Skip to content
Appexer

Appexer · Privacy Policy

Privacy Policy

Effective · 2026-05-02 · v1

This is the privacy policy for Vandaag (the iOS app and the website at appexer.com/vandaag) and for Appexer (the studio at appexer.com). It explains, in plain English, what data we collect, what we don't, and what you can do about it. If anything here is unclear, email privacy@appexer.com and I'll fix the wording.

Who runs this

Vandaag and Appexer are operated by Appexer, a sole proprietorship registered with the Dutch Chamber of Commerce (KVK 42022032), based in Amsterdam, the Netherlands. Under the GDPR, we are the data controller for everything described below.

Accounts: how you sign in

You sign into Vandaag with a magic link sent to your email. We don't ask for a password and we don't ask for your phone number. The magic link is single-use and expires after 15 minutes.

Sign in with Apple is also supported. If you use it, Apple sends us either your real email or a private relay address (@privaterelay.appleid.com) — whichever you choose. We treat both the same.

What we store

  • Your email. So we can send you the magic link, and so you can find your account again.
  • Account metadata. First name (optional), language level (optional), the date your account was created, the date it was last used.
  • Your conversations — only if you opt in.By default, conversations with Bloem are ephemeral. They live in memory while you're talking, then they're gone. If you turn on “Save conversations” in settings, we store them so you can re-read them. You can turn that off, and delete past conversations, at any time.
  • Payment status. If you subscribe, we store whether your subscription is active and when it renews. Card details never touch our servers — Apple handles them via in-app purchase.

What we don't store

  • The content of your conversations, by default.
  • Your voice recordings, on our end. When you talk to Bloem, audio is transcribed in real time and the transcript is what gets processed. We don't store the audio file ourselves — see “The AI” for what OpenAI does with it.
  • Your location, your contacts, your photo library, anything else not listed above.
  • Anything from advertising networks. There aren't any.

The AI

Conversations with Bloem are processed by Claude (Anthropic). When you use Bel met Bloem, OpenAI also runs the speech-to-text and the text-to-speech. Neither provider trains on what we send. Both keep it for up to 30 days for abuse monitoring, then delete it. We don't keep the audio file on our end.

The waitlist

If you join the waitlist on appexer.com/vandaag, your email is stored in our database (hosted by Supabase in Frankfurt, Germany), along with which form you used to sign up and the date you signed up. The only thing we'll send you is one email when Vandaag launches. We don't run a newsletter and we don't share the list. If you change your mind before launch, email privacy@appexer.com and I'll remove you. When launch day comes and we actually send that one email, we'll add the email provider we use to this policy first.

Analytics

We use a privacy-respecting, EU-hosted analytics service that does not set cookies and does not collect IP addresses or any data that would identify you personally. We look at things like “how many people opened the app today” and “which lessons get finished.” We do not build profiles of individual users. There is no Google Analytics, no Meta Pixel, no third-party advertising SDK.

Where your data lives

Your data — accounts, waitlist emails, anything else covered above — is stored on servers in the European Union (currently Frankfurt, Germany), via Supabase. If we ever add a service that processes your data outside the EU (a transactional email provider, for example), we'll update this policy and tell you before it happens.

Your rights, under the GDPR

You have the right to:

  • See what we have about you (right of access).
  • Correct it if it's wrong (right to rectification).
  • Have it deleted (right to erasure — see below).
  • Take it with you to another service (right to portability).
  • Object to processing, or restrict it.
  • Complain to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you think we're handling your data badly.

To exercise any of these, email privacy@appexer.com. I will respond within 30 days, usually faster.

Deleting your account

You can delete your Vandaag account from inside the app — Profile → Settings → Delete account. This removes your email, your account metadata, your subscription record, and any saved conversations. The deletion is immediate and irreversible. Backups are purged within 30 days.

If you can't access the app, email privacy@appexer.com from the address tied to your account and I will delete it manually.

If something goes wrong

If we discover a data breach that affects you, we will tell you within 72 hours of learning about it, by email, at the address on file. We will also notify the Dutch Data Protection Authority if the breach meets the threshold under Article 33 GDPR.

Children

Vandaag is intended for users aged 13 and older. We don't knowingly collect data from children under 13. If you believe a child under 13 has created an account, email privacy@appexer.com and we'll delete it.

Changes to this policy

If we change anything material, we'll email you before the change takes effect and update the version at the top of this page. Cosmetic edits (typos, clarifications) we just make.

Contact

For anything privacy-related: privacy@appexer.com. For everything else: hello@appexer.com.

Legal entity

Appexer · Amsterdam, NL
KVK: 42022032 · BTW: NL005436994B38 · Email: privacy@appexer.com