Privacy Policy

Privacy Policy | digicredo

Privacy Policy

Controller: digicredo GmbH, Greyerzstrasse 79, 3013 Bern, Switzerland
Email: privacy@digicredo.com
Effective Date: April 23, 2026

1. Scope

This Privacy Policy applies to the website and related services of digicredo GmbH. It explains how personal data is processed, the purposes of processing, the legal bases, and the rights of data subjects.

2. Hosting

Our website is hosted by Hostinger, which uses a global Content Delivery Network (CDN). When you visit the website, only strictly necessary server log data is processed (e.g., IP address, timestamp, requested resource). Processing is based on our legitimate interest in securely providing the website. We have entered into a Data Processing Agreement (DPA) with Hostinger.

3. Processed Data and Purposes

Payment Processing (Polar.sh)
Purpose: Processing purchases, invoicing, and providing the technical infrastructure for license management.
Data: Name, email address, country, selected product, payment data, and order-related data for license key generation.

Notes:

  • We use Polar.sh (Polar Signals Inc.) for the sales process.
  • Polar.sh provides the technical infrastructure for payment and licensing.
  • Polar.sh processes payment and tax data as an independent controller. (Privacy Policy: https://polar.sh/legal/privacy)
  • digicredo only receives the information required to provide licenses (e.g., email address, order reference).
  • We do not store credit card or bank information.
  • Polar.sh uses essential cookies to enable the purchase process (e.g., session IDs, CSRF protection).

Software Activation and Encryption
Purpose: One-time license validation and re-sending license keys if lost.
Data: License key, email address.

Local Processing: The core function of our software—data encryption—takes place exclusively on your device. No content, passwords, or cryptographic data are transmitted to us.

Behavior: The software includes no telemetry, no usage analytics, and no background data transmission.

Download Statistics
Purpose: Security, misuse prevention, and protection against automated attacks.
Data: IP address, date, time, downloaded software version.

Contact Requests
Purpose: Processing and responding to your inquiries.
Data: Email address, message content.
Deletion: After your request has been processed, but no later than 6 months unless legal obligations require otherwise.

4. Cookies

We do not use tracking or marketing cookies. We only use:

  • Essential cookies required for website functionality
  • Essential cookies used by our payment provider Polar.sh (e.g., session IDs, CSRF protection)

5. Legal Bases and Retention

Legal Bases (under GDPR and the Swiss FADP):

  • Performance of a contract (Art. 6(1)(b) GDPR)
  • Legitimate interest (Art. 6(1)(f) GDPR)
  • Consent (Art. 6(1)(a) GDPR), if tracking is introduced in the future

Retention:

  • digicredo does not store payment or order data. Any retention obligations apply only to data held by Polar.sh.
  • Server log data: According to the hosting provider’s retention policies.
  • Contact requests: After completion, but no later than 6 months.

6. Third-Party Providers and Data Security

  • Polar.sh (USA): Processes transaction-related data as an independent controller.
  • Hostinger: Processes server log data and provides infrastructure.
  • International Data Transfers: Transfers to third countries may occur, particularly involving Polar.sh (USA). Appropriate safeguards (e.g., Standard Contractual Clauses) are in place.
  • Data is only shared when a legal basis exists.

We implement technical and organizational measures (TOMs) to protect your data.

7. Export Control and Encryption

Our software may include data encryption features. The licensee is responsible for complying with all applicable export, import, and usage regulations. The provider may cancel orders if required by legal or regulatory obligations.

8. Rights of Data Subjects

Data subjects have the right to:

  • Access
  • Rectification
  • Erasure
  • Restriction of processing
  • Objection
  • Data portability

The statutory response period is generally one month.

9. Data Protection Officer

No Data Protection Officer has been appointed at this time. An appointment will be made if legally required.

10. Changes

This Privacy Policy may be updated. The current version is always available on our website.

Scroll to Top