Squidir launches soon — Get early access and be among the first to discover European SaaS.

Squidir
Legal

Privacy Policy

Last updated: 21 June 2026

Squidir ("we", "us", "our") is operated by SVERN and hosted on EU infrastructure. This policy explains what data we collect, why, and your rights under GDPR.

1. Data controller

The data controller is SVERN. For privacy-related requests, contact: privacy@squidir.com

2. Data we collect

Visitors (no account)

  • Aggregated, anonymous analytics (page views, referrers). No individual tracking. No fingerprinting. No PII stored.
  • Cookie consent preferences (stored locally via EasyConsent).

Vendors (registered accounts)

  • Email address and password (hashed, never stored in plain text).
  • Company name, product URL, VAT number (for EU verification).
  • Product listing data you provide (description, category, pricing URL).
  • Claim verification data (DNS records or email domain confirmation).

3. How we use your data

  • To operate the directory — display your product listing, verify EU status, process claims.
  • To verify EU VAT — your VAT number is sent to the European Commission's VIES API (public registry). We don't store any data returned beyond the verification result.
  • To communicate with you — claim confirmation emails, account notifications. No marketing without explicit opt-in.

4. Legal basis (GDPR)

  • Contract performance — processing necessary to provide the service you signed up for.
  • Legitimate interests — operating the public directory, fraud prevention.
  • Consent — optional analytics cookies (you can decline via the cookie widget).

5. Directory listings of third-party products

Squidir aggregates publicly available information about software products. This data (product name, description, URL, country) is sourced from public websites and does not constitute personal data under GDPR. Vendors can claim, update, or request removal of their listing at any time by contacting team@squidir.com.

6. Data storage and transfers

All data is stored on EU-based infrastructure (AWS eu-central-1, Frankfurt). We do not transfer personal data outside the European Economic Area. Email is sent via Amazon SES (EU region).

7. Data retention

  • Account data: retained while your account is active + 30 days after deletion request.
  • Analytics data: aggregated and anonymised, no time limit.
  • Claim verification tokens: deleted 72 hours after expiry.

8. Your rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion ("right to be forgotten").
  • Object to processing based on legitimate interests.
  • Data portability (receive your data in a machine-readable format).
  • Lodge a complaint with your national data protection authority.

To exercise any of these rights, email privacy@squidir.com. We'll respond within 30 days.

9. Cookies

We use a GDPR-compliant cookie consent manager (EasyConsent). You can review and change your preferences at any time by clicking the cookie icon in the bottom-left corner. We use strictly necessary cookies for authentication and optional analytics cookies (only with your consent).

10. Changes to this policy

We'll notify registered vendors by email of any material changes. Minor updates may be made without notice. The "last updated" date at the top of this page always reflects the current version.