Privacy Policy
OptropicGlobal GmbH Last Updated: February 2026
1. Introduction
OptropicGlobal GmbH ("Optropic", "we", "us", or "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and protect your information when you use our services.
2. Who We Are
OptropicGlobal GmbH Musterstraße 1 10115 Berlin, Germany
Data Protection Officer: privacy@optropic.com
3. What Data We Collect
3.1 API Customers (Businesses)
| Data | Purpose |
|---|---|
| Company name | Account identification |
| Contact name and email | Communications |
| Billing information | Payment processing |
| API usage logs | Service delivery, billing |
3.2 End Users (via Customer Applications)
When end users scan products using applications built with our API:
| Data | Purpose |
|---|---|
| Hashed IP address | Fraud detection |
| Hashed device fingerprint | Fraud detection |
| Scan timestamp | Service operation |
| Country (from IP) | Geographic fraud detection |
Camera images captured during verification are processed entirely on the user's device. We never receive, transmit, or store photographs.
3.3 Website Visitors
| Data | Purpose |
|---|---|
| Browser type | Analytics |
| Pages visited | Analytics |
| Cookies (with consent) | Session management |
4. How We Use Your Data
We process personal data for:
- Service Delivery: Operating our API services
- Security: Fraud detection and prevention
- Billing: Processing payments and invoices
- Communications: Service updates, support
- Legal Compliance: Meeting regulatory obligations
5. Legal Basis for Processing
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Service delivery | Contract performance |
| Billing | Contract performance |
| Security/fraud prevention | Legitimate interest |
| Communications | Contract/Legitimate interest |
| Legal compliance | Legal obligation |
| Analytics | Consent |
6. Data Sharing
We share data only as follows:
| Recipient | Purpose | Location |
|---|---|---|
| Vercel Inc. | Web hosting | EU |
| Supabase Inc. | Database | EU |
| Stripe Inc. | Payments | EU |
We never sell personal data to third parties.
7. International Transfers
Data is processed within the EU. If transfers outside the EEA are necessary, we use EU Standard Contractual Clauses.
8. Data Retention
| Data Type | Retention |
|---|---|
| Account data | Contract duration + 7 years |
| API logs | 90 days |
| Verification logs | 2 years |
| Billing records | 10 years |
9. Your Rights
Under GDPR, you have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your data ("right to be forgotten")
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent at any time
To exercise these rights, email privacy@optropic.com.
10. Cookies
10.1 Essential Cookies
Required for service operation (no consent needed):
- Session cookies
- Authentication tokens
10.2 Analytics Cookies
Optional, with consent:
- Page view analytics
- Performance monitoring
You can manage cookie preferences in your browser settings.
11. Security
We protect your data with:
- Encryption (AES-256 at rest, TLS 1.3 in transit)
- Access controls and authentication
- Regular security assessments
- Employee security training
See our Security Policy for details.
12. Children's Privacy
Our services are not directed at children under 16. We do not knowingly collect data from children.
13. Changes to This Policy
We may update this policy periodically. Material changes will be communicated via email or website notice.
14. Contact Us
For privacy inquiries:
Data Protection Officer privacy@optropic.com
Postal Address: OptropicGlobal GmbH Attn: Privacy Musterstraße 1 10115 Berlin, Germany
15. Supervisory Authority
You may lodge complaints with:
Berliner Beauftragte für Datenschutz und Informationsfreiheit Friedrichstraße 219 10969 Berlin mailbox@datenschutz-berlin.de