Privacy Policy

Last updated: 2026-04-19  |  Version: 1.2

1. Who we are

Controller:
Laura Otto Solutions
Gijsbrecht van Aemstelstraat 26, 2026 VH Haarlem, The Netherlands
Registration (KvK): 94716501
VAT: NL005104012B61

Website: https://non9to5.com
Contact: lauraottosolutions@gmail.com

2. What personal data we process

2.1 Freedom Program application form

When you submit the application form, we process:

• Full name
• Email address
• Business type
• Description of your current biggest time or energy drain
• Consent timestamp (date and time you submitted the form)

Purpose: To review your application and contact you to schedule a Freedom orientation call.
Legal basis: Your consent (GDPR Art. 6(1)(a)).
Retention: Your message is forwarded by email to our inbox. We do not store it on our servers. We retain email correspondence for up to 2 years after the last communication, after which we delete it.

2.2 Quiz email signup (automation or revenue quiz)

When you subscribe after completing a quiz on our site, we process:

• Email address
• First name (if you provide it)
• Quiz source (automation vs. revenue), score band, and a short summary of your top recommendations (aggregated for follow-up)
• Consent timestamp

Purpose: To send you the email sequence you signed up for and, if you remain subscribed, occasional relevant updates about Non9to5 services.
Legal basis: Your consent (GDPR Art. 6(1)(a)).
Retention: Contact data is held in our email service provider (Brevo) for as long as you stay subscribed or until you withdraw consent. You can unsubscribe from any marketing email. We do not store quiz submissions on our web server beyond what is logged for security.

2.3 Content Brain intake

When you submit a Content Brain intake form (free sample week or paid product), we process what you submit on the form.

Purpose: To deliver your content brain and to contact you about it.
Legal basis: Your consent (GDPR Art. 6(1)(a)); where it applies, contract or legitimate interests for running the service.
How it flows: Intake data is stored in Google Sheets, automation runs through n8n (cloud and/or self-hosted on our Hetzner servers), and email goes through Brevo—consistent with section 3 below.
Retention: Up to two years after our last related contact, unless the law requires longer.

2.4 Website usage

We process website usage data (server logs) for security and operation. We do not use marketing cookies or third-party advertising trackers.

• Strictly necessary: Technical cookies required for the site to function. No consent required.
• Analytics (optional): If you accept analytics cookies via the cookie banner, we may use cookies or similar technologies to measure how the site is used (for example through Google Analytics). This is based on your consent (GDPR Art. 6(1)(a)). You can withdraw consent at any time by clearing site data for non9to5.com in your browser and declining cookies on your next visit.
• Server logs: IP address, timestamp, request path - processed under legitimate interest (GDPR Art. 6(1)(f)) for security. Retention: 90 days.

3. Sharing with third parties

We share personal data only with the following processors:

• Google (Workspace, including Sheets) — Ireland (Google Ireland Limited) and the United States (Google LLC). Where data is stored and processed follows our Workspace data region settings.
• n8n — Germany (n8n GmbH, Berlin). We use n8n Cloud (EU hosting per n8n) and self-hosted n8n on Hetzner in Germany.
• Brevo — France (Sendinblue SAS, trading as Brevo, Paris). Email and lists; EU hosting per Brevo.
• Hetzner — Germany (Hetzner Online GmbH, Gunzenhausen). Website and application hosting in Germany (EEA).

We use written terms or data processing agreements with these providers where required.

4. International transfers

Brevo and Hetzner process in the EEA. n8n’s company is in the EEA; our n8n Cloud and self-hosted automation stay in the EEA as described above. Google may also process in the United States or elsewhere under our Workspace settings and Google’s terms; we rely on their safeguards for any transfers. If you enable optional analytics, that provider’s terms apply.

5. Security

We implement appropriate technical and organisational measures (GDPR Art. 32), including TLS encryption in transit and secure credential handling.

6. Your rights

Under the GDPR you have rights including access, rectification, erasure, restriction, objection, and data portability. To exercise your rights, contact us at lauraottosolutions@gmail.com.

7. Complaints

You have the right to lodge a complaint with your supervisory authority (e.g. Autoriteit Persoonsgegevens in the Netherlands).

8. Changes

We may update this Privacy Policy. The latest version is always at /legal/privacy.html.