Privacy Policy

Last updated: July 2026.

Template — this document should be reviewed by qualified counsel before launch.

The short version: the content you process in the desktop app — your text, images, extracted text, prompts, anonymized output, entity maps, and risk reports — never leaves your device. We only handle the account, subscription, and billing information needed to run your subscription.

1. Who we are

This Privacy Policy explains how DataAnonymiser ("we", "us") collects and uses personal data in connection with the DataAnonymiser desktop application, this website, and the associated account and licensing services (together, the "Service"). For the purposes of the EU/UK General Data Protection Regulation (GDPR), we are the data controller for the personal data described below. Contact: privacy@dataanonymiser.com.

2. Our core principle: local-only processing

All content processing — PII detection, placeholder replacement, local AI model inference, image description, and risk reporting — runs entirely on your device. We do not upload, log, stream, sync, or otherwise transmit your source text, images, extracted text, prompts, anonymized outputs, entity maps, risk reports, or filenames to our servers, to any analytics pipeline, or to any third party. There is no cloud inference of your content. This is enforced in the software architecture, not just by policy.

3. Personal data we collect

We collect only account, device, and billing metadata:

  • Account data: your email address, and one-time sign-in codes (stored only as salted, non-reversible hashes with a short expiry).
  • Device & license data: a device identifier, application version, and operating-system platform, used to activate your license, enforce your plan's device limit, and issue a signed license token. The token contains only account and subscription metadata (account ID, device ID, plan, feature flags, permitted processing-pack IDs, and expiry timestamps) — never your content.
  • Subscription & billing data: your plan tier, billing interval, subscription status, renewal date, any bonus-extension window, and the identifiers our payment processor assigns to your customer and subscription. Payment card details are entered directly with our payment processor (Stripe) and are never received or stored by us.
  • Optional feedback submissions: if you voluntarily submit a "failure example" to help us improve anonymization, you are asked to replace all real sensitive data with fake data first. The example text you submit is sent to an internal review mailbox and is not stored in our databases; we retain only a non-reversible fingerprint (hash) of it and the submission status, to detect duplicates and record any reward. Please never include real personal data in a submission.
  • Support communications: the content of emails you send us.

4. Website, cookies & analytics

This website is a static site. We do not use advertising, third-party tracking pixels, or behavioural analytics SDKs, and we do not set non-essential cookies. Any strictly necessary storage is limited to keeping you signed in during an account session.

5. Why we process it (legal bases under GDPR)

  • Performance of a contract (Art. 6(1)(b)) — to create and manage your account, activate and refresh your license, and deliver the subscription you purchased.
  • Legitimate interests (Art. 6(1)(f)) — to secure the Service, prevent fraud and abuse (including license and device-limit enforcement), and improve the product from voluntarily submitted feedback.
  • Consent (Art. 6(1)(a)) — for optional feedback submissions. You may withdraw consent at any time; withdrawal does not affect prior processing.
  • Legal obligation (Art. 6(1)(c)) — to meet tax, accounting, and record-keeping requirements relating to payments.

6. Service providers we share data with

We share the limited data above only with processors that help us run the Service, under contract and only as needed:

  • Stripe — payment processing and subscription billing. Stripe handles your card details directly under its own privacy policy; we receive only subscription status and billing metadata.
  • Microsoft (Exchange Online / Graph) — delivery of transactional and account emails, and receipt of any feedback submissions you send for review.
  • Hosting provider — our account and licensing servers are hosted at Hetzner in Germany.

We do not sell your personal data, and we do not share it for cross-context behavioural advertising.

7. International transfers

Our account and licensing infrastructure is operated in Germany. Where a processor (such as Stripe or Microsoft) processes data outside the European Economic Area, that transfer is covered by an appropriate safeguard under GDPR, such as the European Commission's Standard Contractual Clauses.

8. How long we keep it

  • Account and subscription data: for as long as your account is active.
  • Billing records: as required by applicable tax and accounting law after your account closes.
  • One-time sign-in codes: minutes (they expire quickly and are single-use).
  • Feedback fingerprints and status: retained to prevent duplicate submissions and record rewards; the submitted example email is handled under our internal review process and not retained in our databases.

9. Your rights

If you are in the EU/UK (GDPR): you have the right to access, rectify, erase, restrict, or object to processing of your personal data, the right to data portability, and the right to withdraw consent. You also have the right to lodge a complaint with your local data protection supervisory authority.

If you are a California resident (CCPA/CPRA) or in another US state with similar law: you have the right to know what personal information we collect and how we use it, to request access and deletion, to correct inaccurate information, and to opt out of any "sale" or "sharing" of personal information. We do not sell or share your personal information, and we will not discriminate against you for exercising your rights. To exercise any right, contact privacy@dataanonymiser.com; we may need to verify your identity via your account email.

10. Security

We use encryption in transit (TLS), store sign-in codes only as salted hashes, sign license tokens cryptographically, and store license tokens in your operating system's secure storage where available. Because your content is never transmitted to us, it is not exposed to any server-side breach of our systems. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

11. Children

The Service is not directed to children and is not intended for use by anyone under 16 (or under 13 in the United States). We do not knowingly collect personal data from children.

12. Changes

We may update this Policy from time to time. Material changes will be reflected by the "Last updated" date above and, where required, notified to you.

13. Contact

Privacy questions or requests: privacy@dataanonymiser.com. See also our Terms of Service and Limitations.