← Danadresse
DA EN

Privacy Policy

Last updated: 3 July 2026 · Courtesy translation — the Danish version prevails.

Danadresse is operated by LynBro ApS (CVR 46321499), which is the data controller. This policy explains what data we collect, how we use it, and your rights.

What do we collect?

  • Account: email, name (optional), CVR (optional), company name (optional).
  • API keys: we store only an HMAC-SHA256 hash of your key — never the full key.
  • API calls: we log the number of calls per key, day and channel (API/MCP) for billing and abuse prevention, plus a technical device fingerprint (a hash of stable request headers) and source IP counts used to enforce the one-key-one-device policy. We do not log the content of your searches.
  • Cookies: one strictly necessary session cookie (da_session) for login. Anonymised Google Analytics is loaded only if you consent in the cookie banner. No ad trackers, no data resale.
  • Payment data: handled by Stripe — we store only their customer/subscription IDs. We never see card details.

Processors and sub-processors

  • Stripe (payments, EU entity, DPA in place).
  • Hosting in the EU (Germany) — all application data stays in the EU.
  • Google Analytics (only with your consent, Consent Mode, anonymised IP).
  • Email delivery via an EU-hosted SMTP relay (transactional mail only).

A data processing agreement (DPA) is available for Enterprise customers on request.

Where is your data stored?

All servers run in the EU. Address data itself is public (CC BY 4.0 from Klimadatastyrelsen). No personal data leaves the EU.

How long do we keep it?

  • Account: until you delete it.
  • API call logs: 30 days for billing, then aggregated monthly.
  • Bookkeeping records (invoices, payments): 5 years as required by the Danish Bookkeeping Act.
  • Backups: 14 days rolling.

Your rights

Under the GDPR you have the right of access, rectification, erasure, data portability and objection. Write to privacy@lynbro.dk. You can also complain to Datatilsynet (the Danish Data Protection Agency).

Cookies

Strictly necessary (always set):

  • da_session — JWT in an HttpOnly cookie. Expires after 24 hours. Set only at login. Not used for tracking.
  • da_cookie_consent / da_consent_analytics — localStorage (not technically cookies) remembering your cookie choice.

Analytics (only with your consent): if you accept in the banner, we load Google Analytics (gtag.js) with Consent Mode and anonymised IP (_ga cookies). If you choose "necessary only", no analytics cookies are set and no analytics data is sent. Clear localStorage to see the banner again.

Contact

LynBro ApS · CVR 46321499 · privacy@lynbro.dk


← Back to danadresse.dk · LynBro ApS · CVR 46321499