Login
Why LogiHashScannerAdES VerifierAPIAPI demoDocumentation
Back to Home

Privacy Policy

This Privacy Policy explains how personal data is processed across LogiHash platform touchpoints (Home, Try, Scanner, API demo, documentation pages, contact/reporting channels, and potentially feature-parity mobile apps).

Effective date: 2026-04-07

1. Controller

Trustec Valley UG (haftungsbeschraenkt), Universitaetsstrasse 3, 56070 Koblenz, Germany. Contact: info@trustecvalley.com.

2. Processing purposes

  • Provision and secure operation of website functionality
  • Handling contact requests and business communication
  • Abuse and security prevention (e.g., logging, rate limiting, incident handling)
  • Quality assurance and service improvement

3. Data categories

  • Master/profile data (e.g., name, company, role)
  • Contact data (e.g., email, phone number, message content)
  • Contract and billing-related data where applicable
  • Usage and log data (e.g., timestamps, IP, API calls, error diagnostics)
  • Document-related metadata entered by customers

4. Legal bases

  • Art. 6(1)(b) GDPR: contract performance and pre-contractual measures
  • Art. 6(1)(f) GDPR: IT security, abuse prevention, and platform integrity
  • Art. 6(1)(c) GDPR: compliance with legal obligations
  • Art. 6(1)(a) GDPR: consent where specifically required

5. Recipients and processors

  • Processors may be engaged, including Telekom Open Cloud (e.g., API Gateway, KMS).
  • Processors may be engaged, including Hetzner (hosting and object-storage infrastructure).
  • Data-processing agreements are concluded with relevant service providers.
  • Additional provider context is documented in the DPA and Third Party Licensing Notice.

6. Hosting and infrastructure

  • The platform is operated through contracted infrastructure providers (compute, storage, network, and security components).
  • System and security logs may be processed to ensure availability, integrity, and abuse detection.
  • Access follows role-based controls and need-to-know principles.

7. International data transfers

  • Where processing occurs outside the EEA, an appropriate legal transfer basis is applied.
  • Suitable safeguards (for example contractual protections) are implemented where required.

8. Retention

  • Data is retained only as long as necessary for the relevant purpose.
  • Mandatory statutory retention obligations remain unaffected.
  • After purpose completion, data is deleted or anonymized unless further retention is legally required.

9. Data-subject rights

  • Access, rectification, deletion, and restriction of processing
  • Data portability and objection rights within legal scope
  • Right to lodge a complaint with a competent supervisory authority

10. Security and incident response

  • Technical and organizational safeguards are applied (including access control, encryption, and monitoring).
  • Defined incident processes and reporting channels are maintained.

11. AI-assisted security analysis

AI-assisted plausibility and anomaly detection may be used for risk prioritization (legal basis: Art. 6(1)(f) GDPR). Critical outcomes remain subject to human review.

12. Cookies and local storage

  • Platform features may use technical storage mechanisms (e.g., locale, theme, and session-related values).
  • Such storage supports functionality, security, and user experience.

13. Reporting and alert channel

  • When report/alert features are used, report data, timestamps, contextual data, and technical evidence may be processed.
  • Reports may be pre-prioritized and plausibility-checked to separate legitimate incidents from spam/abuse.

14. Evaluation and feedback

  • Feedback and evaluation features may be available in app and web interfaces.
  • Purposes: product improvement, quality management, support optimization, and security signaling.
  • Legal bases: Art. 6(1)(b), Art. 6(1)(f), and where applicable Art. 6(1)(a) GDPR for optional surveys.

15. Obligation to provide data

Where data is required for contract performance, the corresponding service cannot be delivered without that data.

16. Automated decisions

No solely automated decision-making with legal effect takes place unless explicitly stated otherwise.

17. Complaint right and privacy contact

You have the right to lodge a complaint with the competent data protection authority. Privacy requests can be sent to info@trustecvalley.com or via the legal contact channels listed in the Imprint.

18. Changes to this Privacy Policy

This Privacy Policy may be updated to reflect legal, technical, or organizational changes.

19. AdES-related processing

  • Identity proofing in AdES-related flows is performed by LogiHash itself; certificates are sourced from an appropriate certificate-chain provider.
  • Where AdES functionality is used, signature-relevant verification data (e.g., signature status, time reference, contextual logs) may be processed.
  • Processing supports integrity evidence, misuse detection, and incident handling in signature workflows.
  • Primary legal bases include Art. 6(1)(b) GDPR (contractual performance) and Art. 6(1)(f) GDPR (security and platform integrity).