GDPR • Privacy Policy • Last updated: 2025-09-06

Privacy Policy

This Privacy Policy explains how personal data may be collected, processed, and safeguarded under GDPR, UK GDPR, and Swiss data protection law.

Applies to EEA / UK / CH usersContact available upon request

Overview

This Policy describes the categories of data that may be processed, for what purposes, and which rights you have under GDPR and related laws.

Data Controller

Entity responsible
Not publicly listed
Website
Not applicable
Address
Not disclosed
Email
Contact available upon request
Phone
Not disclosed
Data Protection Officer
Not applicable

Key Definitions

  • Personal data: Information relating to an identifiable person.
  • Processing: Any action performed on personal data.
  • Controller: Decides the purposes of processing.
  • Processor: Acts on behalf of a controller.

What We Collect

Account & Billing
  • Account identifiers (e.g., username, email)
  • Billing metadata if applicable
  • Payment tokens (no raw card data)
Service Operation
  • Server IPs/ports
  • Session & access logs
  • Telemetry required for service operation
Diagnostics & Security
  • HTTP logs
  • Firewall / DDoS events
  • Fraud prevention indicators
Support
  • Support requests
  • Error logs/screenshots voluntarily provided

Where Data Comes From

  • Direct input by users
  • Automatically collected technical data
  • Third-party services (e.g., payment providers)

Purposes & Legal Bases

PurposeExamplesLegal Basis
Provide services
Provisioning, access control
Art. 6(1)(b) – Contract
Security
Logging, fraud prevention
Art. 6(1)(f) – Legitimate interests
Billing
Invoices, receipts
Art. 6(1)(c) – Legal obligation
Support
User assistance
Art. 6(1)(b)/(f)
Marketing (optional)
Email updates
Art. 6(1)(a) – Consent

Processors / Recipients

Processor TypePurposeRegionSafeguards
Hosting / Datacenter
Compute / storage
EU/CH
DPA / SCC if required
Email provider
Transactional emails
EU/US
DPA / SCC
Payment provider
Payment processing
EU/US
PCI-DSS / SCC

International Transfers

Transfers outside the EEA/UK/CH may rely on Standard Contractual Clauses or equivalent safeguards.

Retention

CategoryTypical Retention
Account data
As long as account exists
Billing records
As required by law
Logs
30–180 days
Support messages
Up to 24 months

Cookies & Tracking

Only essential cookies are used for session and security. Optional analytics cookies (if present) require user consent.

Marketing Communications

Marketing communications are sent only with explicit consent and may be withdrawn at any time.

Automated Decisions

No automated decision-making is used that produces legal or significant effects on individuals.

Security Measures

  • Encryption in transit
  • Access controls
  • DDoS protection
  • Regular audits and vendor agreements

Your GDPR Rights

Access / Portability
  • Request your personal data
  • Receive data in portable format
Rectification / Erasure
  • Correct inaccurate data
  • Request deletion
Restriction / Objection
  • Limit how data is processed
  • Object to processing
Consent / Complaints
  • Withdraw consent
  • Complain to a supervisory authority

How to Exercise Rights

You may exercise your rights through our internal contact system.

Request my data (DSAR)Delete my dataRectify my dataObject to processing

Complaints

You may lodge a complaint with any competent supervisory authority in the EEA/UK/CH.

Changes

This Policy may be updated to reflect legal or technical changes.