Privacy Policy
1. Controller
Dharma Digital UG (haftungsbeschränkt)
Aachener Str. 34, c/o Antonio Agudo
50674 Köln, Germany
Email: [email protected]
We are not legally required to appoint a Data Protection Officer (DPO) under Art. 37 GDPR. For data protection inquiries, contact us at the address above.
2. Scope and Modes
This policy covers data processing for the Popsight desktop app and the Popsight website.
Popsight has two distinct technical modes:
BYOK mode: Your prompts/requests are sent directly from your device to selected LLM providers using your own API keys.
Trial proxy mode (invite code): Requests are routed through our EU-hosted servers to provide trial access.
The desktop app may contact our update server (updates.rankkey.app) to check for available software updates. This transmits your IP address and basic request metadata (app version, operating system). No personal data beyond this is transmitted during update checks.
3. Data We Process
Website data: Standard web server logs (e.g., IP address, request metadata, timestamps) for security and operations.
Account/transaction data: Checkout and billing information via Paddle (e.g., customer, order, invoice, VAT handling).
License data: License key status, activation metadata, and a pseudonymous device identifier (a SHA-256 hash derived from your operating system type, hostname, username, and home directory path) used for anti-abuse and license enforcement.
Trial timeout data (7-day trial): Random installation identifier on device; hashed identifier server-side; trial status timestamps.
Trial invite/proxy data: Invite code usage, token/quota records, machine binding data, IP address, user agent, and request processing metadata required to deliver trial functionality and protect the system.
App local data: Projects, prompts, run results, and related analysis data stored locally in the desktop app database.
4. Legal Bases (GDPR)
Art. 6(1)(b) GDPR (contract): To provide the app, trial access, licensing, updates, and support.
Art. 6(1)(c) GDPR (legal obligations): Tax/accounting and mandatory compliance duties.
Art. 6(1)(f) GDPR (legitimate interests): Security, abuse prevention, fraud defense, service integrity, legal defense, and currency localization based on approximate geographic location.
Art. 6(1)(a) GDPR (consent): Where consent is required (if used for optional processing in future).
5. Recipients and Processors
Paddle.com Market Ltd. acts as an independent controller (Merchant of Record / reseller) for purchase transactions. Paddle processes your payment, billing, and invoice data under its own controllership. See the Paddle Privacy Policy for details.
LLM providers receive request content in BYOK mode directly from your device, or in trial proxy mode through our server pipeline.
| Recipient | Processing Activity | Legal Role | Region | Transfer Safeguards |
|---|---|---|---|---|
| Hetzner Online GmbH | Web hosting, server infrastructure | Processor (Art. 28 GDPR) | EU (Germany) | DPA in place; no third-country transfer |
| Cloudflare, Inc. | Authoritative DNS for popsight.ai (DNS-only mode) | Processor (Art. 28 GDPR) | US / global edge | EU-US Data Privacy Framework (certified); SCCs in Cloudflare Customer DPA |
| Paddle.com Market Ltd. | Payment, invoicing, VAT, checkout (MoR) | Separate controller for payment/tax data | UK / Global | UK adequacy decision (renewed, sunset 27 Dec 2031) |
| Stripe, Inc. | Card processing, fraud prevention | Sub-processor of Paddle | US / Global | EU-US Data Privacy Framework; SCCs via Paddle |
| Cloudflare, Inc. | CDN and bot protection for Paddle checkout | Sub-processor of Paddle | US / Global edge | EU-US Data Privacy Framework (certified); SCCs via Paddle |
| Form.taxi | Contact form processing and delivery | Processor (Art. 28 GDPR) | EU | DPA in place; no third-country transfer |
| Plausible Insights OÜ | Privacy-friendly website analytics | Processor (Art. 28 GDPR) | EU (Estonia) | DPA in place; no third-country transfer |
DNS service (Cloudflare). We use Cloudflare, Inc. (101 Townsend Street, San Francisco, CA 94107, USA) as the authoritative DNS provider for popsight.ai in “DNS only” mode. Visitor HTTP(S) traffic to the website connects directly to our German hosting provider; only DNS lookups by recursive resolvers (typically your internet provider's resolver, or public resolvers such as 1.1.1.1 or 8.8.8.8) reach Cloudflare's authoritative nameservers. In this mode, Cloudflare normally observes the IP address of the recursive resolver rather than your IP. Where supported by the resolver, EDNS Client Subnet (ECS) may transmit a truncated portion of the visitor's IP to enable geographically-aware responses. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in resilient, DDoS-resistant DNS resolution). The Cloudflare Customer DPA (v6.3, 20 June 2025) is automatically incorporated by reference into the self-serve subscription terms; it includes the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) as a transfer safeguard. Cloudflare, Inc. is also certified under the EU-US Data Privacy Framework (verifiable on dataprivacyframework.gov, participant ID 5666).
Checkout sub-processors. Within the Paddle checkout, Stripe, Cloudflare, and other services loaded inside the Paddle iframe are managed under Paddle's own sub-processor agreements. For checkout-related processing, Dharma Digital's customer relationship data remains under its own controllership, while Paddle independently controls payment and tax data as Merchant of Record.
