Legal

Privacy Policy

Last updated: 29 April 2026

Who runs this site

krisbroholm.com is operated by BRIXBRIDGE (CVR 34274363), Slotsgade 29A, 1th, 4200 Slagelse, Denmark. The data controller for the purposes of EU GDPR is Kris Broholm.

What we collect

We only collect data you actively give us, plus minimal technical metadata:

  • Forms (contact, waitlist, testimonial): name, email, the message you send, your IP address, your browser's user-agent string, and a timestamp. The IP and user-agent are stored only as anti-abuse signals and are not used for marketing.
  • Analytics: we use PostHog (EU region) for product analytics. PostHog data is hosted in the EU. We use it to understand how visitors navigate the site and to improve the experience. We do not share data with advertisers. Visitors from the EU/EEA, UK, and Switzerland are shown a consent banner on first visit and analytics is only enabled after explicit consent. Visitors elsewhere are not shown the banner because consent is not legally required.
  • Payments: card payments are processed by Stripe, which acts as the payment processor and handles your card details directly. We never receive or store your full card information. Stripe processes this data under its own privacy policy.
  • Cookies: we set one first-party analytics cookie (set by PostHog on the .krisbroholm.com domain) to remember your visitor identity across our sales pages and the Circle-hosted checkout subdomain. This cookie lasts up to one year, contains no personal data (only a random identifier) and is only set when you accept analytics via the consent banner. Cloudflare may also set a short-lived security cookie (__cf_bm, ~30 min) to detect bots; this is exempt from consent under GDPR's strictly-necessary carve-out.

How we use it

  • To respond to your message or fulfil your purchase
  • To send the email lists or product updates you've explicitly opted in to
  • To improve the site (PostHog aggregates and product analytics)
  • To comply with legal obligations (e.g. tax records on purchases)

Where it lives

  • Cloudflare: site hosting and database (D1). Data may be processed in Cloudflare regions worldwide.
  • Sanity: testimonial storage (only the data you submitted via the testimonial form).
  • Resend: transactional email delivery (notifications and contact-form replies).
  • Kit (ConvertKit): email marketing and waitlist management. You can unsubscribe at any time using the link in any email.
  • PostHog (EU): product analytics, hosted in the EU.

All processors are bound by their own GDPR-compliant data processing agreements.

Your rights

Under EU GDPR you have the right to access, correct, export, or delete the data we hold about you. To exercise any of these, email kris@krisbroholm.com. We respond within 30 days.

Retention

  • Form submissions are kept for 24 months for support and audit purposes, then deleted unless tied to an active account.
  • Email list data is kept until you unsubscribe.
  • Purchase records are kept for 7 years to comply with Danish tax law.

Changes

If we change this policy materially, we'll note the new date at the top and notify anyone on our list. Minor wording fixes may happen without notice.

Contact

Questions about privacy or your data: kris@krisbroholm.com.