Selectronyx
    Back to App
    Privacy Policy
    Selectronyx FairSpec | Last Updated: March 2026
    We take your privacy seriously. This policy explains what data we collect, why we collect it, and your rights under the GDPR and applicable privacy laws.
    Contents
    1. Who We Are
    4. Legal Basis
    7. Your Rights
    10. Contact
    2. Data We Collect
    5. Data Sharing
    8. Cookies
    3. How We Use Your Data
    6. Data Retention
    9. Security
    1. Who We Are

    Selectronyx ("we", "us", "our") is the data controller of your personal data for the FairSpec platform ("the Service").

    Registered company: Selectronyx BV
    Country: The Netherlands
    Contact: dpo@selectronyx.com
    2. Data We Collect

    2.1 Account Data

    • Names and email addresses for account creation and login via Google OAuth
    • Payment details via Stripe (payment)
    • Company details/addresses for invoicing

    2.2 Usage Data

    • Bill of Materials (BOM) files uploaded (though no personal data is in these files)
    • Search queries and parts-viewed history
    • Features you use and frequency/duration of your usage
    • API requests logs (for enterprise users)

    2.3 Technical Data

    • IP addresses and browser/device types (for security and fraud prevention)
    • Session identifiers (via JWT/HTTP-Only Cookies)
    • Timestamps of logins and page views

    2.4 Payment Data

    Payment card details are securely handled by Stripe. Selectronyx never stores or processes full credit card numbers. Please review Stripe's privacy policy.

    2.5 Data We Do Not Collect

    • We do not collect special category data (health, ethnicity, biometrics, etc.)
    • We do not track you across third-party websites
    • We do not sell your data to any third party.
    3. How We Use Your Data
    PurposeData Used
    Provide and operate the FairSpec ServiceAccount data, BOM data, usage data
    Process subscriptions/paymentsEmail, Stripe customer ID
    Send transactional emails (invoices, alerts)Email address
    Respond to support requestsEmail, account data
    Detect fraud/secure your accountIP address, session data, logs
    Improve the Service (anonymous analytics)Anonymized usage patterns
    Comply with legal obligationsAs required by law
    4. Legal Basis for Processing (GDPR)

    Contractual Necessity (Art 6(1)(b)): Processing your account and BOM data is strictly required for us to deliver the Service.

    Legitimate Interests (Art 6(1)(f)): Improving the platform, detecting fraud, and analyzing aggregated metrics. You can always opt-out of analytics.

    Legal Obligation (Art 6(1)(c)): Retaining financial records for tax purposes (e.g. HMRC).

    Consent (Art 6(1)(a)): Optional marketing communications — you may withdraw consent at any time.

    5. Data Sharing & Third Parties

    We use trusted sub-processors to run the platform. They only process data on our behalf under strict DPA terms.

    Sub-ProcessorPurposeLocation
    Vercel, Inc.Hosting and API deliveryUSA (AWS)
    Supabase (Amazon Web Services)Database storageEU (AWS)
    Stripe, Inc.Payment processingUSA, Global
    PostmarkEmail delivery (transactional)USA, Global
    MixpanelProduct analytics (anonymized data)USA, Global
    Nexar / Octopart (Altium LLC)Component data/pricing lookupsUSA, Global

    * Note: Component search API calls to Nexar are anonymized. No user account data is sent to Nexar.

    6. Data Retention

    We retain data only as long as necessary for the purpose it was collected:

    Useful Account Data: Kept as long as your account is active. If you delete your account, this data is removed unless legal requirements apply.

    Financial Records: Invoices and transactional data are retained for 7 years to comply with tax laws. Credit card numbers are not stored.

    BOM/Component Data: We retain your uploaded BOM lists and analysis data to provide the service. You can delete these anytime via your account.

    HTTP / API Logs: Kept for security analytics for 90 days, then automatically purged.

    7. Your Rights

    Under the GDPR, you have the following rights. You may exercise any of these by emailing dpo@selectronyx.com. We will respond within 30 days.

    Right to Access (Art. 15)
    You can request a copy of the personal data we hold about you.
    Right to Rectification (Art. 16)
    You can ask us to correct inaccurate or incomplete data.
    Right to Erasure (Art. 17)
    "Right to be forgotten." You can ask us to delete your data when it is no longer needed.
    Right to Restrict (Art. 18)
    You can ask us to pause processing of your data under certain circumstances.
    Right to Data Portability (Art. 20)
    You can ask for a structured, machine-readable copy of your data to transfer elsewhere.
    Right to Object (Art. 21)
    You can object to processing based on legitimate interests (like marketing).
    Right to withdraw consent
    Where you have provided consent, you may withdraw it at any time.
    Right to complain to the ICO/DPA
    You have the right to lodge a complaint with your local Data Protection Authority.
    8. Cookies & Local Storage

    We use cookies and local storage to make the Service function:

    NamePurposeDuration
    __session (HTTP-Only)Authenticates your session. Strictly necessary.14 days
    supabase.auth.tokenOAuth authenticationSession
    mixpanel_cookieProduct usage analytics (anonymized)1 year

    You can disable analytics cookies via your browser or the cookie banner. You cannot disable the authentication cookies, or the service will not function.

    9. Security

    We implement appropriate technical and organizational measures to protect your data:

    • All data is encrypted in transit (TLS 1.2+)
    • Databases use AES-256 encryption at rest (AWS KMS)
    • Authentication tokens are stored in HTTP-Only, secure cookies
    • Passwords/OAuth tokens are securely hashed/stored by Supabase
    • Access to production databases is strictly limited to core engineers

    In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform you directly.

    10. Contact & Updates

    For any privacy-related questions or to exercise your rights:

    Email: dpo@selectronyx.com
    Address: Keizersgracht 482, The Netherlands.

    We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users and/or by a prominent notice on the Service at least 14 days before the changes take effect. The "Last Updated" date at the top of this page will always reflect the current version.

    View Terms of Service

    See where your BOM stands today.

    Sign up free, upload your Bill of Materials, and get a FairSpec score in seconds. No credit card required.

    Sign Up & Audit Your BOM →Free trial • No credit card • Sign in with Google or email