Privacy Policy
Last updated: March 29, 2026
Myelin Labs, established in the Netherlands and registered with the Dutch Chamber of Commerce under number 42002898, is the data controller for personal data processed through VisScanner (visscanner.nl).
1. Contact details
Myelin Labs
Email: [email protected]
Chamber of Commerce (KvK): 42002898
2. What personal data we process
Account data
When you sign in via Google or Microsoft, we receive:
- Name
- Email address
- Profile picture (URL)
- Unique identifier from the login provider
Subscription data
When you purchase a paid subscription, we process the following via our payment processor Stripe:
- Stripe customer ID and subscription ID
- Subscription status, tier (Explorer / Specialist), and cancellation date if applicable
Payment details (such as credit card numbers) are processed exclusively by Stripe. We do not store this data.
Technical data
- IP address: temporarily held in memory only for rate limiting and security; not permanently stored
- Server logs: timestamp, error messages, and authentication/payment events (rotating log files, retained for approximately 30 days)
Preferences
- Language preference (Dutch, English, or German): stored in a cookie on your device
- Location data: if you use the GPS feature or set a home location, the coordinates (latitude and longitude) are stored exclusively in your browser's local storage. These coordinates are sent to our server as anonymous query parameters to retrieve local map and forecast data, but are not linked to your account and are not permanently stored on our servers.
3. Purposes and legal bases
| Purpose | Legal basis (GDPR) |
|---|---|
| Creating and managing your account | Performance of a contract (Art. 6(1)(b)) |
| Processing subscriptions and payments | Performance of a contract (Art. 6(1)(b)) |
| Security and abuse prevention (rate limiting) | Legitimate interest (Art. 6(1)(f)) |
| Maintaining server logs | Legitimate interest (Art. 6(1)(f)) |
| Remembering language preference | Consent (Art. 6(1)(a)) |
| Storing and using location data for personalised map and forecast display | Consent (Art. 6(1)(a)) |
| Analysing website usage (Google Analytics) | Consent (Art. 6(1)(a)) |
4. Recipients
We share personal data with the following parties, solely for the purposes described above:
| Party | Purpose | Country |
|---|---|---|
| Google (OAuth) | Sign in with Google account | US |
| Google (Analytics) | Website usage analysis (with IP anonymisation) | US |
| Microsoft (OAuth) | Sign in with Microsoft account | US |
| Stripe | Payment processing | US |
We do not sell personal data to third parties. No third-party advertising cookies are used. Analytics cookies (Google Analytics) are only placed with your consent.
5. Transfers outside the EEA
Google, Microsoft, and Stripe are based in the United States. Transfers of personal data to these parties are based on:
- The European Commission's adequacy decision for the EU-US Data Privacy Framework (DPF), insofar as the relevant party is DPF-certified
- Standard Contractual Clauses (SCCs) as an additional safeguard
6. Retention periods
| Data | Retention period |
|---|---|
| Account data | As long as your account is active; deleted within 30 days after account removal |
| Subscription data | Duration of the subscription, plus 7 years as required by Dutch tax law |
| Server logs | Maximum 100 MB (approximately 30 days), then automatically overwritten |
| Language preference (cookie) | 1 year, or until you delete the cookie |
| Location data (local storage) | Indefinitely, until you clear your browser data or remove the home location |
| Analytics cookies (Google Analytics) | 2 years, or until you withdraw consent |
7. Your rights
Under the GDPR, you have the following rights:
- Access — request which data we process about you
- Rectification — have inaccurate data corrected
- Erasure — have your data deleted
- Restriction — restrict the processing of your data
- Portability — receive your data in a common format
- Objection — object to processing based on legitimate interest
Contact [email protected] to exercise your rights. We will respond within 30 days.
8. Cookies
We use functional cookies (language preference and session) and analytics cookies (Google Analytics, only with your consent). No advertising cookies are placed. See our Cookie Policy for more information.
9. Security
We take appropriate technical and organisational measures to protect your data, including encrypted connections (HTTPS), secure session cookies (HttpOnly, SameSite, Secure), and access controls.
10. Automated decision-making
VisScanner uses machine learning models to generate fishing predictions. These models process exclusively environmental data (water quality, weather, biodiversity) and do not make decisions based on personal data.
11. Changes
We may update this privacy policy from time to time. The date at the top indicates the last change. For material changes, we will notify you via the website.
12. Complaints
If you have a complaint about how we handle your data, please contact us first at [email protected]. You also have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).