Effective date: April 6, 2026 · Last updated: 2026-04-06
1. Introduction & Zero-Knowledge Architecture
anonym.plus is a desktop application for offline document anonymization with a zero-knowledge architecture. This means:
- Documents never leave your machine: All PII anonymization happens locally on your computer. No documents are transmitted to our servers.
- We are not a data processor: We cannot see, access, or process the documents you anonymize. You remain the sole data controller of your documents.
- Minimal data collection: We collect only the minimum personal data needed to manage your account and enforce license terms.
anonym.plus ("we", "us", "our") is the data controller for your account information. For questions about this policy or your data rights, contact us at privacy@anonym.plus.
2. Personal Data We Collect
We collect only the minimum data necessary to provide our service. No document content is ever transmitted to our servers.
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Email address | Account creation, login, support | Contract performance (Art. 6.1.b) |
| Authentication hash | Zero-knowledge login verification | Contract performance (Art. 6.1.b) |
| Machine fingerprint (hardware hash derived from CPU ID, motherboard serial, and OS install ID — not reversible to individual components) | License activation (device binding — limits activations to your registered machines) | Contract performance (Art. 6.1.b) |
| IP address | Rate limiting, security, activation logs | Legitimate interest (Art. 6.1.f) |
| Payment information | License purchases (via Stripe/PayPal) | Contract performance (Art. 6.1.b) |
What We Do NOT Collect
- Your password: We never see, store, or have access to your password. Authentication uses zero-knowledge proofs — you prove you know your password without transmitting it.
- Document content: Documents processed by the desktop app stay on your device. We never receive, store, access, or process your documents.
- Usage analytics: We do not track how you use the application, what documents you process, or how the anonymization features are used.
- Tracking cookies: We do not use analytics, behavioral tracking, or advertising cookies of any kind.
- Third-party integrations: We do not use Google Analytics, Mixpanel, Amplitude, or similar tracking services.
- Marketing surveillance: We do not use third-party advertising, retargeting, or marketing automation tools.
3. How We Use Your Data
We use your personal data only for the following purposes, all required to provide the service or protect our legitimate interests:
- Account management: Creating and maintaining your account, authenticating your identity via zero-knowledge authentication.
- License activation & enforcement: Binding licenses to your registered machines to enforce device limits (e.g., Free: 1 machine, Basic/Pro: 3 machines, Expert: 5 machines).
- Payment processing: Processing one-time license purchases through Stripe and PayPal, and maintaining payment records for accounting and tax purposes.
- Customer support: Responding to your support requests, troubleshooting activation issues, and handling license management requests.
- Security & fraud prevention: Preventing abuse via rate limiting, account lockout mechanisms, and analyzing activation patterns for license compliance.
- Legal compliance: Maintaining records as required by tax law (typically 7 years) and responding to legal requests.
4. Sub-Processors & Third-Party Services
We share personal data with third-party sub-processors only where necessary to provide our service. All sub-processors are contractually bound to protect your data and use it only for the stated purpose:
| Processor | Purpose | Data Shared |
|---|---|---|
| Stripe, Inc. | Payment processing | Email, payment details |
| PayPal Holdings, Inc. | Payment processing | Email, payment details |
| Hosting provider (Hetzner Online GmbH) | Server infrastructure | IP addresses (server logs) |
| ipwho.is (Lunanode) | Download geolocation analytics (country/city only) | IP address at time of download (not stored; only country/city result is retained) |
| Resend, Inc. | Transactional email delivery | Email address, email content (account notifications) |
5. Data Retention & Deletion
We apply a principle of data minimization: we retain personal data only as long as necessary to provide the service or comply with legal obligations.
- Account data: Retained until you delete your account. Upon deletion, all personal data is permanently removed within 30 days.
- Activation logs: IP addresses in activation logs are automatically nulled (anonymized) after 90 days. Log entries themselves are retained for 1 year for security auditing.
