Your privacy matters

Privacy Policy

Last updated: April 24, 2026

1. Introduction

Welcome to Okidoky. We attach great importance to the protection of your personal data. In this privacy policy, we transparently explain which data we collect, for what purpose, how we protect it, and what rights you have under the General Data Protection Regulation (GDPR).

By using Okidoky, you agree to the processing described in this privacy policy. We recommend that you read this policy carefully.

2. Data Controller

Data controller within the meaning of the GDPR:

RULIDO

KVK: 98709364

www.rulido.nl

www.okidoky.nl

IBAN: NL16 MLLE 0940 1123 29

info@okidoky.nl

3. What data do we collect?

We only collect data that is necessary for providing our Service:

Account data

Username, email address, password (hashed with bcrypt)

Financial data

Transactions, categories, amounts, receipts. We do not store any bank details, credit card numbers or account numbers.

Usage data

IP address (at registration, for abuse prevention), browser type, device type, session data

Communication data

Messages you send us via the contact form or email

Payment data

Payment transactions are processed by Mollie. We only receive a confirmation, not payment details.

4. What do we use your data for?

Your data is processed based on the following legal bases and purposes:

Service delivery

Providing your digital ledger, statistics, OCR scanning and all associated functionalities

Performance of contract

Account management

Authentication, password recovery, email verification and account security

Performance of contract

Payment processing

Processing subscription payments via Mollie

Performance of contract

Communication

Answering questions, sending service notifications and important updates

Legitimate interest

Security

IP logging at registration, CSRF protection, rate limiting and fraud prevention

Legitimate interest

Improvement

Anonymous usage statistics for improving the Service (only with your consent via cookies)

Consent

5. Sharing with third parties

Your data is safe

We never sell or share your personal data with third parties for marketing or advertising purposes. Your financial data is strictly private.

We only share data with the following parties, insofar as necessary:

Mollie B.V. — payment processing (only for paid subscriptions)
Hosting provider — for hosting and maintaining the availability of the application
Email service — for sending verification and notification emails
Authorities — only if we are legally obligated to do so

We have concluded data processing agreements with all processors in accordance with the GDPR.

Full transparency — including optional analytics, AdSense (free-tier) and stateless CDNs for fonts and icons (Google Fonts, jsDelivr) — is available on our sub-processors page: /sub-verwerkers

6. Security

We take appropriate technical and organizational measures to protect your data:

Passwords hashed with bcrypt

HTTPS/TLS encryption for all communication

CSRF tokens for protection against attacks

Daily automatic backups

Rate limiting against brute-force attacks

No storage of bank or credit card details

7. Retention period

We do not retain your personal data longer than necessary:

Active account: data is retained as long as you have an active account
After account deletion: all data is permanently deleted within 30 days
Registration logs: IP addresses are retained for a maximum of 30 days
Backups: automatic backups follow a Grandfather-Father-Son rotation: 14 daily + 8 weekly + 12 monthly backups are kept; after account deletion your data is permanently removed from all backup tiers by the next monthly rotation cycle at the latest
Legal obligation: if legally required, certain data may be retained longer

8. Your rights under the GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights:

Right of access

You can request which personal data we process about you

Right to rectification

You can have incorrect or incomplete data corrected

Right to erasure

You can request that all your data be deleted ("right to be forgotten")

Right to data portability

You can export your data in a common format (CSV)

Right to object

You can object to processing based on legitimate interest

Right to restriction

You can request the restriction of processing of your data

To exercise these rights, send an email to info@okidoky.nl. We will respond to your request within 30 days.

In addition, you have the right to file a complaint with the Dutch Data Protection Authority ( www.autoriteitpersoonsgegevens.nl).

9. Cookies

Okidoky uses cookies for the functioning of the application and, with your consent, for analytical purposes. You can adjust your cookie preferences at any time via the cookie banner.

For detailed information about which cookies we use and how you can manage them, please refer to our cookie policy.

10. Children

Our Service is not intended for persons under 16 years of age. We do not knowingly collect personal data from minors under the age of 16. If we discover that we have collected data from a minor, we will delete it immediately.

As a parent or guardian, you can contact us at info@okidoky.nl if you suspect that your child has created an account without consent.

11. Changes

RULIDO reserves the right to amend this privacy policy from time to time. The most recent version is always available on this page.

In the event of substantial changes, you will be notified by email. By continuing to use the Service after the effective date of changes, you agree to the amended privacy policy.

12. Advertisers

Okidoky offers an advertising platform where businesses can place advertisements. This section describes how we handle advertiser data and how advertisements work on our platform.

12.1 Advertiser data

When you register as an advertiser, we collect the following data:

Business details (name, Chamber of Commerce number, VAT number)
Contact details (name, email address, phone number)
Address details
Payment details (via Mollie, we do not store payment details)
Uploaded advertising material (images)

12.2 Purpose of processing

Advertiser data is processed for: account management, review and approval of advertisements, invoicing and payment processing, communication about campaigns, and generating performance statistics.

12.3 Advertisement tracking

To measure advertisement performance, we record:

Impressions (when an advertisement is displayed)
Clicks (when an advertisement is clicked)
IP address (anonymized, for deduplication and fraud prevention)

Important: Our own advertising platform (direct banners sold to advertisers with an account with us) does not use third-party tracking cookies. We do not track users ourselves across other websites. Separately, we use Google AdSense as a fallback for free-tier users (when no direct-sold banner is available) — that IS a third-party ad network with its own tracking, consent-gated via Consent Mode v2. See our /sub-verwerkers page for the full story.

12.4 Retention periods

Detailed impression and click data is retained for 90 days, after which only aggregated statistics are retained. Advertiser accounts and associated data are retained as long as the account is active. After termination, data is deleted within 30 days, with the exception of invoice data (7-year legal retention obligation).

12.5 Advertiser rights

As an advertiser, you have the same GDPR rights as regular users: the right to access, rectification, erasure and portability of your data. Contact us at info@okidoky.nl to exercise these rights.

13. Contact & Complaints

Do you have questions about this privacy policy, would you like to exercise your rights, or do you have a complaint? Please contact us:

RULIDO·KVK: 98709364

info@okidoky.nl

www.okidoky.nl/contact

We aim to handle your request or complaint within 30 days. If you are not satisfied with our handling, you can file a complaint with the Dutch Data Protection Authority.