Privacy Policy
LAST UPDATE: NOVEMBER 25, 2025
1. Purpose
This Privacy Policy (the "Privacy Policy") is provided by Netrows, registered office in Balearic Islands, Spain (the "Company").
This Privacy Policy illustrates the commitment of the Company with regard to respecting your privacy and protecting your personal data from the following website: https://netrows.com/ (the "Site").
The Site notably allows you to:
- Have detailed information about the operations of Netrows
- Obtain information on the pricing of the Netrows service
- Have access to API documentation
- Have access to a support service
- Have access to a dashboard
- Create an account and a user space
- Access professional network data through our API
For any questions about this Privacy Policy and the processing of your personal data, you can contact the Company at the following email address: privacy@netrows.com or at the registered office postal address.
2. Processing of Your Personal Data
2.1. Description of the processing of your personal data
The main purpose of collecting your personal data is to offer you a safe, optimal, efficient and personalized experience. To this end, you agree that we may use your personal data to:
- provide our services and facilitate execution, including verifications concerning you;
- resolve any issues to improve the use of our Site and our services;
- personalize, evaluate and improve our services, content and materials;
- analyze the volume and history of your use of our services;
- prevent, detect and investigate potentially prohibited, illegal or contrary to good practices activities and ensure compliance with our Terms of Service;
- comply with legal and regulatory obligations.
We use personal data submitted to us only in compliance with applicable data protection laws.
For our customers who have registered on our Site, we process your personal data for the performance of the contract concluded between us for the provision of our services.
In accordance with current laws and regulations, the Company, acting as the data controller, collects some of your personal data during your visit to the Site:
- Email address
- First and last name
- Company name
- Login credentials
- Password (encrypted)
- Country
- Bank details (processed by Stripe, not stored by us)
When using our services, the following data is collected and managed:
- API usage logs and statistics
- Credit purchase history
- Subscription information
- Support messages
When you connect to the Site, the Company also collects the following personal data:
- Your connection logs
- Your IP address
- Your browser and device information
The submitted data must not include sensitive personal data, such as government identifiers (i.e. social security numbers, driver's license or taxpayer identification numbers), full credit card or personal bank account numbers, medical records, or details related to requests for care or treatment associated with individuals.
Data Processing Table
| Purpose | Legal Basis | Retention Period |
|---|---|---|
| Reception and management of contact requests | Based on your consent | Until consent is withdrawn or 3 years from last contact |
| Management of data subject rights requests | Necessary to respond to your requests | Up to 1 year from your request |
| Payment processing | Execution of contractual relationship | 13-15 months for card details (processed by Stripe) |
| Account management and API access | Execution of contractual relationship | Duration of contract + 5 years |
| Customer support and service improvement | Execution of contractual relationship | Duration of contract + 5 years |
| Fraud prevention and security | Legitimate interest of the Company | 3 years from end of relationship |
| Legal and regulatory compliance | Legal obligation | 5 years from end of relationship |
2.2. Recipients / Transfers of Your Personal Data
Access to your personal data is restricted to those individuals who need your personal data in order to fulfill the specific purpose of the processing. Your personal data may also be communicated by the Company to third parties:
- if the law or a legal procedure requires the Company to share your personal data;
- in response to the request of a public or judicial authority;
- when the Company considers that the transmission of your personal data is necessary or appropriate to ensure the safety of individuals or to protect the public.
Your personal data is transmitted to the following service providers:
- Supabase (Database and authentication - SOC 2 Type II certified)
- Vercel (Hosting and CDN - SOC 2 Type II certified)
- Stripe (Payment processor - PCI-DSS Level 1 certified)
- Resend (Transactional email delivery - SOC 2 Type II certified)
- Crisp (Customer support chat - GDPR compliant, ISO 27001 certified, EU-based)
Therefore, your personal data may be subject to transfer outside the European Economic Area to the United States (except Crisp which is EU-based in France).
The Company ensures a level of protection of your personal data identical to the level of protection provided by the application of the GDPR. We use Standard Contractual Clauses (SCCs) approved by the European Commission for all international data transfers. For more details, see our Data Processing Agreement.
2.3. Security
As part of its services, Netrows attaches the utmost importance to the security and integrity of its clients' personal data.
In accordance with the GDPR, Netrows shall take all relevant precautions to preserve the security of data and, in particular, to protect them against any accidental or unlawful destruction, accidental loss, corruption, circulation or unauthorized access, as well as against any other form of unlawful processing or disclosure to unauthorized persons.
