Glimmer & Stitch
Back

Privacy Policy

Last updated: May 2026

We care about your privacy. This policy explains plainly what data we collect, why we collect it, how we protect it, and what rights you have. We collect only what we need and we never sell your data.

1. Who we are

Glimmer & Stitch is a pattern design tool developed and operated by Borduurshop Hengelo, Twekkelerplein 40–41, 7553 LK Hengelo, the Netherlands. KvK: 63474867. VAT: NL001663377B78.

Borduurshop Hengelo is the data controller for all personal data processed through the Glimmer & Stitch Service. For privacy-related questions, contact us at info@borduurshophengelo.nl.

2. What data we collect

Account data

When you register, we collect your email address and a display name. This is used solely to authenticate you, manage your account, and deliver the Service. You can use the Service without an account, in which case no personal data is collected.

Pattern and image data

Patterns you create or save are stored in our database to enable cloud sync, editing, and exporting. Images you upload are processed on our servers to generate your pattern and then stored in your account library. We do not use your images for any other purpose.

Usage data

We collect basic, anonymised usage information (such as which features are used and how often) to understand how to improve the Service. This data cannot be used to identify you individually.

Payment data

Credit purchases are processed by Mollie, our payment processor. We do not receive or store your payment card details. Mollie processes all payment data in accordance with PCI-DSS standards and their own privacy policy.

3. Why we use your data

We use the data we collect only for the following purposes:

  • To provide, maintain, and improve the Service
  • To authenticate your account and keep your session secure
  • To save and synchronise your patterns across devices
  • To process credit purchases and enable pattern PDF exports
  • To send transactional emails (e.g. account confirmation, password reset, purchase receipt)
  • To comply with legal obligations

We do not use your personal data for advertising. We do not sell, rent, or share your data with third parties for marketing purposes.

4. Legal basis for processing (GDPR)

We process your personal data on the following legal grounds under the GDPR:

  • Contract performance — processing your account data and patterns is necessary to provide the Service you have requested
  • Legitimate interests — analysing anonymised usage data to improve the Service, where this does not override your privacy rights
  • Legal obligation — retaining financial records as required by Dutch tax law
  • Consent — for any optional communications such as newsletters, where you have explicitly opted in

5. Who we share data with

We share your data only with service providers who help us deliver the Service, and only to the extent necessary. All processors are bound by data processing agreements.

Mollie (payment processing)

Mollie processes your payment details when you purchase credits. They are PCI-DSS compliant. See mollie.com/en/privacy for their privacy policy.

Supabase (hosting & database)

Your account data and patterns are stored on Supabase-hosted infrastructure. Data is stored in the EU. See supabase.com/privacy for their privacy policy.

WebwinkelKeur (reviews)

If you leave a review through WebwinkelKeur, your name and email address are shared with them. They use this data only to manage the review and may publish your name on their platform.

No other sharing

We do not share your data with advertisers, analytics brokers, or any other third parties not listed here. We do not transfer your data outside the European Economic Area, except where processors are bound by EU Standard Contractual Clauses.

6. Cookies and local storage

We use a single session cookie to keep you logged in while you use the Service. We do not use advertising cookies, third-party tracking pixels, or cross-site tracking of any kind.

Patterns you create without an account are stored in your browser's local storage. This data never leaves your device and is not sent to our servers.

7. Data retention

We keep your account data and patterns for as long as your account is active. If you delete your account, your personal data and patterns are removed within 30 days. We may retain anonymised usage statistics indefinitely.

Financial transaction records are retained for 7 years as required by Dutch tax law (Belastingdienst). Access to these records is strictly limited.

8. Security

All data is transmitted over HTTPS. Passwords are stored as salted cryptographic hashes and are never readable by us. We apply appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure.

In the unlikely event of a data breach that poses a risk to your rights, we will notify the Dutch Data Protection Authority within 72 hours and inform you without undue delay.

9. Your rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

  • Right of access — you may request a copy of all personal data we hold about you
  • Right to rectification — you may ask us to correct inaccurate or incomplete data
  • Right to erasure — you may ask us to delete your data (the 'right to be forgotten')
  • Right to restriction — you may ask us to limit how we use your data
  • Right to data portability — you may request your data in a machine-readable format
  • Right to object — you may object to processing based on legitimate interests

To exercise any of these rights, contact us at info@borduurshophengelo.nl. We will respond within 30 days. We may ask you to verify your identity before processing the request.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl if you believe we are processing your data unlawfully.

10. Changes to this policy

We may update this privacy policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. If we make significant changes that affect how we use your data, we will notify you by email.

11. Contact

Questions or requests about your privacy? Please reach out — we aim to respond within 2 working days.

Borduurshop Hengelo — Twekkelerplein 40–41, 7553 LK Hengelo — info@borduurshophengelo.nl — +31 (0)74 349 1241

Privacy contact: Erna Pinkster

© 2026 Glimmer & Stitch / Borduurshop Hengelo