MakerToo← Back to site
Trust Center

Privacy Policy

What we collect on this website and inside the product, why, and how you stay in control of it.

Last updated 10 July 2026

Overview

MakerToo (Copenhagen, Denmark) operates makertoo.com and the Hub product. This page explains what personal data we collect, why, and what rights you have over it under GDPR. For how data is hosted and secured, see Security.

This website (makertoo.com)

We use self-hosted analytics (Umami) and, where configured, Google Tag Manager to understand how visitors use this site. Both are off by default— nothing loads until you explicitly accept a category from the cookie banner. Consent is category-specific (essential / analytics / marketing), stored in your browser, and you can withdraw it at any time from the same banner. We never embed third-party analytics via a hidden iframe or a pixel you didn't consent to.

If you book a call or submit a form, we collect what you enter (name, email, and the details of your request) to respond to you.

Inside the Hub product

If your organization uses the Hub, the content you and your team put into it — CRM contacts, campaigns, documents, notes — is stored in your organization's own tenant and database. It is never shared with other tenants (see Tenant isolation). MakerToo staff access it only to provide support, at your request, or as required by law.

International transfers

Core infrastructure is EU-hosted (Germany and France — see Infrastructure). Some optional features route through processors outside the EU only if your organization enables them and hasn't supplied its own key or local model — see Subprocessors for the full, current list and which of them are opt-in.

Retention

Product data is retained for as long as your organization's account is active. Marketing-site analytics consent and preferences are retained until you withdraw them. Contact us to request deletion or export of data associated with your account.

Your rights

Under GDPR, you can ask us to:

  • confirm what personal data we hold about you, and get a copy of it (access);
  • correct inaccurate data (rectification);
  • delete your data, where we're not required to keep it (erasure);
  • limit how we use it (restriction);
  • receive it in a portable format (portability);
  • object to processing based on legitimate interest (objection).

Email [email protected] to exercise any of these — we respond within the statutory GDPR timeline (one month).

Changes to this policy

If this policy changes materially, we'll update the date at the top of this page.

Contact

Questions about this policy? Email [email protected].