Privacy policy
This privacy policy explains how we, Wierk S.à r.l., the corporation operating ciphereditor and cryptii, process personal data.
Key terms
To ensure our privacy policy is legible and understandable we first explain the terminology used.
Personal data
Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing data
Processing is any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Cookies
Cookies are pieces of text that are stored by an Internet browser upon the request of a website you visit. Many cookies contain unique identifiers consisting of a character string assigned by the Internet page (or server) you visit. This allows them to differentiate your individual browser from other Internet browsers that contain other cookies. Thus, in subsequent visits and requests, a specific Internet browser can be recognized and identified using the unique identifier in a cookie.
You may, at any time, delete already set cookies, and prevent the setting of cookies temporarily or permanently through our website by a corresponding setting in the Internet browser you use. Deactivating the setting of cookies in the Internet browser may render certain functions of our websites entirely unusable (e.g. logging in to our services, using a shopping cart, etc.) as every visit is considered your first visit.
IP address
Every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks. An IP address may be used to identify the approximate location from which a device is connecting to the Internet.
What data do we collect and why
The processing of personal data, such as your name, address, email address, or phone number is always in line with the General Data Protection Regulation (GDPR), and the Luxembourgish data protection regulations.
Things you create or provide to us
When you create an account or choose to submit a request through email, contact, or feedback form you may provide us with personal information – like your name, email address, phone number, password, etc. We also collect the content you create, upload or choose to share using one of our services.
Information we collect as you use our services
We gather usage and behavior statistics and information about the browsers and devices you use to improve our user interface and content strategy. In addition, to maintain the accessibility and technical stability of our software, we monitor and identify code errors and collect metadata for diagnostic purposes.
Information we collect includes the device type, brand, operating system, browser version, IP address of the device as well as information that helps to identify the app's state in which an unexpected error may have occurred.
The legal basis of the aforementioned data processing is Art. 6(1) f) of the GDPR. The information is collected anonymously, is not used for personal reasons, and is retained for a limited time. Such processing is in our legitimate interest because the data is used solely for analyzing and improving our content structure and code quality.
By default, we do not keep permanent IP address logs. However, IP address logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities like spamming, DDoS attacks against our infrastructure, brute force attacks, etc. The legal basis of this processing is our legitimate interest to protect our service against nefarious activities.
Information we collect as you enter into a contract with us
We collect and store contractual and pre-contractual information necessary to fulfill your request. This includes the personal identification information of the contractual partner.
Information we collect to comply with legal obligations
We collect and store information to be able to comply with legal obligations (including those imposed by applicable commercial, tax, and anti-money laundering laws) as well as any regulatory obligations and to respond to requests and comply with requirements from the public authorities.
Who we share data with
- Vercel
Part of our service is hosted by Vercel Inc. (”Vercel”). The personal data collected and provided by you when you use our service is processed by Vercel as a hosting provider. Further information on Vercel's privacy policy can be found at https://vercel.com/legal/privacy-policy, https://vercel.com/legal/Vercel_Inc_-_Data_Processing_Addendum.pdf.
- Amazon Web Services (AWS)
Part of our service is hosted by Amazon Web Services EMEA S.à r.l., ("AWS")., located at 38, avenue John F. Kennedy, L-1855 Luxembourg. The personal data collected and provided by you when you use our service is processed by AWS as a hosting provider. Further information on the GDPR compliance of AWS can be found at https://aws.amazon.com/compliance/gdpr-center/.
- Fathom Analytics
We want to process as little personal information as possible when you use our website. That's why we've chosen Fathom Analytics for our website analytics, which doesn't use cookies and complies with the GDPR, ePrivacy (including PECR), COPPA, and CCPA. Using this privacy-friendly website analytics software, your IP address is only briefly processed, and we have no way of identifying you. As per the CCPA, your personal information is de-identified. You can read more about this at https://usefathom.com/.
The purpose of us using this software is to understand our website traffic in the most privacy-friendly way possible so that we can continually improve our website and business. The lawful basis as per the GDPR is “f); where our legitimate interests are to improve our website and business continually.” As per the explanation, no personal data is stored over time.
- Sentry
When unexpected errors occur while using the app diagnostic metadata about them may be forwarded to Sentry. The information is collected anonymously, is not used for personal reasons, and is subsequently deleted. The operator of Sentry is Functional Software, Inc. dba Sentry, 132 Hawthorne Street, San Francisco, CA 94107. For more information on Sentry's data processing and how it works, see Sentry's privacy policy at https://sentry.io/privacy/.
- Public authorities
We share data with public authorities to comply with legal obligations (including those imposed by applicable commercial, tax, and anti-money laundering laws) as well as any regulatory obligations and to respond to requests.
Your data protection rights
We would like to make sure you are fully aware of all of your data protection rights granted by the European legislator. Every user is entitled to the following:
- Right of confirmation
You have the right to obtain confirmation as to whether or not your personal data is being processed by us.
- Right of access
You have the right to obtain a free copy of your personal data we have stored at any time. Furthermore, you have access to the following information: the purposes of the processing; the categories of personal data concerned; the recipients to whom the personal data is disclosed to, in particular recipients in third countries or international organizations; the period for which the personal data will be stored or the criteria used to determine that period; where the personal data are not collected from you directly and any available information as to their source; the existence of automated decision-making, as well as the significance and envisaged consequences of such processing for you.
- Right to rectification
You have the right to obtain, without undue delay, the rectification of inaccurate personal data. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including using a supplementary statement.
- Right to erasure (Right to be forgotten)
You have the right to obtain the erasure of your personal data without undue delay. As long as the processing is not necessary we have the obligation to erase personal data when you withdraw consent or object to the processing; the purposes for which they were collected are no longer given, or to comply with legal obligations.
- Right of restriction of processing
You have the right to obtain restriction of processing when you contest the accuracy of your personal data; the processing is unlawful and you request the restriction of its use instead of erasing it; we no longer need the personal data for the purposes of the processing but they are required by you for the establishment, exercise or defence of legal claims; or when you objected to the processing.
- Right to data portability
You have the right to receive the personal data that you have provided to us, in a structured, commonly used, and machine-readable format, and to transmit your personal data or, if technically possible, have us transmit the personal data to a third party while not adversely affect the rights and freedoms of others. You may exercise your right to the portability of your Personal Data only when we use this personal data based on your consent, or to perform a contract, and this personal data is processed using automated methods.
- Right to object
You have the right to object, on grounds relating to your particular situation, at any time, to the processing of your personal data. We no longer process your personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing or for the establishment, exercise, or defense of legal claims.
- Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you, as long as the decision is not necessary for entering into, or the performance of, a contract or is not based on your explicit consent.
- Right to withdraw data protection consent
You have the right to withdraw your consent to processing your personal data at any time.
You may exercise your rights as listed above or send us all your questions concerning the processing of your personal data by contacting us directly.
Changes to our privacy policy
We keep our privacy policy under regular review and place any updates on this web page. This privacy policy was last updated on 7 December 2023.