Privacy Policy

Who we are

Recommendable is a product of Think again, an AI consultancy based in the Netherlands (thinkagain.nl). Think again is the controller for the personal data described in this policy. You can reach us at info@thinkagain.nl.

What we collect

• Account data. Your name, email address and login credentials when you create an account, and your role within an organization.
• Workspace content. The brands, websites, competitors, personas and other details you or your team add to the platform.
• Audit data. Information our modules gather about the websites and brands you analyze. This is largely public web data, such as page content, search results and AI answers.
• Usage data. Basic logs of how the product is used, such as which audits run and when, so we can keep the service reliable and improve it.
• Support messages. Anything you send us by email or through feedback forms.

Why we process it

We process data on three legal bases under the GDPR: to perform our contract with you (running audits, showing results, managing your account), for our legitimate interests (securing the service, preventing abuse, improving the product), and with your consent where we ask for it explicitly. We never sell personal data and we don't use it for advertising.

AI processing

Recommendable uses large language models to analyze content and generate recommendations. When you run an audit, relevant content (such as pages from the analyzed website and the brand profile you provided) is sent to AI providers to produce the analysis. We only share what is needed for the analysis you requested, and we use business API agreements with these providers.

Who we share data with

We use a small set of service providers to run Recommendable:

• Supabase, for our database and authentication (hosted in the EU)
• Vercel, for hosting the application
• AI model providers (such as Anthropic, OpenAI and Google), for running analyses
• Search data providers, for retrieving search engine results

Some providers process data outside the EU. Where that happens, we rely on safeguards such as the EU Standard Contractual Clauses or an adequacy decision.

How long we keep it

We keep your data for as long as your account is active. If you delete your account or organization, we remove the associated personal data within 30 days, except where we need to keep records for legal or accounting reasons.

Your rights

Under the GDPR you can ask us to access, correct, delete or export your personal data, and you can object to or restrict certain processing. Email us at info@thinkagain.nl and we'll respond within a month. You also have the right to lodge a complaint with the Dutch data protection authority (Autoriteit Persoonsgegevens).

Security

All traffic is encrypted in transit. Data is stored with row-level security so organizations can only access their own workspace. Access to production systems is limited to the people who need it.

Cookies

The application uses cookies that are needed to keep you signed in. We don't use advertising or cross-site tracking cookies.

Changes to this policy

If we change this policy in a meaningful way, we'll notify you by email or inside the product before the change takes effect. The date at the top tells you when it was last updated.