Worthmore

Privacy Policy

Last updated: April 7, 2026

1. Data Controller

Worthmore ApS ("Worthmore", "we", "us") is the data controller for the personal data processed through this website and our services. We are registered in Denmark.

Contact: founders@worthmore.io

2. What Data We Collect

We collect the following categories of personal data:

Account & Membership Data

  • Full name, email address, and password (hashed)
  • Billing address and payment information (processed securely by Stripe — we never store full card numbers)
  • Subscription plan and membership status

Mobile Subscription Data

  • SIM card details and phone number (managed through our network partner)
  • Usage data related to your mobile plan (calls, data, roaming) as required for billing and service delivery

Usage & Analytics Data

  • Pages visited, features used, and interaction patterns
  • Device type, browser, IP address, and approximate location
  • Voting preferences on impact projects

Communications

  • Emails sent and received between you and Worthmore (support, transactional, marketing if opted in)

3. Why We Process Your Data

We process personal data for the following purposes:

  • Contract performance: Managing your membership, processing payments, delivering the mobile subscription and SIM benefits.
  • Legitimate interest: Improving our services, understanding usage patterns, preventing fraud, and communicating about your account.
  • Consent: Sending marketing emails (you can withdraw consent at any time).
  • Legal obligation: Tax reporting, accounting records, and compliance with Danish and EU law.

4. Third-Party Data Processors

We share personal data with the following categories of processors, all of whom are bound by data processing agreements:

  • Stripe — Payment processing (PCI DSS compliant)
  • Supabase — Authentication and database hosting (EU-based infrastructure)
  • Network partner — Mobile subscription provisioning and management
  • Resend — Transactional and marketing emails
  • Vercel — Website hosting and delivery

We do not sell, trade, or rent your personal data to any third party.

5. Data Retention

We retain your personal data for as long as your membership is active. After cancellation, we keep your data for up to 12 months for service continuity, and accounting data for 5 years as required by Danish bookkeeping law (Bogføringsloven). You may request earlier deletion of non-legally-required data at any time.

6. Your Rights Under GDPR

As a data subject under the GDPR, you have the right to:

  • Access — Request a copy of all personal data we hold about you.
  • Rectification — Correct inaccurate or incomplete data.
  • Erasure— Request deletion of your data ("right to be forgotten"), subject to legal retention requirements.
  • Restriction — Request that we limit how we process your data.
  • Portability — Receive your data in a structured, machine-readable format.
  • Objection — Object to processing based on legitimate interest, including profiling.
  • Withdraw consent — For any processing based on consent, at any time without affecting prior processing.

To exercise any of these rights, email founders@worthmore.io. We will respond within 30 days.

7. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. Analytics are privacy-focused and do not use third-party tracking scripts.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), encrypted storage, access controls, and regular security reviews. In the event of a data breach, we will notify the Danish Data Protection Agency (Datatilsynet) and affected individuals as required by GDPR Article 33 and 34.

9. International Transfers

Some of our processors (e.g., Stripe, Vercel) may process data outside the EU/EEA. In all cases, transfers are protected by Standard Contractual Clauses (SCCs) or adequacy decisions approved by the European Commission.

10. Children

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to active members. The "Last updated" date at the top reflects the most recent revision.

12. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) at datatilsynet.dk.