← Back

Privacy Policy

Last updated: April 11, 2026

1. Controller

Sascha David Domingo
Finther Landstraße 69B
55124 Mainz, Germany
Email: info@blindlock.app
Phone: Available upon request via email

A Data Protection Officer has not been appointed as the conditions under Art. 37 GDPR are not met.

2. Principles

BlindLock is designed with privacy as its core principle:

• We do not collect, transmit, or store your passwords, files, or vault contents.
• We do not have access to your encryption keys or PIN.
• We do not use analytics, tracking, or telemetry.
• We do not use cookies.
• We do not share personal data with third parties, except as necessary for payment processing through our payment provider.

3. Data Processed and Legal Basis

a) License Validation

Your license key and an anonymized hardware identifier are sent to our server periodically (approximately once per week) to verify your license.

• Legal basis: Art. 6(1)(b) GDPR (performance of contract)
• Retention: Duration of the license agreement, then 30 days

b) Update Checks

Your app version and platform are sent to check for available updates.

• Legal basis: Art. 6(1)(b) GDPR (performance of contract)
• Retention: No persistent storage; processed only to respond to the request

c) Server Logs

Each access to our server automatically generates log data (IP address, timestamp, HTTP method, response code). These are used solely for operational and security purposes.

• Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operational security)
• Retention: Maximum 7 days, then automatically deleted

d) Payment Processing via Paddle

Payment processing is handled by Paddle.com Market Ltd as Merchant of Record. Paddle processes your payment data (name, email, payment method) as an independent controller. We receive only your email address and order number from Paddle for license issuance.

• Legal basis: Art. 6(1)(b) GDPR (performance of contract)
• Paddle's privacy policy: paddle.com/legal/privacy

e) Email Communication

If you contact us by email, your information is stored to process your inquiry.

• Legal basis: Art. 6(1)(b) or Art. 6(1)(f) GDPR
• Retention: Until your inquiry is fully resolved, maximum 2 years

4. Data Storage

All sensitive data (passwords, files, notes, keys) is stored exclusively on your device, encrypted and bound to your hardware. We have no means to access or recover this data.

5. Server Infrastructure

Our license validation server is located in a data center in Germany. All communication uses HTTPS encryption. We do not transfer personal data to countries outside the EU/EEA.

Paddle as payment provider may process data outside the EU. Paddle uses Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR for such transfers.

6. Your Rights (GDPR)

Under the EU General Data Protection Regulation, you have the following rights:

• Access (Art. 15 GDPR) — What data we hold about you
• Rectification (Art. 16 GDPR) — Correction of inaccurate data
• Erasure (Art. 17 GDPR) — Deletion of your data
• Restriction (Art. 18 GDPR) — Restriction of processing
• Data Portability (Art. 20 GDPR) — Data in a machine-readable format
• Objection (Art. 21 GDPR) — Object to processing

To exercise these rights, contact us at info@blindlock.app.

7. Right to Lodge a Complaint

You have the right to lodge a complaint with the competent data protection supervisory authority:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
Postfach 30 40, 55020 Mainz, Germany
Phone: +49 6131 8920-0
www.datenschutz.rlp.de

8. Automated Decision-Making

No automated decision-making or profiling within the meaning of Art. 22 GDPR takes place.

9. Cookies and Tracking

The BlindLock application and this website use no cookies. No tracking, analytics, or advertising services are used. The website stores only a language preference in your browser's local storage — this is technically necessary and not a cookie under the ePrivacy Directive.

10. California Privacy Rights (CCPA)

We do not sell personal information and have never done so. California residents have the right under the California Consumer Privacy Act (CCPA) to request disclosure of the categories of personal data collected, request deletion of their data, and not be discriminated against for exercising their rights. Requests may be directed to info@blindlock.app.

11. Changes

We may update this privacy policy. Changes will be posted on this page with an updated date. For material changes, we will notify you by email if your email address is on file.