designlab.tools

Privacy Policy — designlab.tools

Last updated: 18 March 2026

1. Introduction

This Privacy Policy explains how designlab.tools ("we", "us", or "our") collects, uses, and protects your personal data when you use our website (https://designlab.tools) and application (https://fmea.designlab.tools).

We are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR) and applicable Portuguese data protection law.

Data Controller: designlab.tools | Email: contact@designlab.tools | Website: https://designlab.tools

2. Data We Collect

When you use designlab.tools, we may collect the following personal data:

  • Name and email address (provided via Google or Microsoft OAuth login)
  • Profile photo (provided by your Google or Microsoft account)
  • Usage data (pages visited, features used, timestamps)
  • Technical data (IP address, browser type, device type)
  • Content you create within the application (FMEA analyses, projects)

3. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract performance (Article 6(1)(b) GDPR): to provide you with the designlab.tools service
  • Legitimate interests (Article 6(1)(f) GDPR): to improve our service, ensure security, and prevent fraud
  • Consent (Article 6(1)(a) GDPR): where you have explicitly consented, such as receiving communications

4. How We Use Your Data

We use your personal data to:

  • Provide and maintain the designlab.tools service
  • Authenticate your identity via Google or Microsoft OAuth
  • Send transactional emails (account verification, invitations, notifications)
  • Respond to your support requests
  • Improve and develop our service
  • Comply with legal obligations

5. Data Sharing and Third Parties

We share your data with the following third-party service providers, who act as data processors:

  • Supabase (supabase.com) — authentication and database hosting, servers in the EU
  • Resend (resend.com) — transactional email delivery
  • Hostinger — web hosting infrastructure

We do not sell your personal data to any third party. We do not share your data with advertisers.

6. Data Retention

We retain your personal data for as long as your account is active or as necessary to provide the service.

If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

Backup copies may be retained for up to 90 days for disaster recovery purposes.

7. Your Rights Under GDPR

As a data subject in the EU, you have the following rights:

  • Right of access: request a copy of your personal data
  • Right to rectification: correct inaccurate or incomplete data
  • Right to erasure ('right to be forgotten'): request deletion of your data
  • Right to restrict processing: limit how we use your data
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interests
  • Right to withdraw consent: where processing is based on consent

To exercise any of these rights, contact us at contact@designlab.tools. We will respond within 30 days.

You also have the right to lodge a complaint with the Portuguese data protection authority (CNPD — Comissão Nacional de Proteção de Dados): www.cnpd.pt

8. Cookies

We use only strictly necessary cookies required for the service to function (session cookies for authentication). These cookies do not require your consent under the ePrivacy Directive.

We do not currently use analytics cookies, advertising cookies, or any third-party tracking technologies. If this changes, we will update this policy and request your consent where required.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encrypted data transmission (HTTPS/TLS)
  • Encrypted data storage
  • Access controls and authentication
  • Regular security reviews

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay.

10. International Data Transfers

Your data is processed within the European Economic Area (EEA). Where data is transferred outside the EEA (for example, to US-based sub-processors), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice on our website. The 'last updated' date at the top of this policy will always reflect the most recent version.

Continued use of the service after notification of changes constitutes acceptance of the updated policy.

12. Contact

If you have any questions about this Privacy Policy or your personal data, please contact us at: contact@designlab.tools