SuccessCompiled

GDPR & Data Processing

Last updated: February 2026

SuccessCompiled is committed to protecting your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR). This page explains how we process your data, your rights, and the sub-processors we rely on.

Data Controller

SuccessCompiled (successcompiled.com) acts as the data controller for personal data collected through this website. If you have questions about your data, please contact us.

What Data We Collect

  • Account data: Email address, display name, and avatar (provided via OAuth or manual sign-up).
  • Contact form submissions: Name, email, and message content when you use our contact form.
  • Newsletter subscriptions: Email address when you subscribe to our newsletter.
  • Authentication cookies: Session tokens necessary to keep you signed in.

Legal Basis for Processing

  • Consent: Newsletter subscriptions and optional email communications.
  • Contract performance: Account creation and authentication to provide our services.
  • Legitimate interest: Spam prevention (reCAPTCHA) and site security.

Your Rights Under GDPR

As an EU/EEA resident, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data via your account settings.
  • Erase your personal data ("right to be forgotten").
  • Restrict or object to processing of your data.
  • Data portability: Receive your data in a structured, machine-readable format.
  • Withdraw consent at any time for consent-based processing.

To exercise any of these rights, contact us. We will respond within 30 days.

Sub-Processors & Data Processing Agreements

We use the following third-party services to operate SuccessCompiled. Each has a GDPR-compliant Data Processing Agreement (DPA) in place:

Supabase

Purpose: Authentication, database storage (user profiles, contact messages, newsletter subscriptions).

Data stored: Email, display name, avatar URL, OAuth tokens, profile preferences.

Location: EU (Frankfurt) or US, depending on project region.

Privacy Policy | Data Processing Agreement

Google

Purpose: OAuth sign-in (Google account) and reCAPTCHA v3 spam protection.

Data shared: For OAuth: email, name, and profile picture. For reCAPTCHA: anonymized interaction data to compute a risk score.

Privacy Policy | Data Processing Addendum

Microsoft

Purpose: OAuth sign-in via Microsoft/Azure Active Directory.

Data shared: Email, display name, and profile picture from your Microsoft account.

Privacy Statement | Data Protection Addendum

MailerSend

Purpose: Sending transactional emails (contact form confirmations, account notifications) and newsletter broadcasts.

Data shared: Recipient email address, sender name, and email content.

Privacy Policy | Data Processing Agreement

Vercel

Purpose: Website hosting and edge delivery.

Data processed: IP addresses and request metadata for serving pages. No personal data is stored beyond standard server logs.

Privacy Policy | Data Processing Addendum

Data Retention

  • Account data: Retained until you delete your account or request erasure.
  • Contact messages: Retained for up to 12 months, then deleted.
  • Newsletter subscriptions: Retained until you unsubscribe.

Contact & Complaints

For any GDPR-related requests or complaints, please contact us. If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local Data Protection Authority (DPA).