US)
  • โ€ขMollie โ€” payment processing (Netherlands)
  • โ€ขMailjet โ€” email delivery (France, EU)
  • โ€ขJortt โ€” accounting and invoicing (Netherlands)
  • โ€ขMistral AI โ€” AI analysis of scan results (France, EU)

6. International Data Transfers

Your data is primarily processed within the EU/EEA. Cloudflare also processes data in the United States under the EU-US Data Privacy Framework. All other processors (Mollie, Mailjet, Jortt, Mistral AI) are established in the EU/EEA.

7. Retention Periods

Scan results are stored for a maximum of 12 months. Account data is retained as long as your account is active. After account deletion, data is erased within 30 days. Payment data and invoices are retained for 7 years in accordance with Dutch fiscal legislation (Art. 52 AWR).

8. Automated Decision-Making

We use AI (Mistral AI) for the analysis of scan results. This does not constitute automated decision-making within the meaning of Article 22 GDPR โ€” the results are purely informational and have no legal effects on you.

9. Your Rights

You have the right to access, rectification, erasure, restriction, portability and objection. Contact us at info@aiactscanner.com. You can also file a complaint with the Dutch Data Protection Authority (autoriteitpersoonsgegevens.nl).

10. Security

We implement appropriate technical and organisational measures: encrypted connections (HTTPS/TLS), hashed passwords (PBKDF2), rate limiting, SSRF protection and regular security updates.

11. Changes

We may update this privacy policy. The most recent version is always available on this page.

โ† Home