Start Free Scan
Scanner Tutorial About Enterprise

Privacy Policy

Last Updated: March 7, 2026

πŸ”’ Zero-Storage Architecture: piisafe.eu does not store scan results, uploaded documents, or URLs you analyze. All processing occurs in-memory only, and results are delivered directly to your browser.

1. Data Controller

Responsible Entity:
Zenya Renewables B.V.
John M. Keynesplein 1
1066 EP Amsterdam, Netherlands
Email: privacy@piisafe.eu

2. Data We Collect

2.1 Technical Data (Minimal)

We collect only essential technical data required to operate the service:

  • IP Address: Temporarily logged for rate limiting and abuse prevention (not stored beyond session)
  • Browser Information: User agent string to ensure compatibility (anonymized in logs)
  • Timestamps: Request timestamps for rate limiting (deleted after 24 hours)

2.2 API Key Validation

If you provide a cloak.business API key:

  • The key is validated with the cloak.business API (Germany-based infrastructure)
  • The key is not stored on our servers
  • The key exists only in your browser session (localStorage)
  • You can clear it at any time by clearing browser storage

2.3 Scan Requests

When you initiate a website scan:

  • The URL you provide is processed in-memory only
  • Content is fetched, analyzed, and discarded immediately
  • No scan results are stored on our servers
  • Results are delivered directly to your browser via WebSocket or polling
  • No history or audit trail is maintained

2.4 Cookies

We use essential cookies only:

  • Session Cookie: Temporary session identifier for rate limiting (deleted on browser close)
  • No tracking cookies, analytics cookies, or advertising cookies are used

3. Data We Do NOT Collect

The following data is never collected or stored:

  • Scan results (PII findings, risk grades, entity lists)
  • Website content you analyze
  • URLs you scan (beyond temporary in-memory processing)
  • Exported reports (HTML, JSON, CSV)
  • Personal information about you (name, email, phone, etc.)
  • Browsing history or usage patterns
  • Analytics or behavioral tracking data

4. Third-Party Services

4.1 cloak.business API

PII detection is powered by the cloak.business API:

  • Location: Germany (EU data residency)
  • Data Sent: Text content from websites you scan
  • Data Retention: Zero (in-memory processing only)
  • GDPR Compliance: Full GDPR Article 28 compliance
  • Privacy Policy: cloak.business/legal/privacy

4.2 No Other Third Parties

We do not use:

  • Google Analytics or similar tracking services
  • Social media pixels or widgets
  • Advertising networks
  • CDNs that track users (all assets served from our domain)

5. Legal Basis for Processing (GDPR Art. 6)

We process minimal technical data under the following legal bases:

  • Legitimate Interest (Art. 6(1)(f)): Rate limiting and abuse prevention to ensure service availability
  • Contract Performance (Art. 6(1)(b)): Processing scan requests you initiate
  • Legal Obligation (Art. 6(1)(c)): Compliance with EU ePrivacy Directive and national telecom laws

6. Data Retention

We follow strict data minimization and retention limits:

  • Scan Data: Zero retention (in-memory only, deleted immediately after delivery)
  • API Keys: Zero retention (stored in your browser only)
  • IP Addresses: Deleted after 24 hours (rate limiting logs)
  • Session Cookies: Deleted on browser close
  • Server Logs: Anonymized after 7 days, deleted after 30 days

7. Your Rights Under GDPR

You have the following rights under the General Data Protection Regulation (GDPR):

7.1 Right of Access (Art. 15)

You can request confirmation of what personal data we process about you and obtain a copy.

7.2 Right to Rectification (Art. 16)

You can request correction of inaccurate personal data.

7.3 Right to Erasure (Art. 17 - "Right to be Forgotten")

You can request deletion of your personal data. Note: Due to our zero-storage architecture, no scan data exists to delete.

7.4 Right to Restriction (Art. 18)

You can request restriction of processing under certain conditions.

7.5 Right to Data Portability (Art. 20)

You can request your data in a structured, machine-readable format. Note: Scan results are already delivered to you in JSON/CSV format and not stored on our servers.

7.6 Right to Object (Art. 21)

You can object to processing based on legitimate interests.

7.7 Automated Decision-Making (Art. 22)

We do not use automated decision-making or profiling.

How to Exercise Your Rights:
Email privacy@piisafe.eu with your request. We will respond within 30 days as required by GDPR Art. 12(3).

8. Data Security

We implement industry-standard security measures:

  • Encryption in Transit: TLS 1.2+ for all connections (HTTPS)
  • Encryption at Rest: Not applicable (zero storage)
  • Infrastructure: German data centers with ISO 27001 certification
  • Access Controls: Principle of least privilege for server access
  • Rate Limiting: Protection against abuse and DDoS attacks
  • Regular Audits: Quarterly security assessments

9. International Data Transfers

All data processing occurs within the European Union:

  • Primary Infrastructure: Germany (EU)
  • API Provider (cloak.business): Germany (EU)
  • No Third-Country Transfers: No data is transferred outside the EU/EEA
  • GDPR Art. 44 Compliance: Full compliance with cross-border transfer restrictions

10. Children's Privacy

piisafe.eu is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@piisafe.eu.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will:

  • Update the "Last Updated" date at the top of this page
  • Notify users of material changes via email (if applicable)
  • Maintain previous versions for transparency (available on request)

Continued use of piisafe.eu after changes constitutes acceptance of the updated Privacy Policy.

12. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have violated your data protection rights:

Netherlands Data Protection Authority (Autoriteit Persoonsgegevens):
Website: autoriteitpersoonsgegevens.nl
Email: info@autoriteitpersoonsgegevens.nl

You may also contact your local data protection authority in your EU member state.

13. Contact Us

For privacy-related questions, requests, or concerns:

Data Protection Contact:
Email: privacy@piisafe.eu
Address: Zenya Renewables B.V., John M. Keynesplein 1, 1066 EP Amsterdam, Netherlands

We will respond to privacy inquiries within 30 days as required by GDPR.

Summary: Why Our Privacy Policy is Different

Zero-Storage Architecture: Unlike traditional web services, we genuinely do not store your data. This is not a marketing claimβ€”it's our technical architecture. All scan processing occurs in-memory and results are delivered directly to your browser. We cannot access, retrieve, or share your scan results because they simply don't exist on our servers.

Privacy by Design: Data minimization is built into every layer of piisafe.eu, from our infrastructure to our code. We don't collect data because we genuinely don't need it to provide the service.