Privacy Policy

Last updated: March 2026 · Applies to mvvexamen.nl

MVV Klaar is operated by the team behind MVV Klaar, based in the Netherlands. This policy explains how we collect, use, and protect your personal data in compliance with the EU General Data Protection Regulation (GDPR / AVG).

1. Who We Are (Controller)

The data controller responsible for your personal data is:

Location: Netherlands
Email: info@mvvexamen.nl
Website: mvvexamen.nl

2. What Data We Collect

Our service is intended for users aged 18 and over. We do not knowingly collect data from anyone under 18.

We collect only the minimum data needed to provide our service:

Email address — the only personal data we collect. Used to send a one-time login code and to identify your account.
Practice progress — which questions you have answered and how. Stored to let you continue where you left off.
Payment status — whether you have purchased the full version. We do not store card details (processed by Stripe).
Study deadlines — optional target dates you set for each section to track your preparation. Not linked to any official exam registration.
IP address and device info — collected automatically by our service provider (Cloudflare).

3. Why We Process Your Data (Legal Basis)

Contract performance (Art. 6(1)(b) GDPR) — processing your email and progress is necessary to deliver the service you signed up for.
Legitimate interest (Art. 6(1)(f) GDPR) — basic security logging and fraud prevention.
Consent (Art. 6(1)(a) GDPR) — optional analytics cookies (only if you accept in the cookie banner).

4. How We Store Your Data

Your email, progress and payment status are stored securely on servers hosted within the EU.
Session data is stored locally in your browser — on your device only.
We do not use Google Analytics or Facebook Pixel.
We use privacy-friendly analytics that do not use cookies or fingerprinting.

5. How Long We Keep Your Data

Login sessions: expire after 24 hours. You log in once per day with your email and a one-time code.
Free accounts: email, progress and study deadlines are kept for 180 days from your last login. Logging in resets this timer.
Paid accounts: data is kept for 2 years from your last login (lifetime access).
OTP codes: deleted automatically after 10 minutes.
Rate limit records: deleted automatically after 1 hour.
Payment records: kept for 7 years as required by Dutch tax law (Belastingdienst).
Account deletion: free users can delete all data instantly via account settings. Paid users can request deletion by emailing info@mvvexamen.nl — processed within 48 hours.

6. Who We Share Your Data With

We do not sell or share your personal data with third parties for marketing. We use the following sub-processors, all bound by GDPR-compliant data processing agreements:

Cloudflare, Inc. (USA, EU-US Data Privacy Framework) — hosting, CDN, serverless compute and key-value storage. Your data is processed in the EU (Western Europe region). Privacy policy
Resend, Inc. (USA) — transactional email for sending your login code and payment link. Only your email address is shared. Privacy policy
Stripe, Inc. (USA, EU-US Data Privacy Framework) — secure payment processing, PCI-DSS certified. Your email address is shared for payment confirmation. Card details are never stored by us. Privacy policy

7. International Data Transfers

Some of our sub-processors are based outside the EU/EEA (Cloudflare and Stripe in the USA, Resend in the USA). All international transfers are covered by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring your data receives equivalent protection regardless of where it is processed.

MVV Klaar users may be located outside the EU (e.g. India, Morocco, Turkey). By using our service, you acknowledge that your data may be transferred to and processed in the Netherlands and the USA under the safeguards described above.

8. Your Rights Under GDPR

As an EU resident you have the following rights:

Right of access — request a copy of the data we hold about you.
Right to rectification — ask us to correct inaccurate data.
Right to erasure — ask us to delete your account and all associated data ("right to be forgotten").
Right to data portability — receive your data in a machine-readable format.
Right to object — object to processing based on legitimate interest.
Right to restrict processing — request we limit how we use your data.

To exercise any of these rights, email us at info@mvvexamen.nl — we will respond within 30 days.