- Download analytics: IP addresses are sent to a third-party geolocation service (ipwho.is) for real-time country/city lookup only. The IP address itself is not stored by us; only the resulting country and city are retained in analytics. These are nulled after 90 days.
- Audit logs: Maximum 1,000 entries are retained. Entries older than 90 days are automatically deleted.
- Support tickets: Retained for the duration of your account. After account deletion, support history is deleted after 30 days.
- Payment records: Retained as required by tax, accounting, and VAT regulations (typically 7 years in the EU). These records contain only transaction metadata, not your personal data.
Account Deletion: You can delete your account at any time via the account dashboard or by contacting privacy@anonym.plus. Deletion is permanent and irreversible. All associated data (email, authentication hash, machine records, activation history, support tickets) is permanently removed.
6. Your GDPR Rights (Articles 15-22)
Under the General Data Protection Regulation (GDPR), you have the following rights with respect to your personal data:
- Right of Access (Art. 15): Request a copy of all personal data we hold about you in a structured, machine-readable format.
- Right of Rectification (Art. 16): Correct inaccurate or incomplete personal data. You can update your email address in the account dashboard.
- Right of Erasure / "Right to be Forgotten" (Art. 17): Delete your account and all associated personal data. You can do this via the account dashboard or by contacting us.
- Right to Restrict Processing (Art. 18): In certain circumstances, restrict how we process your data (e.g., while we verify disputed data).
- Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly-used, machine-readable format and have it transferred to another service provider.
- Right to Object (Art. 21): Object to processing based on legitimate interests (e.g., rate-limit blocking). We will cease processing unless we have compelling reasons to continue.
- Rights related to automated decision-making (Art. 22): We do not use automated decision-making or profiling to make decisions about you.
How to Exercise Your Rights: Send a request to privacy@anonym.plus with a clear description of what you want. You may be asked to verify your identity. We will respond within 30 days (extendable by 60 days for complex requests).
7. Cookies, Local Storage & Tracking Technologies
We use only essential session storage — no tracking or advertising cookies.
- Session tokens (sessionStorage): We use browser sessionStorage to keep you logged in on our website. These tokens are automatically cleared when you close the browser tab or manually log out. They contain only an encrypted session identifier and your email address — no tracking data.
- No persistent cookies: We do not set persistent cookies that track you across sessions.
- No third-party cookies: We do not use third-party analytics (Google Analytics, Mixpanel, etc.), advertising cookies, or tracking pixels.
- Do Not Track (DNT): We respect the "Do Not Track" signal. If your browser sends DNT, we do not store analytics data beyond what is technically necessary.
8. Security Measures & Technical Safeguards
We implement comprehensive technical and organizational security measures to protect your personal data:
- Zero-knowledge authentication: Your password is never transmitted to or stored on our servers. We use cryptographic zero-knowledge proofs — you prove you know your password without revealing it.
- Transport encryption: All data transmitted between your device and our servers uses TLS 1.2 or TLS 1.3 (HTTPS). Certificate pinning ensures you connect to our legitimate servers only.
- Data encryption at rest: Database credentials and sensitive account data are encrypted using AES-256-GCM. Encryption keys are managed separately from encrypted data.
- Rate limiting & brute-force protection: Account logins are rate-limited and trigger temporary lockouts after repeated failed attempts.
- License activation security: Machine fingerprints are hashed using PBKDF2-SHA256 to prevent reverse-engineering. The fingerprint derivation is non-reversible (cannot be unmixed back to CPU ID, motherboard, or OS install ID).
- Administrative access control: All admin panel access requires two-factor authentication (TOTP / Time-based One-Time Password). Admin passwords are hashed with bcrypt.
- Audit logging: All administrative actions are logged automatically with timestamps and IP addresses. This audit trail is immutable for forensic purposes.
- Intrusion detection: We monitor for suspicious activity including unusual geolocation patterns, rate-limit violations, and brute-force attempts.
- Regular security updates: We patch known vulnerabilities in our dependencies within 24 hours of public disclosure.
9. International Data Transfers
Data storage location: Our primary servers are located in the European Union (Hetzner Online GmbH, Nuremberg, Germany).
Sub-processors with US locations: The following sub-processors may process or transfer your data to the United States. All transfers are made under Standard Contractual Clauses (SCCs) adopted pursuant to EU Commission Decision 2021/914:
- Stripe, Inc. (USA): Payment processing. Data transferred: email, payment details. Standard Contractual Clauses in place. Stripe's Data Processing Agreement.
- PayPal Holdings, Inc. (USA): Payment processing. Data transferred: email, payment details. Standard Contractual Clauses in place. PayPal's Privacy Statement and DPA.
- Resend, Inc. (USA): Transactional email delivery (account notifications, password resets, license delivery). Data transferred: email address, email content only. Standard Contractual Clauses in place. Resend's Data Processing Agreement.
Adequacy findings: The European Commission has not issued an adequacy decision for the United States. Our transfers rely solely on contractual safeguards (SCCs). You have the right to request details of the specific safeguards in place by contacting privacy@anonym.plus.
10. Children's Privacy
anonym.plus is a professional PII anonymization tool designed for enterprise, legal, compliance, and research use. It is not directed at or intended for children under the age of 16. We do not knowingly collect personal data from anyone under 16. If we discover we have done so, we will delete that data immediately. Parents or guardians who believe a child has provided personal data to us should contact privacy@anonym.plus.
11. Changes to This Policy
We may update this privacy policy to reflect changes to our practices, technological improvements, or for legal reasons. We will post the updated policy on this page with a revised effective date. Material changes (such as new data sharing practices) will be communicated to you via email at least 30 days before they take effect. Your continued use of anonym.plus after the effective date constitutes your acceptance of the updated policy.
12. Data Protection Officer & Contact Information
Data Controller:
Zenya Renewables B.V.John M. Keynesplein 1
1066 EP Amsterdam
Netherlands
Trade Register (KvK): 96567511
Privacy-related inquiries:
- Email: privacy@anonym.plus — for data subject rights requests, complaints, and privacy questions
- Support: Contact form — for general support and inquiries
- Response time: 30 days (extendable by 60 days for complex requests)
13. Supervisory Authority & Complaint Rights
You have the right to lodge a complaint with a data protection supervisory authority. The competent supervisory authority for anonym.plus (based in the Netherlands) is:
Autoriteit Persoonsgegevens (AP)Postbus 93374
2509 AJ Den Haag
Netherlands
Phone: +31 70 888 8500
www.autoriteitpersoonsgegevens.nl
You may also lodge a complaint with the data protection authority in your country of residence or place of work within the EU/EEA. Filing a complaint does not require an attorney and is free of charge. We encourage you to contact us first to resolve any concerns.
14. Processing Activities Summary (Art. 13 GDPR)
| Data Category | Purpose | Legal Basis | Retention Period |
|---|---|---|---|
| Email address | Account management, authentication, support | Contract (Art. 6.1.b) | Until account deletion |
| Authentication hash (zero-knowledge) | Password verification without storing password | Contract (Art. 6.1.b) | Until account deletion |
| Machine fingerprint (hashed) | License device binding and enforcement | Contract (Art. 6.1.b) | Until account deletion |
| IP address (activation logs) | Rate limiting, security, license activation audit | Legitimate interest (Art. 6.1.f) | 90 days (anonymized); entries deleted after 1 year |
| IP address (download analytics) | Geolocation analytics via ipwho.is | Legitimate interest (Art. 6.1.f) | Not stored by us; country/city retained 90 days |
| Payment details | Processing one-time license purchases | Contract (Art. 6.1.b) | Tax/accounting retention (7 years) |
| Session tokens | Maintaining login sessions on website | Contract (Art. 6.1.b) | Duration of session or 24 hours (whichever is shorter) |