Privacy policy for Pand Radar
Pand Radar by Pand Radar
Pand Radar - Privacy Policy
Version: 2026-06-27
From: https://pandradar.nl/api/privacy
This Privacy Policy explains what personal data Pand Radar (the "Platform") collects, why, and your rights. It applies together with the Terms of Use. By creating an account you confirm you have read and accept this Policy and the Terms.
We are built around two principles:Anonymity by default. Your public identity is only a pseudonymous handle (Name#1234). We never publish your email, IP address, country, or any identifier that links your handle to a real-world person.
Data minimisation. We collect and connect only the information necessary to provide the service and to protect the Platform and its users from abuse. We do not sell personal data and we do not share it for advertising.
- Who is responsible
The operator of the Platform is the data controller. Contact details for privacy questions, access, and removal requests are on the Platform's About page.
2. What we collect
To create and secure your account
Your email address (for login, account recovery, and essential service notices).
Your password, stored only as a salted argon2 hash — never in plain text.
A pseudonymous display handle (Name#1234) and whether you are an administrator.
Session and API tokens (an HttpOnly session cookie for the website; a bearer token for the browser extension), and the token's last-used time.
When you contribute (comments, reactions, votes, reports, listing views, shares, saved listings, your price/commute settings) we store the contribution itself plus, for security and abuse-prevention, limited technical metadata:
a timestamp;
a coarse, country-level location derived from network information (e.g. an ingress/CDN country header) — never a precise location;
an opaque client session identifier (a random value kept in your browser);
the originating IP address.
This metadata is administrator-only — it is never returned by any public part of the Platform and is never attached to your public handle.
What we do NOT collect: we store no estate-agent or third-party personal data (only public property facts), we run no third-party advertising or analytics trackers, and we do not build profiles of you for advertising.
Browser extension — data collected, by Chrome Web Store category. For transparency, and to match our Chrome Web Store data disclosure, the Pand Radar browser extension collects only the following categories of data. All of it is transmitted solely to our own server (pandradar.nl) and used only for the extension's single purpose — showing, and letting you contribute, community reactions, comments and price/status history on funda.nl listing pages — and for the security and abuse-prevention described above:
Personally identifiable information — your account email address.
Authentication information — your password (at sign-in) and the bearer token that keeps you signed in.
Personal communications — the comments and emoji reactions you choose to post.
Location — your IP address and a coarse, country-level location derived from it, recorded server-side with each contribution for security and abuse-prevention; never a precise or GPS location.
Web history — when you open a funda.nl listing the widget tracks, the extension records a view of that listing (which listing, and when) so we can show its view count. It runs only on funda.nl listing pages and does not read your wider browsing history.
Website content — the extension reads the listing's public identifier from the funda.nl page (and, only when you choose to "fast-track" a not-yet-indexed listing, its address) solely to look up or create that listing.
The extension does not collect health information, financial or payment information, or behavioural/activity-monitoring data (it does not track clicks, mouse movement, scrolling, or keystrokes). We do not sell or transfer this data to third parties (other than infrastructure providers acting on our behalf), do not use it for any purpose unrelated to the extension's single purpose, and never use it to determine creditworthiness or for lending.
3. Why we use it (legal bases under the GDPR)
To perform our contract with you (Art. 6(1)(b)): authenticate you, show and attribute your contributions, and provide personalised features you choose (favourites, commute, price filter).
Our legitimate interests (Art. 6(1)(f)): keeping the Platform secure and abuse-free (rate-limiting, automated moderation, tracing abuse via IP / session / coarse country), and producing aggregated, de-identified statistics to operate and improve the service.
Your consent (Art. 6(1)(a)): where required, e.g. accepting this Policy and the Terms when you create an account. You can withdraw consent by closing your account.
Legal obligation (Art. 6(1)(c)): to respond to valid, lawful requests.
- Cookies and local storage
We use a strictly-necessary, HttpOnly session cookie to keep you logged in, and we store a language preference and a random client-session identifier in your browser. We do not use advertising or cross-site tracking cookies.
5. Who can see your data
The public sees only your pseudonymous handle and the content of your contributions (subject to moderation).
Administrators can see account and abuse-prevention data (email, IP, coarse country, session id) only as needed to run the service, investigate abuse, and handle takedown or legal requests.
No sale, no ad-sharing. We do not sell your personal data or share it with advertisers. We may share data only with infrastructure providers acting on our behalf (e.g. EU hosting), or where required by law or a valid legal request.
- Where data is processed
The Platform and its database are hosted within the European Union (the Netherlands). Any processor we use is bound to protect your data and process it only on our instructions.
7. How long we keep it
Account data for as long as your account exists.
Contributions may be retained for the historical record (including after a listing is sold or removed); moderated content may be hidden but retained.
Abuse-prevention metadata is kept only as long as needed for security and to meet legal obligations, then deleted or de-identified.
You can ask us to delete data relating to you (see §9).
- How we protect anonymity
Your handle is the only public identifier. We deliberately keep the links between your handle, your email, and network identifiers internal and access-restricted, and we connect them only when necessary to provide the service or to protect the Platform and its users (for example, to investigate abuse or comply with a lawful request).
9. Your rights
Under the GDPR you may request access, rectification, erasure, restriction, objection, and data portability, and you may withdraw consent at any time. To exercise these rights, contact us via the About page; we respond in good faith and without undue delay. You also have the right to lodge a complaint with the Dutch data-protection authority, the Autoriteit Persoonsgegevens.
10. Children
The Platform is not directed at children under 16, and we do not knowingly collect their personal data.
11. Changes
We may update this Policy; material changes bump the Version above and you may be asked to accept the updated Policy. Continued use after acceptance constitutes agreement to the then-current Policy.
12. Governing law
This Policy and any non-contractual obligations arising from it are governed by the laws of the Netherlands, without prejudice to mandatory data-protection rights you have under the GDPR and Dutch law.