Privacy Policy

General

The protection of individuals with regard to the processing of personal data is a fundamental right. In accordance with Article 8(1) of the Charter of Fundamental Rights of the European Union and Article 16(1) of the Treaty on the Functioning of the European Union, every person has the right to the protection of personal data concerning him or her.

The principles and rules relating to the protection of individuals with regard to the processing of personal data are intended to ensure that your fundamental rights and freedoms, and in particular your right to the protection of personal data, are respected, whatever your nationality or place of residence.

1. Data Controller

This data protection information applies to the data processing on the Internet pages of https://zentislabs.com by:

Hive Solutions GmbH,

represented by the authorised managing directors: Lukas Ratheiser and Pascal Giloth

Gimbsheimer Str. 7,
67577 Alsheim, Germany

Email: info@zentislabs.com

Data Protection Officer: The appointment of a company data protection officer is not required under the current legal situation (Art. 37 GDPR thresholds not met).

2. Data We Collect

Technical Data (Website Visit)

When you visit our website, the following information is collected without your intervention and stored until automatically deleted:

• IP address of the requesting computer
• Date and time of access, time zone difference to Greenwich Mean Time
• Name and URL of the retrieved file (concrete page)
• Website from which the access takes place (referrer URL)
• Browser used and, if applicable, operating system, device type, and name of your access provider

This data is processed for the following purposes:

• Ensuring a smooth connection to the website
• Guaranteeing comfortable use of our website
• Evaluation of system security and stability
• Other administrative purposes

Account Data

• Email address provided during registration
• Username or display name
• Hashed password (we never store plaintext passwords)
• Discord or GitHub account data (if using OAuth login)

Billing & Payment Data

• Payment method details processed via Stripe (we do not store full card numbers)
• Billing address (if provided)
• Transaction history, invoices, and subscription status

Usage Data

• Bandwidth consumption and API call volumes
• Proxy connection logs (timestamps, target ports — not target URLs)
• Dashboard activity and feature usage patterns

Support Data

• Messages, attachments, and metadata from support tickets
• Live-chat transcripts

3. Legal Basis for Processing

We process personal data on the following legal bases under the GDPR:

• Contract performance (Art. 6(1)(b)) — to create your account, deliver proxy/VPS services, and process payments.
• Legitimate interest (Art. 6(1)(f)) — fraud prevention, network security, service improvement, and essential analytics.
• Consent (Art. 6(1)(a)) — marketing emails, non-essential cookies, and optional analytics.
• Legal obligation (Art. 6(1)(c)) — tax records, anti-money-laundering, and lawful data-retention requirements.

Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person beyond the stated purposes.

4. Transfer of Data

Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:

• You have given us your explicit consent to do so in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR
• The transfer is necessary for the assertion, exercise, or defence of legal claims pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data
• There is a legal obligation to pass on the data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR
• This is legally permissible and required under Art. 6 para. 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you

5. Cookies & Tracking

We use cookies in our web shop and dashboard area. These are small files that your browser automatically creates and stores on your device when you visit our site. Cookies do not cause any damage to your device.

Essential Cookies

Required for the website and dashboard to function — session tokens, CSRF protection, load-balancer affinity. These cannot be disabled. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

Functional Cookies

Remember your language, theme, and dashboard preferences. Legal basis: legitimate interest.

Analytics Cookies

With your consent, we use privacy-focused analytics to understand how visitors use our site. No cross-site tracking. You can withdraw consent at any time via the cookie banner or by emailing us. Legal basis: consent (Art. 6(1)(a) GDPR).

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer. Completely deactivating cookies may mean that you cannot use all the functions of our website.

6. Google reCAPTCHA

We use Google reCAPTCHA v3 on our registration, login, and contact pages to protect against automated abuse and spam. When you interact with the reCAPTCHA widget, Google may collect and process data including your IP address, browser type, operating system, screen resolution, mouse movements, keystrokes, time spent on the page, cookies, and device identifiers. This data is transmitted to Google LLC servers in the USA and processed under Google's Privacy Policy and Terms of Service. Legal basis: legitimate interest (Art. 6(1)(f) GDPR) in preventing fraudulent registrations.

7. Payment Processing

Payments are processed by Stripe, Inc. (510 Townsend Street, San Francisco, CA 94103, USA). Stripe acts as an independent data controller for payment data and is certified under the EU–US Data Privacy Framework. We never receive or store complete credit/debit card numbers. For details, see Stripe's Privacy Policy.

8. Data Sharing & Sub-processors

We do not sell your personal data. We share data only with the following sub-processors and categories of recipients:

We may also share data with law enforcement when legally compelled by valid court order or subpoena. All sub-processors are bound by data processing agreements that meet GDPR requirements.

9. International Transfers

Some of our infrastructure and sub-processors are located outside the European Economic Area. Where personal data is transferred to a third country, we ensure appropriate safeguards through Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent mechanisms such as adequacy decisions.

10. Data Retention

• Account data — retained while your account is active; permanently deleted 30 days after account deletion.
• Server logs — retained for 90 days, then automatically purged.
• Invoices & billing — retained for 6–10 years as required by tax and commercial law.
• Support tickets — retained for 2 years after resolution, then anonymised or deleted.
• Marketing consent records — retained for as long as the consent is valid, plus 1 year.

11. Your Rights (GDPR)

Under the GDPR, you have the following rights:

• Access (Art. 15) — request a copy of all personal data we hold about you, including processing purposes, categories of data, recipients, storage periods, and the existence of automated decision-making.
• Rectification (Art. 16) — correct inaccurate or incomplete data without delay.
• Erasure (Art. 17) — request deletion (“right to be forgotten”), unless processing is necessary for freedom of expression, legal obligations, public interest, or legal claims.
• Restriction (Art. 18) — limit processing in certain circumstances.
• Data portability (Art. 20) — receive your data in a structured, common, machine-readable format or request transfer to another controller.
• Object (Art. 21) — object to processing based on legitimate interests or direct marketing. For direct marketing, you have a general right of objection which we will implement without requiring any special justification.
• Withdraw consent (Art. 7(3)) — withdraw consent at any time without affecting prior processing.

To exercise any right, email legal@zentislabs.com. We respond within 30 days.

12. Data Security

We implement appropriate technical and organisational measures to protect your data, including TLS encryption in transit, AES-256 encryption at rest, role-based access controls, regular security audits, and automated intrusion detection.

13. Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

14. Complaints / Supervisory Authority

If you believe your data protection rights have been infringed, you have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for us in Rhineland-Palatinate is:

The State Commissioner for Data Protection and Freedom of Information
Rhineland-Palatinate
Hintere Bleiche 34
55116 Mainz, Germany
Phone: +49 (0) 6131 208-2449
Fax: +49 (0) 6131 208-2497
Email: poststelle@datenschutz.rlp.de

EU residents may also contact their local data protection authority.

15. Changes to This Policy

Due to the further development of our website or due to changes in legal or official requirements, it may become necessary to amend this data protection declaration. Material changes will be communicated via email or a prominent notice on our website. You can access and print out the current data protection declaration at any time on the website at https://zentislabs.com/legal/privacy-policy.