1. Introduction

At PhraseVault, your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your personal data when you use our website and services. We comply with the General Data Protection Regulation (GDPR) and other relevant data protection laws.

2. Data Controller

The data controller for PhraseVault is:

SPQRK Web Solutions, Gerhard Petermeir
Haag 8
8344 Bad Gleichenberg
Austria
Email: phrasevault@spqrk.net

3. Data Collection and Usage

PhraseVault App

We DO NOT COLLECT any data within the PhraseVault app. The app is built with source-available code and runs entirely on your device. We do not have access to your data, and we do not track your usage.

Note: Microsoft Windows and installation via winget may collect data. Please refer to the respective privacy policies for more information.

Website

We collect and use your personal data for the following purposes:

a. Necessary Cookies

These cookies are essential for the functioning of our website and include cookies for payment processing and fraud prevention. They are always enabled to ensure our site works correctly.

Cookies used:

Stripe: __stripe_mid, __stripe_orig_props, __Secure-has_logged_in, private_machine_identifier, machine_identifier, and other cookies required for the service to function properly

b. Analytics and Marketing Cookies

With your consent, we use analytics and marketing cookies to understand how you use our site and interact with our ads on platforms like Facebook and Instagram. This information helps us improve our service and marketing.

Cookies used:

Google Analytics: _ga, _gid, _gat, and other cookies required for the service to function properly
Meta Pixel (formerly Facebook): _fbp, _fbc, fr, presence, c_user, xs, datr, sb, and other cookies required for the service to function properly
LinkedIn: li_oatml, li_sugr, li_fat_id, li_fat, liap, lidc, bcookie, bscookie, lissc, UserMatchHistory, lang, and other cookies required for the service to function properly
Microsoft Bing UET: MUID, MUIDB, _uetsid, _uetvid, _uetmsclkid, and other cookies required for the service to function properly

4. Legal Basis for Processing

We process your personal data on the following legal bases:

Consent: For analytics and marketing cookies, we rely on your consent.
Legitimate interest: For necessary cookies, we rely on our legitimate interest in ensuring our website functions properly.

5. Data Sharing and International Transfers

While we do not identify individual users, our partners (for example, Stripe, Google Analytics, and Meta/Facebook) may associate this information with other data they hold. We ensure that any shared data is handled securely and in compliance with GDPR.

Some of our service providers are based in the United States. Personal data may be transferred to the following recipients:

Stripe, Inc. (payment processing) — USA. Transfer basis: EU-US Data Privacy Framework (adequacy decision, 10 July 2023).
Google LLC (Google Analytics) — USA. Transfer basis: EU-US Data Privacy Framework.
Meta Platforms, Inc. (Meta/Facebook Pixel) — USA. Transfer basis: EU-US Data Privacy Framework.
LinkedIn Corporation (LinkedIn Insight Tag) — USA. Transfer basis: EU-US Data Privacy Framework.
Microsoft Corporation (Bing UET) — USA. Transfer basis: EU-US Data Privacy Framework.

The EU-US Data Privacy Framework was established by an adequacy decision of the European Commission on 10 July 2023. You can verify each company's certification at dataprivacyframework.gov.

6. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of access: You can request access to your personal data.
Right to rectification: You can request correction of inaccurate or incomplete data.
Right to erasure: You can request deletion of your data under certain conditions.
Right to restriction of processing: You can request that we restrict the processing of your data.
Right to data portability: You can request transfer of your data to another organization.
Right to object: You can object to the processing of your data for specific purposes.
Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. The competent authority is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde), Barichgasse 40-42, 1030 Vienna, Austria, www.dsb.gv.at, email: dsb@dsb.gv.at.

To exercise these rights, please contact us at phrasevault@spqrk.net .

7. Data Security

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, loss, or destruction.

8. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy, or as required by law.

Cookie consent preference: Your cookie consent choice is stored for 6 months (182 days), after which you will be asked again.
Necessary cookies (Stripe): Stripe payment and fraud-prevention cookies are retained for up to 1 year by Stripe. We do not control their exact duration; see Stripe's Privacy Policy.
Google Analytics cookies (GA4): _ga and _ga_<container-id> are each retained for up to 2 years. Analytics data is retained in Google Analytics for 14 months.
Meta/Facebook cookies: _fbp and fr are retained for up to 90 days.
LinkedIn cookies: bcookie is retained for up to 1 year, lidc for 24 hours, UserMatchHistory for 30 days.
Microsoft Bing UET cookies: MUID is retained for up to 13 months, _uetsid for up to 24 hours, _uetvid for up to 13 months.
Payment and license records: Transaction data processed through Stripe and license activation records are retained for 7 years as required by Austrian tax law (BAO Section 132).
GeoIP lookups: We use MaxMind GeoLite2 data to determine your country for currency display. No personal data from these lookups is stored on our servers.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

10. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: