🚨 Important: API v2 launching in early 2026 - Pricing will change to subscription-based. Learn more and secure your lifetime access today!

Back

Privacy Policy for Human Design API


Effective Date: November 28, 2024
Last Updated: December 29, 2025

At Human Design API (a service provided by App de Bock), we take your privacy and the privacy of your clients seriously. This policy explains how we collect, use, and protect your personal information in compliance with the General Data Protection Regulation (GDPR).

1. Identity of the Data Controller

For the purposes of account management and billing, the Data Controller is:

    - Legal Entity: App de Bock
    - Address: Holsteynstraat 7ZW, 2021 HJ Haarlem, Netherlands
    - Contact: info@appdebock.nl

2. Information We Collect and Why

We process different types of data depending on how you interact with our services:

A. Customer Account & Billing Data
When you create an account or purchase an API package, we collect your name, email address, and payment details.

    - Purpose: To manage your account, provide technical support, and process payments.
    - Billing Records: We are legally required to keep financial records for tax purposes.

B. API Birth Data (Our Role as Data Processor)
When your application sends birth data (date, time, and location) to our API, we act as a Data Processor.

    - Processing: This data is processed strictly in-memory to generate a Human Design Profile.
    - Storage: We do not store this data on any disk or database. It is deleted immediately after the API response is sent.
    - Legal Basis: This processing is governed by the Data Processing Agreement (DPA) found in Section 9 of our Terms of Service.

3. Data Retention

- Account Information: We retain your account data for as long as your account is active.
- Financial Records: We retain invoice and transaction data for 7 years, as required by Dutch tax law (fiscale bewaarplicht).
- API Data: Birth data is retained for 0 seconds after the API request is completed.

4. Cookies & Tracking

We use a minimal number of cookies to ensure our website and API dashboard function correctly. Because these cookies are "strictly necessary" for the technical operation of the service, they do not require your prior consent.

These are cookies that are essential for you to browse the website and use its features, such as accessing secure areas of the site or processing payments. Without these cookies, the services you have asked for cannot be provided.

You can choose to disable cookies through your individual browser options. However, please note that if you disable strictly necessary cookies, you may not be able to log in to your account or purchase API packages.

5. Third-Party Service Providers (Sub-processors)

We do not sell your data. We only share data with essential service providers:

    - Infrastructure: Google Cloud Platform (GCP). API processing occurs on servers located within the European Economic Area (EEA).
    - Payments: Stripe. Payment data is processed by Stripe. As Stripe is a US-based company, data transfers are protected by Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection.

6. Your Rights as a Data Subject

Under the GDPR, you have the following rights regarding your personal data:

    - Right of Access: You can request a copy of the data we hold about you.
    - Right to Rectification: You can ask us to correct inaccurate information.
    - Right to Erasure ("Right to be Forgotten"): You can request that we delete your account and personal data.
    - Right to Restriction & Objection: You can object to the processing of your data for legitimate interests.
    - Right to Data Portability: You can request your data in a machine-readable format.

To exercise these rights, please contact us at info@appdebock.nl.

7. Security

We implement appropriate technical and organizational measures to protect your data, including SSL/TLS encryption for all data in transit and a Privacy-by-Design architecture that ensures birth data never touches persistent storage.

8. Lodging a Complaint

If you believe that our processing of your personal data infringes on the GDPR, you have the right to lodge a complaint with a supervisory authority. In the Netherlands, this is: Autoriteit Persoonsgegevens PO Box 93374, 2509 AJ DEN HAAG

https://autoriteitpersoonsgegevens.nl/

9. Updates to this Policy

We may update this Privacy Policy to reflect changes in our practices or for legal reasons.

    - Significant changes: We will notify you by email.
    - Minor changes: We will update the "Last Updated" date at the top of this page.