This policy explains what personal data BlueWire (the tool at blue-wire.net) collects, why we collect it, and what your rights are. It is written to comply with the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and the Dutch Uitvoeringswet AVG.
01Who we are
BlueWire is operated by an independent marine electrical engineering practice based in the Netherlands. For the purposes of the GDPR we act as the data controller for personal data processed through this website and the configurator tool.
If you prefer a postal address or need to reach our data protection contact directly, see section 12.
02What personal data we collect
We collect only the minimum we need to run the service. The table below lists every category.
| Data | When | Stored where |
|---|---|---|
| Email address | When you sign up / sign in | PostgreSQL (app.users) |
| Display name (optional) | When you sign up / sign in | PostgreSQL (app.users) |
| Account metadata — sign-in provider, creation date, last login time | Automatically, on every sign-in | PostgreSQL (app.users) |
Session cookie — a signed JWT (bw_session) |
When you sign in; expires after 30 days | Your browser only (HttpOnly) |
| Designs you save — the JSON of your configurator canvas (components, wires, settings) | When you click Save or auto-save runs | PostgreSQL (app.user_designs) |
| Quote requests — the BOM and any notes you submit | When you request a quote | PostgreSQL (app.quotes) |
| Support tickets — the subject and message you send us | When you open a ticket | PostgreSQL (app.support_tickets) |
| Server request logs — IP address, user-agent, URL, timestamp | Every request | Web-server logs; auto-rotated after 30 days |
What we don't collect: we do not store passwords (we use provider sign-in and magic links), we don't run advertising cookies, we don't integrate analytics platforms such as Google Analytics, and we don't track you across other sites.
03Why we process your data
- Authentication — to identify you across sessions so your designs follow you from device to device.
- Service delivery — to save, list, and restore your designs, quotes, and support history.
- Operations & abuse prevention — request logs let us diagnose errors and detect abuse.
- Legal records — when you request a quote, we keep the quote record for our business administration even if you later delete your account (the record is anonymised; see section 7).
We do not use your data for automated decision-making, profiling, or marketing.
04Legal basis (GDPR Art. 6)
- Consent (Art. 6(1)(a)) — you tick the consent box at sign-up. You can withdraw it at any time by deleting your account.
- Performance of a contract (Art. 6(1)(b)) — we need to process your account data to let you use the service you asked for.
- Legitimate interest (Art. 6(1)(f)) — security logging and basic anti-abuse monitoring.
- Legal obligation (Art. 6(1)(c)) — when we keep a quote record for Dutch tax/business administration requirements.
05Cookies & tracking
We use a single strictly-necessary cookie:
| Name | Purpose | Duration | Type |
|---|---|---|---|
bw_session |
Signed JWT that keeps you logged in | 30 days (rolling) | HttpOnly, SameSite=Lax |
We also use your browser's localStorage to remember small UX preferences (such as the email you last used in the contact form). This never leaves your device.
No advertising cookies, no third-party pixels, no cross-site trackers, no session replay.
06Third parties & where data flows
Your data stays on our own infrastructure in the EU. We don't share it with advertisers or data brokers. The short list of subprocessors we do use:
- Hosting provider (the data centre that runs our web server and PostgreSQL database). Located in the EU. Bound by a data-processing agreement under GDPR Art. 28.
- Google Fonts — the page loads two web fonts from
fonts.googleapis.com. Your browser's IP is briefly visible to Google when fetching these. If you prefer not to, use a browser extension or an ad-blocker; the site still works with system fonts. - Sign-in providers (planned) — if you choose "Sign in with Google" or "Sign in with Microsoft" once those are enabled, the provider sees that you're authenticating with BlueWire. We only receive your email, name, and avatar.
We do not transfer personal data outside the European Economic Area except as strictly necessary (e.g. Google Fonts CDN). Where we do, it is covered by an adequacy decision or standard contractual clauses.
07How long we keep it
| Data | Retention |
|---|---|
Account (app.users) and designs |
Until you delete your account, or after 24 months of inactivity (we send a reminder first). |
| Support tickets | 12 months after the ticket is closed. |
| Quote records | 7 years, as required by Dutch business-administration law. The record is anonymised (user_id set to NULL, email removed) the moment you delete your account. |
| Web-server logs | Auto-rotated and purged after 30 days. |
| Backups | Encrypted; rolling 30-day window; fully purged after 30 days. |
08Your rights under the GDPR
You have the following rights regarding your personal data. To exercise them, email the address in section 12 or use the tools in your dashboard.
- Right of access (Art. 15) — request a copy of what we hold about you.
- Right to rectification (Art. 16) — fix anything that's wrong. Name and email are editable from your settings; for anything else, email us.
- Right to erasure (Art. 17) — "the right to be forgotten." You can self-service this by opening Dashboard → Settings → Delete account; it removes your account, designs, and tickets immediately. Quote records are anonymised as described in section 7.
- Right to restrict processing (Art. 18).
- Right to data portability (Art. 20) — you can export each design as JSON directly from the configurator (Export button). For a full account export, email us.
- Right to object (Art. 21).
- Right to withdraw consent (Art. 7(3)) — withdrawing consent is the same as deleting your account.
- Right to lodge a complaint with the Dutch data-protection authority (Autoriteit Persoonsgegevens) if you believe we haven't handled your data correctly.
09Security
- All traffic between your browser and our servers is encrypted with TLS.
- Session cookies are
HttpOnlyandSameSite=Laxso they can't be read by JavaScript or sent on cross-site requests. - Database backups are encrypted at rest.
- Access to the production database is restricted to a small number of engineers, each with named credentials.
No online service is perfectly secure. If we ever suffer a personal-data breach that's likely to affect your rights, we will notify the data-protection authority within 72 hours as required by GDPR Art. 33, and contact you directly if there's a high risk to you (Art. 34).
10Children
BlueWire is a professional tool for marine and off-grid electrical design. It is not directed at children and we don't knowingly collect data from anyone under 16. If you think a child has signed up, contact us and we will delete the account.
11Changes to this policy
We may update this policy when the service changes (for example when we enable the Google / Microsoft sign-in buttons, or add a new feature that processes data in a new way). When we make a material change we will:
- Bump the version number and the effective date at the top of this page.
- Where the change materially expands our data use, email registered users ahead of time.
Older versions of this policy are kept in git and can be produced on request.
12Contact us
For any privacy question — access requests, complaints, data-protection queries — reach us at:
- Email: privacy@blue-wire.net
- Website: blue-wire.net/#contact
We aim to respond to all requests within 30 days, as required by the GDPR.