Netrows implements industry-standard security measures including:
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for all data at rest
- API keys hashed with bcrypt (never stored in plaintext)
- Row Level Security (RLS) in database
- Multi-factor authentication (MFA) available
- Regular security audits and updates
- 24/7 security monitoring
Despite this, there is no absolute security. In the event that a security breach may affect you, Netrows shall inform you immediately and make its best efforts to take all possible measures to neutralize the intrusion and minimize the impacts.
For more details about our security measures, please see our Security Policy.
2.4. Your Rights Over Your Personal Data
You have the following rights over your personal data:
Rights of Access and Rectification
You can request access to your personal data. You can also request the rectification of your personal data that would be inaccurate or for your incomplete personal data to be completed. You also have the right to know the origin of your personal data.
Right to Erasure
You can request the deletion of your personal data when:
- Your personal data are no longer necessary for the purposes for which they were processed;
- You have chosen to withdraw your consent;
- You have objected to the processing of your personal data;
- Your personal data have been unlawfully processed;
- Your personal data must be erased to comply with a legal obligation.
You can delete your account directly from your dashboard settings.
Right to Object
You can object to the processing of your personal data in compliance with the legal obligations imposed on the Company.
Right to Restriction
You can request the restriction of processing of your personal data if you contest the accuracy of your personal data, the Company no longer needs your personal data for processing purposes, or you have objected to the processing of your personal data.
Right to Portability
You can ask the Company to provide you with your personal data in a structured, commonly used, machine-readable format (JSON), or request that they be "ported" directly to another data controller.
Right to Withdraw Your Consent
You can withdraw your consent to the processing of your personal data at any time. The withdrawal of your consent only applies to the future and does not affect the lawfulness of processing carried out before your withdrawal.
Right to Lodge a Complaint
If you have concerns or complaints regarding the protection of your personal data, you have the right to file a complaint with your local data protection authority.
You can exercise the aforementioned rights by contacting us:
- via email at: privacy@netrows.com
- or at the following postal address: Netrows, Balearic Islands, Spain
To enable the Company to process your request as quickly as possible, please specify the subject and context in which your personal data were processed. In case of reasonable doubt about your identity, the Company may ask you to provide a valid copy of an identification document.
2.5. Third-Party Data
As part of the use of our services, namely professional network data access through our API, Netrows provides access to publicly available professional information.
This data is not stored on our servers. We process requests in real-time and deliver the data directly to our clients through the API.
Under no circumstances does Netrows sell, share or rent data to third parties for purposes other than those set out in this policy and our Terms of Service.
As the user of our API services, you are considered the data controller within the meaning of the GDPR, and Netrows acts as the data processor. In this capacity, you are responsible for:
- Complying with all applicable data protection regulations, including GDPR and CCPA;
- Ensuring you have a lawful basis for processing the personal data you obtain;
- Providing appropriate privacy notices to data subjects;
- Responding to data subject rights requests;
- Not using the data for unlawful purposes or spam.
For more details about data processing responsibilities, please see our Data Processing Agreement.
2.6. Cookies
Netrows uses only essential cookies that are strictly necessary for the website to function properly. We do not use any tracking, analytics, or advertising cookies.
Essential cookies we use:
- Authentication Cookies: Used by Supabase to maintain your login session
- Security Cookies: Used by Cloudflare to protect against bots
- Payment Cookies: Used by Stripe to securely process payments
These cookies are essential for the website to work and cannot be disabled. For more details, see our Cookie Policy.
2.7. Storage Location and Data Transfers
The host servers on which Netrows processes and stores its databases are provided by Supabase (AWS infrastructure) and may be located in the United States or other regions.
All international data transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission.
Netrows will immediately inform you, to the extent legally permitted, of any request or order from an administrative or judicial authority concerning your personal data.
2.8. Language
This Privacy Policy is written in English. Should it be translated into one or more foreign languages, only the English version shall be deemed authoritative in the event of a dispute.
2.9. Privacy Policy Changes
Netrows reserves the right to update this privacy policy at any time, particularly in response to changes in applicable laws and regulations. Any changes will be notified to you via our website or by email, where possible, at least thirty (30) days before the changes take effect. We recommend that you check these rules from time to time to stay informed about our procedures and rules regarding your personal information.
Contact Information
For questions about this Privacy Policy: