Privacy Policy

1. Introduction and Data Controller

This Privacy Policy explains how LocalKey ("we," "us," or "our") collects, uses, and protects your personal information when you use our password management software and services.

Data Controller:
LocalKey
Email: privacy@localkey.app
Address: [Your Business Address]

2. Legal Basis for Processing (GDPR Article 6)

We process personal data based on the following legal grounds:

• Contract Performance (Article 6(1)(b)): To provide our password management services
• Legitimate Interest (Article 6(1)(f)): For security monitoring, fraud prevention, and service improvement
• Consent (Article 6(1)(a)): For marketing communications (where required)
• Legal Obligation (Article 6(1)(c)): For compliance with applicable laws

3. Information We Collect

3.1 Information We DO NOT Collect

3.2 Information We Do Collect

Account Information:

• Email address (for license delivery and support)
• Name (for license registration)
• Company name (for business licenses, optional)

Technical Information:

• Device type and operating system (for compatibility)
• Application version (for update notifications)
• License key and activation status
• Crash reports (anonymous, no personal data)

Website Analytics:

• IP address (anonymized)
• Browser type and version
• Pages visited and time spent
• Referral source

4. How We Use Your Information

We use collected information for:

• Service Delivery: License validation, software updates, customer support
• Communication: Important service announcements, security updates
• Improvement: Anonymous usage analytics to improve our software
• Security: Fraud prevention, abuse detection
• Legal Compliance: Meeting regulatory requirements

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share data only in these limited circumstances:

5.1 Service Providers

• Payment Processors: For license purchases (Stripe, PayPal)
• Email Services: For license delivery and support communications
• Analytics Providers: For website analytics (anonymized data only)

5.2 Legal Requirements

We may disclose information when required by law, court order, or to protect our rights and safety.

6. Data Retention

We retain personal data for the following periods:

• Account Data: Until account deletion or 7 years after last activity
• License Information: For the lifetime of the license plus 7 years
• Support Communications: 3 years after resolution
• Website Analytics: 26 months (anonymized)
• Marketing Data: Until consent is withdrawn

7. Your Rights Under GDPR

As a data subject, you have the following rights:

To exercise your rights, contact us at: privacy@localkey.app

We will respond within 30 days of receiving your request.

8. International Data Transfers

If we transfer your data outside the European Economic Area (EEA), we ensure adequate protection through:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules where applicable

9. Data Security Measures

We implement comprehensive security measures:

9.1 Technical Safeguards

• Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access with multi-factor authentication
• Network Security: Firewalls, intrusion detection, and monitoring
• Regular Updates: Security patches and vulnerability assessments

9.2 Organizational Safeguards

• Staff Training: Regular privacy and security training
• Access Limitation: Need-to-know basis for data access
• Incident Response: Documented procedures for data breaches
• Regular Audits: Internal and external security assessments

10. Cookies and Tracking

Our website uses cookies for:

• Essential Cookies: Required for website functionality
• Analytics Cookies: To understand website usage (anonymized)
• Preference Cookies: To remember your settings

You can control cookies through your browser settings. Disabling essential cookies may affect website functionality.

11. Children's Privacy

LocalKey is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will delete the information immediately.

12. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms:

• We will notify the relevant supervisory authority within 72 hours
• We will notify affected individuals without undue delay
• We will provide clear information about the breach and our response

13. Privacy by Design

LocalKey is built with privacy by design principles:

• Data Minimization: We collect only necessary information
• Purpose Limitation: Data used only for stated purposes
• Storage Limitation: Data retained only as long as necessary
• Transparency: Clear information about our practices

14. Third-Party Services

We use the following third-party services:

• Stripe: Payment processing (PCI DSS compliant)
• PayPal: Alternative payment processing
• Google Analytics: Website analytics (anonymized IP)
• Mailgun: Email delivery service

Each service has its own privacy policy and security measures.

15. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:

• Notify you of material changes via email or in-app notification
• Post the updated policy on our website
• Update the "Last Updated" date

16. Contact Information

Data Protection Officer:
Email: dpo@localkey.app
Phone: +1 (555) 123-4567

Privacy Inquiries:
Email: privacy@localkey.app

EU Representative (if applicable):
[EU Representative Details]

17. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your personal data in accordance with applicable law.

For EU residents: You can find your local authority at: https://edpb.europa.eu/about-edpb/board/members_en