01 —Legal · Privacy
How we handle
your data.
A short, human version of what happens to your information when you buy Pier or use it to edit a website. Every processor we touch, what gets sent where, how long it's kept.
This policy explains how A Brand New Company B.V. ("ABN", "we") handles personal data when you visit pier.abn.company, buy Pier, or run the Pier macOS app. We follow the GDPR (EU Regulation 2016/679) and the Dutch implementation (Uitvoeringswet AVG). If something is unclear, write to info@abn.company — we read every message.
Who we are.
A Brand New Company B.V. · Amsterdam, The Netherlands · KvK 88565548 · BTW NL004626508B12. We are the controller of the personal data described below.
Contact: info@abn.company. We don't have a designated Data Protection Officer — all data matters go to the email above and are answered within 30 days.
What we collect and why.
| Data | Why | Legal basis | Retention |
|---|---|---|---|
| Email address | Deliver your license key + transactional emails | Contract (Art. 6(1)(b)) | 10 years (NL tax law) |
| Payment data | Process your purchase | Contract | Stripe keeps per PCI-DSS; we store only session + customer IDs |
| License key (hashed) + device UUID + device name | Enforce the 2-Mac seat limit, let you deactivate remotely | Contract | Until license is revoked + 2 years |
| IP address on activation / validate calls | Security (detect abuse, diagnose failed activations) | Legitimate interest (Art. 6(1)(f)) | 90 days |
| Support email content | Answer your question | Legitimate interest | 3 years after last message |
| Anonymous web analytics (opt-in) | Understand which pages convert | Consent (Art. 6(1)(a)) | 13 months, no cross-site tracking |
Pier the app itself does not send telemetry or crash reports. There is no opt-in analytics inside the app. The only outbound calls from your Mac are (a) to your own web server, (b) to our license server once a week, and (c) to Anthropic's Claude API when you chat — see the sub-processor table below.
Sub-processors.
We use a small number of processors to run Pier. Each has a Data Processing Agreement (DPA) on file and Standard Contractual Clauses for any transfer outside the EU.
| Processor | Purpose | Region | DPA |
|---|---|---|---|
| Stripe Payments Europe Ltd. | Payments + invoices | IE / US (SCCs) | link |
| Supabase Inc. | License database | EU (Frankfurt) | link |
| Resend, Inc. | License emails | EU-west-1 (Ireland) | link |
| Vercel Inc. | Website + API hosting | EU (Frankfurt) | link |
| Anthropic, PBC | AI inference for the in-app chat. Sent: your prompts + the relevant file contents Pier needs. Not sent: FTP/SFTP passwords, license keys, or files Pier hasn't opened. | US (SCCs) | link |
Your rights.
Under GDPR you have the right to:
- Access — ask for a copy of your data
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your data (subject to the 10-year tax retention on invoices)
- Portability — receive your license + activation data in JSON
- Object — refuse processing based on legitimate interest
- Withdraw consent — turn off analytics opt-in at any time
- Complain — lodge a complaint with the Dutch Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl)
Email info@abn.company with the subject line GDPR request. We reply within 30 days.
Cookies.
The pier.abn.company site uses only strictly-necessary cookies by default (Stripe session when you check out, a consent flag in your browser's local storage). Web analytics are off until you tick the Analytics box in the cookie banner. We do not use advertising cookies or cross-site trackers.
Changes.
If we update this policy in a way that affects your rights, we'll email every customer with a summary of the change and update the "Last updated" date at the top.