Privacy Policy

Effective: February 2026

1. Data Controller

Georgios Sevastakis
Email: contact@orchix.dev
Further details: Imprint

2. Data We Collect

2.1 Website visits

• IP address (stored in server logs for max. 7 days)
• Date and time of access
• Browser type and operating system

2.2 License purchase

When purchasing an ORCHIX PRO license, we collect and store:

• Email address – to deliver the license key and provide subscription management access. Legal basis: Art. 6(1)(b) GDPR (contract performance)
• Stripe Customer ID – technical reference to your Stripe account, used for subscription management
• Stripe Subscription ID – to process payment events
• Device fingerprint (hash) – to limit activations to max. 3 devices. We store only an irreversible SHA-256 hash, not the raw fingerprint. This hash is not personal data.

Payment data (credit card numbers, bank details) are not stored by us – these are processed exclusively by Stripe.

2.3 Cookies and local storage

• Session Cookie: For Web UI login, valid for 8 hours
• Cookie Consent: Your preference is stored in LocalStorage (no server access)

3. Data Processors (Art. 28 GDPR)

We use the following service providers under data processing agreements:

• Stripe, Inc. (USA, EU Standard Contractual Clauses) – payment processing and subscription management. Stripe Privacy Policy
• Resend, Inc. (USA, EU Standard Contractual Clauses) – transactional email delivery (license keys, management links). Resend Privacy Policy
• Contabo GmbH (Germany) – server hosting. All data is stored on German servers. Contabo Privacy Policy

4. Data Retention

• Active license: Data retained during active subscription
• Cancelled/expired license: Automatically deleted after 3 years
• Server logs (IP): 7 days
• Session cookie: 8 hours
• Stripe invoices: 10 years (statutory retention obligation)

5. Your Rights (GDPR)

You have the following rights:

• Art. 15 – Access: Request a copy of the data we hold about you
• Art. 16 – Rectification: Correction of inaccurate data
• Art. 17 – Erasure: Deletion of your data (right to be forgotten)
• Art. 18 – Restriction: Restrict processing of your data
• Art. 20 – Portability: Receive your data in machine-readable format
• Art. 21 – Objection: Object to processing

To exercise your rights, email support@orchix.dev. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority.

6. Security

• HTTPS encryption (TLS 1.2+)
• HMAC-signed license keys (plaintext never stored)
• Rate limiting on all API endpoints
• Encrypted database connections