Privacy Policy
1. Overview
Arxpoint GmbH (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website and use our authentication services.
2. Information We Collect
When you visit our website, our web server automatically collects:
- IP address (anonymized)
- Browser type and version
- Operating system used
- Date and time of access
- Websites from which you accessed our site (referrer)
This data collection is technically necessary to display our website and ensure stability and security. The legal basis is Art. 6(1)(f) GDPR.
3. Authentication Services (Auth0)
We use Auth0, an authentication service provided by Auth0 Inc. (a Okta company), to manage user authentication and authorization.
Data Collected by Auth0
When you create an account or log in, Auth0 collects:
- Email address
- Password (encrypted)
- Name (if provided)
- IP address
- Login timestamps
- Device information
Auth0 Data Processing
- Data is processed on Auth0 servers in the EU
- Authentication data is encrypted in transit and at rest
- Login information is stored for security and audit purposes
- We retain authentication logs for 30 days
Legal Basis for Auth0
The legal basis for processing this data is:
- Contract fulfillment (Art. 6(1)(b) GDPR) for registered users
- Legitimate interests (Art. 6(1)(f) GDPR) for security measures
4. Google Analytics 4
We use Google Analytics 4 (“GA4”), a web analytics service provided by Google LLC (“Google”). GA4 uses cookies and similar technologies to analyze how users interact with our website.
Data Collected by GA4
GA4 collects information including:
- Pages visited and time spent
- User interactions (clicks, scrolls)
- Device and browser information
- Approximate location (country/city level)
- Referral sources
Data Processing
- Data is processed on Google servers in the US under EU Standard Contractual Clauses
- IP addresses are anonymized before storage
- We have configured GA4 to store data for 14 months
- We do not combine GA4 data with other personal data
Legal Basis and Opt-Out
- The legal basis for GA4 is your consent (Art. 6(1)(a) GDPR)
- You can opt-out at any time by:
- Declining analytics cookies in our cookie banner
- Installing the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout
- Contacting us to revoke your consent
5. Cookies
We use:
- Technically necessary cookies for basic website functionality
- Authentication cookies for managing user sessions (Auth0)
- Analytics cookies with your consent (GA4)
You can control cookie settings through your browser and our cookie consent banner.
6. Data Storage and Security
- Server log files are stored for 7 days
- Authentication logs are retained for 30 days
- Analytics data is stored for 14 months
- We implement appropriate technical and organizational security measures
7. Your Rights
Under GDPR, you have the right to:
- Request access to your personal data
- Request correction of inaccurate data
- Request erasure of your data
- Object to processing
- Request data portability
- Withdraw consent
To exercise these rights, please contact us using the information below.
8. Contact for Data Protection Matters
Arxpoint GmbH
Greifswalder Str. 226
10407 Berlin
Germany
Email: privacy@arxpoint.com
9. Changes to This Policy
We may update this Privacy Policy from time to time. The current version was last updated on 18.12.2024.
10. Supervisory Authority
You have the right to file a complaint with a supervisory authority. The responsible authority for Berlin is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin
Phone: 030 13889-0
Fax: 030 2155050
Email: mailbox@datenschutz-berlin.de
Website: https://www.datenschutz-berlin.de