Skip to content
Portada » Privacy Policy

Privacy Policy

Privacy Policy

Last updated: 31/12/2025

This Privacy Policy describes how PicoKeys (“we”, “us”, or “our”) collects, uses, and protects personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR).


1. Data Controller

The data controller responsible for the processing of personal data is:

PicoKeys
Email: [email protected]


2. Personal Data We Collect

We only collect personal data that is strictly necessary to provide our services.

Depending on how you interact with PicoKeys, this may include:

  • Email address (used for license delivery, recovery, and support)
  • Purchase information (via Stripe, such as payment status and transaction identifiers)
  • License identifiers and technical usage data related to license activation
  • IP address (used temporarily for security, fraud prevention, and rate limiting)
  • Device registration status (whether a license has been used to register a device)
  • Billing information, where provided during checkout, such as name, country, billing address, VAT/tax information, and invoice details

We do not collect:

  • passwords
  • personal profiles
  • precise location data
  • unnecessary identifying information

3. Purpose of Processing

Personal data is processed for the following purposes:

  • To deliver digital licenses and software
  • To manage license activation and device registration
  • To provide download links and license recovery
  • To process payments and refunds
  • To comply with legal and accounting obligations
  • To prevent abuse, fraud, and unauthorized use
  • To provide customer support

Personal data is never used for advertising or profiling.


4. Legal Basis for Processing

Under GDPR, we process personal data based on one or more of the following legal bases:

  • Performance of a contract (Article 6(1)(b) GDPR):
    processing necessary to deliver the purchased license and software.
  • Legal obligation (Article 6(1)(c) GDPR):
    compliance with accounting and tax regulations.
  • Legitimate interest (Article 6(1)(f) GDPR):
    fraud prevention, security, and service integrity.
  • Consent (Article 6(1)(a) GDPR), where explicitly required.

5. Payment Processing

Payments are processed by Stripe. Depending on the processing activity, Stripe may act as an independent data controller or as a data processor in accordance with its own terms and data protection documentation.

We do not store credit card numbers or full payment card details on our servers.


6. Data Retention

Personal data is retained only for as long as necessary for the purposes described above:

  • License and activation records are retained for as long as necessary to provide the purchased license, prevent abuse, verify license status, and handle support or refund requests.
  • Purchase, invoice, accounting, and tax records are retained for the period required by applicable tax and accounting laws.
  • Temporary tokens, session data, and security-related logs are retained only for the time necessary for security, fraud prevention, troubleshooting, and rate limiting, unless a longer retention period is required to investigate abuse or comply with legal obligations.
  • Support communications are retained for as long as necessary to handle the request and maintain a record of the issue.

When personal data is no longer necessary, it will be deleted or anonymized.


7. Data Sharing

We do not sell, rent, or share personal data with third parties, except where strictly necessary:

  • Payment processing (Stripe)
  • Email delivery services (for transactional emails only)
  • Legal or regulatory authorities, when required by law
  • Hosting, infrastructure, database, and security providers used to operate the website, license server, and related services

All processors are subject to appropriate data protection agreements.


8. International Data Transfers

Some service providers used by PicoKeys, including payment, hosting, email, security, or infrastructure providers, may process personal data outside the European Economic Area.

Where such transfers occur, PicoKeys relies on appropriate safeguards under GDPR, such as adequacy decisions, Standard Contractual Clauses, or equivalent legal mechanisms.


9. Data Subject Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure (“right to be forgotten”), where applicable
  • Restrict or object to processing
  • Data portability, where applicable

Requests can be sent to: [email protected]

We may require verification of identity before processing a request.

You also have the right to lodge a complaint with a competent data protection supervisory authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD).


10. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

  • Secure storage and access controls
  • Encryption of sensitive data
  • Limited access to personal data
  • Monitoring and abuse prevention mechanisms

No system is completely secure, but we take reasonable steps to protect your data.

11. Automated Decision-Making

PicoKeys does not use personal data for automated decision-making, profiling, or advertising.


12. Cookies

Our website may use essential cookies required for basic functionality.
We do not use tracking or advertising cookies without explicit consent.


13. Changes to This Policy

This Privacy Policy may be updated from time to time.
The version in effect at the time of data collection will apply.


14. Contact

For any questions regarding this Privacy Policy or personal data processing, please contact:

[email protected]

PicoKeys is a registered European Union trade mark.