6. International Transfers
Our web hosting and core infrastructure are located in Germany (Hetzner Online GmbH). No third-country transfer occurs for hosting.
United Kingdom: Paddle.com Market Ltd. is established in the UK. The European Commission has renewed its adequacy decision for the UK, with a sunset date of 27 December 2031.
United States: Cloudflare, Inc. acts as our direct processor for authoritative DNS resolution of popsight.ai (see Section 5). Stripe, Inc. and Cloudflare also process data as sub-processors of Paddle in the checkout context. All three providers are certified under the EU-US Data Privacy Framework (Commission Implementing Decision (EU) 2023/1795 of 10 July 2023). Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) apply as a fallback transfer mechanism through the Cloudflare Customer DPA and through Paddle's sub-processor chain.
BYOK mode: When you use your own API keys, your requests go directly from your device to your chosen LLM provider. The applicable transfer safeguards depend on that provider's own terms and data processing agreements.
7. Retention
We retain personal data only as long as needed for contractual, legal, and security purposes. Specific retention periods:
- Server logs (IP address, request metadata): 7 days
- Trial and token records: 30 days after trial expiry
- License activation data: duration of active license plus 90 days
- Audit logs (activation, refresh events): 6 months
- Tax and accounting records: 10 years (§ 147 AO, § 257 HGB)
- App project/run content: stored locally on your device until you delete it
8. Your Rights
You have the right of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent (where processing is based on consent).
You also have the right to lodge a complaint with a supervisory authority, in particular with the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW).
9. Trial-Mode Clarification
BYOK mode and trial proxy mode involve different data flows. Trial proxy mode necessarily transmits request payloads through our infrastructure to enable invite-based access.
This distinction is material and forms part of our transparency obligations under GDPR.
10. Cookies and Tracking (Website)
This website sets no cookies on page load and does not use advertising or behavioral tracking scripts. We use Plausible Analytics, a privacy-friendly, cookieless web analytics service provided by Plausible Insights OÜ (Västriku 2, 50403 Tartu, Estonia). The Plausible script loads asynchronously from plausible.io. Plausible collects only aggregate, non-personal data: page URL, HTTP referrer, browser name, operating system, device type, and visitor country. No cookies are set, no personal data is stored, and no cross-site or cross-device tracking occurs. All data is processed within the EU. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in understanding website usage to improve our service). You have the right to object under Art. 21 GDPR. For details, see the Plausible Privacy Policy and Plausible Data Policy.
Pricing display and currency localization: Prices shown on the landing page are retrieved server-side during the build process from Paddle's pricing API. To display prices in your local currency, our server reads your IP address from the internet connection and determines your approximate country using a locally stored geographic database (IP geolocation by DB-IP). Our application processes your IP address transiently in server memory and does not store or log it at the application level. Standard web server access logs maintained by our hosting provider (Hetzner) may separately record your IP address for security and operational purposes (see Section 3). Only the resulting country code (e.g., "DE") is returned to your browser to select a currency (EUR, USD, or GBP). You may override the detected currency at any time using the currency selector. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in displaying prices in your local currency). You have the right to object under Art. 21 GDPR.
Cookies set during checkout or currency localization:
| Cookie | Domain | Purpose | Expiry |
|---|---|---|---|
__cf_bm | .paddle.com | Cloudflare bot management | 30 min |
m | .stripe.com | Stripe fraud prevention and device recognition | 2 years |
Legal basis: These cookies are set within the checkout process or upon explicit user request ("Show in my currency"). The legal basis under TDDDG section 25(2) no. 2 is that they are technically necessary for a service explicitly requested by the user. The GDPR basis for associated data processing is Art. 6(1)(b) (performance of a contract) for checkout functionality, and Art. 6(1)(f) (legitimate interest in fraud prevention) for Stripe's device recognition.
Local preference storage: If you manually select a currency using the currency selector, your selected currency code (e.g., "EUR") is saved in your browser's local storage so it is remembered on future visits. This storage is technically necessary under TDDDG section 25(2) no. 2 because it serves a function explicitly requested by you. No personal data is stored.
Additional connections during checkout: When the Paddle checkout loads, it may connect to js.stripe.com, m.stripe.com, fonts.googleapis.com, global.localizecdn.com, and *.paddle.com. These connections are initiated by Paddle as Merchant of Record for the checkout process.
Apart from the Plausible Analytics script described above, Dharma Digital does not operate advertising or tracking scripts on this website.
11. Use of Our Online Form
Our website uses Form.taxi, a web service provided by https://form.taxi (hereinafter “Form.taxi”). To provide you with the form functionality, we transmit the data you enter to Form.taxi. This data is processed and stored there and forwarded to us via email.
In addition, Form.taxi collects further data such as your IP address, browser type, the domain of the website, and the date and time of access in order to provide the intended form functionality.
The legal basis for the use of Form.taxi is Art. 6(1)(f) GDPR (legitimate interest). Data processing and storage takes place within the European Union.
For more information, please refer to the Form.taxi privacy policy: https://form.taxi/en/privacy.
Version: May 5, 2026
This English version is provided for convenience. The German legal version is available at Datenschutzerklärung (Deutsch).