Privacy, kept plain.

When you join the beta waitlist, we process the email address you submit, your optional name, signup source, signup date, and status information needed to manage the list. We use this to confirm your signup, prevent duplicate entries, send product and beta updates you asked to receive, and decide when to invite people into the product. The legal bases are your consent, taking steps before a possible agreement, and our legitimate interest in running a controlled beta.

When you contact us, we process the name, email address, subject, message, and any other information you choose to include. We use this to answer you, manage support or partnership requests, protect the website from misuse, and keep a record of business communications. The legal bases are taking steps at your request, our legitimate interest in responding and improving the service, and, where relevant, legal obligations.

We measure aggregate website use so we can understand whether the site is growing and which pages are useful. Our first-party analytics records daily totals by page path and referrer host. We do not use this system to store cookies, visitor IDs, raw referrer URLs, IP addresses, or user-agent strings.

Like most websites, technical systems may process request data needed to deliver pages, prevent abuse, secure the service, diagnose errors, and maintain availability. We use this only as necessary for security and operation. The legal basis is our legitimate interest in keeping the website safe and functional.

Please do not send special category data, such as health information, political opinions, religion, trade-union membership, biometric data, or criminal offence data. The website is not intended to collect that kind of information.

We keep waitlist records until you unsubscribe, ask us to delete them, or the beta waitlist is no longer needed. If you become a beta user, relevant data may become part of your product relationship and be covered by the product terms or a separate agreement.

We generally keep contact messages for up to 24 months after the last meaningful interaction, unless a longer period is needed to handle a dispute, comply with law, or maintain necessary business records.

Aggregate analytics may be kept for up to 24 months. Security and technical records are kept only as long as needed for security, diagnostics, fraud prevention, or legal obligations.

You can ask us to access, correct, delete, restrict, or transfer your personal data. You can also object to processing based on legitimate interests and withdraw consent where processing is based on consent. Withdrawal does not affect processing that happened before withdrawal.

Email hello@natma.app. We may ask for information needed to verify your identity. We aim to respond within one month, unless the request is complex or we receive many requests, in which case the GDPR allows an extension.

If you are not satisfied with how we handle your personal data, you can contact us first. You also have the right to lodge a complaint with the Dutch Data Protection Authority, the Autoriteit Persoonsgegevens, or another competent EU supervisory authority.

The website and waitlist are not intended for children under 16. If you believe a child has provided personal data without appropriate permission, contact us and we will take reasonable steps to delete it.

We use reasonable technical and organisational measures to protect personal data. No online system can be guaranteed completely secure, but we aim to limit access, collect only what we need, and review risks as the product develops.

We may update this Privacy Policy when the website, beta, law, or our processing changes. The date at the top shows when it was last updated. Material changes will be made reasonably visible on the website.