HomeBlogPrivacy

Privacy

· 4 min read

dmm, zappa and PB.nl

Privacy Policy
Studio PB.NL BV | Fashionmission BV


Chamber of Commerce: 71303146
Email: pb@pb.nl
Websites: pb.nl | digitalmodelmanagement.com | dmm.pb.nl | zappa.pb.nl
Last update: 31 March 2026

Privacy
We appreciate beautiful things, tranquillity, and clarity. We do not appreciate prying eyes. However, we are transparent about our actions.
This policy applies to Digital Model Management (DMM) and Zappa Prompt Engine (Zappa), both part of Studio PB.NL BV.
**Data Controller:** Studio PB.NL BV, Chamber of Commerce 71303146, reachable via pb@pb.nl.

What We Measure
We use analytics on all our websites: pb.nl, digitalmodelmanagement.com, dmm.pb.nl and zappa.pb.nl. This allows us to measure visitor numbers, page views, and usage patterns. It helps us understand what works and what does not.
No advertisements. No profiles. Just analytics.

Cookies
Yes, there are cookies. On all our websites.
They ensure the sites function properly, help us understand their usage, and in Zappa, they keep you logged in. Upon your first visit, we ask for your consent via a cookie banner.
We use:
- **Necessary cookies** — for the website's functionality and (in Zappa) for authentication and sessions.
- **Analytical cookies** — to measure visits and usage. These are only placed after your consent.

Which Personal Data We Process
DMM
At DMM, we process minimal data. If you contact us via email, we use your data solely to respond. Not for newsletters. Not for lists. Not for later.
For an order, we process the data necessary for payment and invoicing via Mollie.
### Zappa
At Zappa, we process more because you create an account and subscribe. This is what we store:
- **Account details:** name, email address, password (bcrypt encrypted)
- **Billing details:** name, address, Chamber of Commerce number, VAT number
- **Payment details:** processed via Mollie (SEPA Direct Debit) — we do not store bank details
- **Uploaded images:** temporarily stored on Cloudflare R2 (EU, Western Europe) for processing, then immediately deleted
- **Processing results:** displayed as base64 in your browser and stored locally (IndexedDB, max. 16 results) — not on our servers

Purpose and Legal Basis
The GDPR requires us to have a legal basis for each processing activity. Here is how it applies to us:
| Processing | Legal Basis |
|---|---|
| Providing services (image processing, prompt generation) | Performance of the contract |
| Creating and managing accounts (Zappa) | Performance of the contract |
| Billing and payment processing | Performance of the contract + legal obligation |
| Communication about your order or subscription | Performance of the contract |
| Analytics and website improvement | Consent (via cookie banner) |

External Processors
We work with a limited number of external parties that process data on our behalf:
| Party | Purpose | Location |
|---|---|---|
| **Mollie** | Payment processing (DMM + Zappa) | Netherlands |
| **Vercel** | Hosting platform (Zappa) | EU / US |
| **Neon** | Database with account details (Zappa) | EU (Frankfurt) |
| **Cloudflare R2** | Temporary image storage for processing (Zappa) | EU (Western Europe) |
| **OpenAI** | AI prompt generation and correction (Zappa) | US |
| **Replicate** | AI background removal (Zappa) | US |
At Zappa, uploaded images are sent as base64 to OpenAI and Replicate for processing. These parties process the data according to their own data processing agreements. Images are not stored by them for training purposes.
### Transfer Outside the EEA
OpenAI, Replicate, and (partially) Vercel process data in the United States. This transfer takes place based on the EU-US Data Privacy Framework and/or Standard Contractual Clauses (SCCs) as approved by the European Commission. We only work with parties that provide appropriate safeguards for the protection of personal data.

Retention Periods
- **Uploaded images:** deleted immediately after processing from our servers
- **Account details:** retained as long as your account is active, then deleted
- **Billing details:** retained in accordance with the statutory retention obligation (7 years)
- **Analytical data:** anonymised, no personal retention period

Sharing with Others
We do not sell your data. We do not share it for marketing purposes. The only parties with access are the external processors listed in the table above, and only for the purpose for which they are engaged.

Your Rights
You have the right to access, correct, or delete your personal data. In Zappa, you can manage your account and data yourself via the dashboard. For requests regarding DMM or other queries, you can contact us via pb@pb.nl.
You have the right to:
- **Access** your personal data
- **Correction** of inaccurate data
- **Deletion** of your data
- **Objection** to processing
- **Data portability** — receive your data in a commonly used format
- **Lodge a complaint** with the Data Protection Authority (autoriteitpersoonsgegevens.nl) if you believe we are not handling your data carefully

Automated Decision-Making
We do not make decisions about you based solely on automated processing that have legal effects for you. The AI processing of images via Zappa is a tool you control — no profiling or automated decision-making in the sense of the GDPR takes place.

Security
We take appropriate measures to protect your data. Passwords are stored encrypted (bcrypt). Communication is via HTTPS. Access to systems is limited to authorised personnel.

Changes
We may amend this privacy policy. Changes will be published on our websites. In case of significant changes, we will inform active Zappa subscribers via email.

Questions
Uncertainty, curiosity, or just feel like checking? Email us at pb@pb.nl.