Skip to main content

Privacy by design

Privacy Policy

digitaleu.me exists to help people move away from surveillance-heavy technology. Our product choices follow the same principle: collect less, store less, and make the safest path the default.

Last updated: 2026-07-07

1. Who we are

digitaleu.me is a European migration portal that helps users discover accounts linked to Big Tech services and move toward privacy-respecting European alternatives. For privacy questions, contact info@digitaleu.me.

2. 100% client-side inbox scan

The inbox scanner is designed so your email data stays in your browser. OAuth is used only to let your browser access the metadata needed to detect sender domains. No email tokens, account credentials, email bodies, attachments, or message lists are uploaded to or stored on digitaleu.me servers.

Scan results in Guest Mode live in your browser session. Closing the tab or clearing browser storage removes them. We do not receive a copy of your inbox, and we do not keep a shadow database of what services you use.

3. Zero-knowledge Profile Mode

If you choose Profile Mode, migration progress is encrypted client-side before it is saved to Supabase. Keys are derived in your browser using the Web Crypto API and your chosen secret; the key never leaves your device. Supabase receives ciphertext, not readable profile data.

This means we cannot recover your encrypted profile data if you lose the secret. That is an intentional zero-knowledge tradeoff: no backdoor for us means less risk for you.

4. Payments through Stripe

Paid toolkit access is processed securely by Stripe. We never store or process credit card numbers on our servers. We only receive the minimum payment status information needed to unlock the product, issue support, and satisfy accounting obligations.

5. Plausible Analytics

We use Plausible Analytics only when you grant consent in the cookieless consent banner. Plausible is privacy-friendly, EU-based, and uses no tracking cookies. If you decline, the analytics script is not loaded on this device.

Plausible gives us aggregate product signals such as page views and referrers. It does not create personal advertising profiles, track you across websites, or sell data.

6. Breach check (Have I Been Pwned)

If you use the optional breach-check feature, your email is checked against Have I Been Pwned (HIBP) using k-anonymity — only a partial hash of your email is sent, and HIBP never receives your full address. This is a US-based/global security service; no EU adequacy decision applies, but no full personal data leaves your device. Results are shown only in your browser and are not stored by us.

7. Browser extension

The DigitalEU extension is local-first. It stores the migration target email and account queue in browser storage and uses bundled playbooks to help you change email addresses on supported services. It does not send browsing history, passwords, or account activity to our backend.

Extension–website communication: The extension communicates with digitaleu.me exclusively via the browser's window.postMessage API. This is a local, in-browser channel — no data is transmitted to any third-party server as part of this communication. The only data exchanged is the migration target email address and account queue that you have explicitly entered.

Gmail access (inbox scanner): If you connect Gmail, the extension itself does not request any Gmail permissions. Gmail access is handled entirely by the digitaleu.me web app using the gmail.metadata OAuth scope, which provides read-only access to email headers (sender domain only). Your email body, attachments, and message content are never accessed. All Gmail API calls are made directly from your browser — the OAuth token and email metadata are never sent to digitaleu.me servers. You can revoke access at any time at myaccount.google.com/permissions.

8. Legal bases and retention

We process personal data under GDPR legal bases such as consent (Art. 6(1)(a)), contract performance (Art. 6(1)(b)), legal obligations (Art. 6(1)(c)), and legitimate interests (Art. 6(1)(f)) for security and service reliability.

8.1 Retention periods

  • Guest scan data: Not retained. All data exists only in browser sessionStorage and is lost when you close the tab.
  • Profile Mode data: Retained until you delete your account or request deletion. Zero-knowledge encrypted — we cannot read it.
  • Newsletter subscriptions: Retained until you unsubscribe.
  • Payment records: Retained for 7 years per Norwegian accounting regulations (bokføringsloven § 13). Only payment status and references are stored — never full card numbers.
  • Analytics (Plausible): No personal data collected. Aggregated, anonymized statistics retained indefinitely.
  • Support inquiries: Retained for 2 years after resolution.

Encrypted Profile Mode data is retained until you delete it or close your account. After account deletion, encrypted data is irrecoverably purged within 30 days.

9. U.S. Cloud Act and data sovereignty

Our infrastructure is hosted in Sweden (eu-north-1) and Iceland (1984.is VPS) — both within the European Economic Area (EEA). We do not use US-based cloud providers for storage, compute, or data processing.

The U.S. CLOUD Act allows US law enforcement to demand data from US-based companies regardless of where data is stored. Because we use European infrastructure exclusively and are not a US company, your data is not subject to CLOUD Act requests directed at US providers.

9.1 Mitigation measures

  • Zero-knowledge encryption: Profile data encrypted client-side. We cannot read it.
  • European infrastructure: All servers in EEA. No US jurisdiction infrastructure.
  • Norwegian legal entity: Operates under Norwegian law, within EEA/GDPR.
  • Data minimization: Guest scans produce zero server-side data.
  • Transparency: Any government data request will be publicly disclosed.

9.1 Subprocessors

We use the following subprocessors to deliver our service. All are European-based or have data processing agreements (DPAs) that comply with GDPR requirements:

  • Supabase Inc. (Sweden, eu-north-1) — Database, authentication, Edge Functions. DPA signed. Data stored exclusively in Stockholm, Sweden.
  • 1984.is (Iceland) — VPS hosting. All web application data stored in Iceland (EEA-equivalent under GDPR adequacy decision).
  • Stripe Inc. (Ireland) — Payment processing. PCI-DSS compliant. Limited to payment data only.
  • Tally Forms (Estonia) — Feedback and survey forms. No personal data shared beyond voluntary form submissions.
  • Plausible Analytics (self-hosted on 1984.is, Iceland) — Cookieless analytics. No personal data collected.

Each subprocessor is contractually bound to process data only in accordance with our instructions and applicable data protection law. Updated: 2026-07-10.

10. Your rights

Under GDPR, you may request access, correction, deletion, restriction, portability, or objection to processing of your personal data. You may also withdraw consent where consent is the legal basis. Send requests to info@digitaleu.me.