Skip to content
Thomas Foundry
← Thomas Foundry

Thomas Foundry · Legal

Privacy statement

Last updated: May 2026

Who we are

Thomas Foundry is a trade name of Thomas Enterprise I BV — Dutch Chamber of Commerce 88064824, registered in Utrecht, the Netherlands. For any privacy question: hello@thomasfoundry.com.

This privacy statement describes how we handle personal data from visitors to thomasfoundry.com and from people requesting our services. We comply with the EU General Data Protection Regulation (GDPR).

What data do we collect?

The site collects only limited personal data, and only where necessary:

  • Contact form — when you submit a request at /contact we store name, email address, company name (optional) and the body of your message. Purpose: getting back to you about your request.
  • Vercel Analytics — anonymous visitor statistics (pageviews, referrer, browser type) without cookies and without fingerprinting. No IP addresses are stored.
  • Vercel Speed Insights — anonymous performance measurements (Core Web Vitals) without identifiable information.
  • Upstash Redis — used exclusively for rate-limiting the contact form. Stores an IP hash with a 24-hour retention. No personal data.
  • Resend — for sending the confirmation email after a contact request, and the internal notification to our inbox. Resend retains email metadata according to its own GDPR posture.

No ad cookies. No tracking. No sale of data to third parties. Period.

Retention

  • Contact-form data: at most 12 months after the last interaction, then auto-deleted.
  • Vercel Analytics / Speed Insights: standard 30-day rolling window, no identifiable data.
  • Upstash rate-limit hashes: 24 hours.

Your rights under GDPR

At any time you have the right to:

  • Access — what data do we hold on you?
  • Rectification — correct inaccurate data.
  • Erasure — "right to be forgotten".
  • Restriction — temporarily pause processing.
  • Portability — receive your data in a machine-readable format.
  • Objection — against processing for specific purposes.

An email to hello@thomasfoundry.com is enough. We respond within 5 business days.

Sub-processors

We only use processors that comply with GDPR and with whom we have a Data Processing Agreement:

  • Vercel Inc. — hosting + analytics (EU data residency)
  • Resend Inc. — transactional email
  • Upstash Inc. — Redis for rate-limiting

Complaint to the Dutch DPA

We do our best to resolve questions directly, but you always have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Changes

This privacy statement may be updated when our services or the law change. The last-updated date at the top of this page indicates the current version.