Vlot

Privacy Policy

Last updated: 1 May 2026 · Version 1.0

Introduction

Vlot (“we,” “our,” or “us”) operates the qcut.nl website and mobile application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Information We Collect

Personal Information

  • Account Information: Name, email address, phone number when you create an account
  • Payment Information: Payment card details processed securely through our payment providers (Adyen/Mollie)
  • Location Data: Approximate location to show nearby coffee shops

Usage Information

  • Order History: Details of orders placed, preferences, and purchase behavior
  • Device Information: IP address, browser type, device identifiers
  • Analytics: Aggregated usage statistics collected via Umami (cookieless, GDPR-compliant)

How We Use Your Information

We use collected information to:

  • Process and fulfill your orders
  • Communicate order status and updates
  • Improve our service and user experience
  • Comply with legal obligations (VAT reporting, anti-fraud measures)
  • Send marketing communications (with your consent)

Data Sharing

We share your information only with:

  • Merchants: To fulfill your orders
  • Payment Processors: Adyen/Mollie for secure payment processing
  • Service Providers: Hosting (Hetzner, EU-based), analytics (self-hosted Umami)

We never sell your personal information to third parties.

Your Rights (GDPR)

As an EU resident, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Object to processing
  • Data portability
  • Withdraw consent

Contact us at privacy@qcut.nl to exercise these rights.

Data Retention

  • Active Accounts: Data retained while account is active
  • Inactive Accounts: Anonymized after 3 years of inactivity
  • Order History: Retained for 7 years for tax compliance
  • Payment Data: Never stored; handled by PCI-compliant processors

Security

We implement industry-standard security measures:

  • TLS 1.3 encryption for data in transit
  • AES-256 encryption for data at rest
  • Regular security audits
  • EU-only data storage (GDPR compliance)

Cookies

We use minimal cookies:

  • Essential: Session management, authentication
  • Analytics: Cookieless tracking via Umami (no consent required under GDPR)

We do not use third-party advertising or tracking cookies.

Changes to This Policy

We may update this policy. Last updated date shown at the top. Material changes will be notified via email.

Contact Us

For privacy questions:

  • Email: privacy@qcut.nl
  • Please contact us by email for privacy-related requests and correspondence.

Data Protection Officer

For GDPR-related inquiries: dpo@qcut.nl