Privacy Notice

OGC API Processes — Secure Dimensions GmbH · Effective date: May 2026
Data controller: Secure Dimensions GmbH, Munich, Germany · privacy@secure-dimensions.de

    Summary.
    We collect your name and email address solely to personalise the service and to contact you
    regarding account privileges. We do not share your personal data with any third party.
    You can request complete deletion of your data at any time using the
    Forget Me button in the dashboard Settings page.
  

1. Who We Are

Secure Dimensions GmbH ("Secure Dimensions", "we", "us", "our") operates the OGC API Processes service. We are the data controller for personal data processed in connection with this service.

Contact: privacy@secure-dimensions.de

2. What Personal Data We Collect and Why

2.1 Name

User name

Data collectedYour display name as provided by your AUTHENIX identity provider (e.g. "Alice Smith")

PurposeSalutation — to address you personally in the admin panel, email notifications, and service communications

Legal basisLegitimate interest (Article 6(1)(f) GDPR) — necessary to provide a personalised and user-friendly interface

SourceRetrieved from the AUTHENIX UserInfo endpoint at login. Never collected from a form.

RetentionUntil you use the Forget Me function or your account has been inactive for 12 months

2.2 Email Address

Email address

Data collectedYour email address as provided by your AUTHENIX identity provider

PurposeTo contact you when there are questions regarding a scope (privilege) upgrade request you have submitted, or to notify you when access has been granted or denied

Legal basisLegitimate interest (Article 6(1)(f) GDPR) — necessary to process and respond to your privilege requests

SourceRetrieved from the AUTHENIX UserInfo endpoint at login. Never collected from a form.

RetentionUntil you use the Forget Me function or your account has been inactive for 12 months

2.3 AUTHENIX Subject Identifier (sub)

Subject identifier

Data collectedA unique pseudonymous identifier (UUID) assigned by AUTHENIX to your account

PurposeTo link your job submissions, deployed processes, and privilege grants to your account across sessions

Legal basisLegitimate interest (Article 6(1)(f) GDPR) — necessary to operate the service correctly

SourceReturned by AUTHENIX as part of the access token introspection response

RetentionUntil you use the Forget Me function or your account has been inactive for 12 months

3. Data We Do Not Collect

We do not collect passwords — authentication is handled entirely by AUTHENIX
We do not collect payment information
We do not collect geolocation data
We do not use tracking pixels, analytics scripts, or advertising cookies
We do not build profiles for advertising purposes

4. No Third-Party Sharing

    Your personal data is not forwarded to any third party.
    Name, email address, and subject identifier are stored exclusively within the
    infrastructure operated by Secure Dimensions GmbH and are never sold, rented,
    or disclosed to external organisations, advertisers, or data brokers.
  

The only external service involved is AUTHENIX (authenix.eu), which acts as the identity provider. Your relationship with AUTHENIX is governed by AUTHENIX's own privacy policy. Secure Dimensions does not control what AUTHENIX stores about you.

Process results are stored on IPFS (InterPlanetary File System) via a locally operated Kubo node. Results are content-addressed by their hash (CID) and contain only the output of your processing jobs — no personal data.

5. Data Security

All access tokens are held in browser memory only — never written to disk or cookies
Server-side data is stored in Redis, accessible only within the service infrastructure
All API communication is protected by TLS
Admin privileges are required to view user records
Process containers run in a fully isolated environment with no network access by default

6. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR) you have the right to:

Access — request a copy of the personal data we hold about you
Rectification — request correction of inaccurate data (note: name and email are sourced from AUTHENIX; corrections should be made there)
Erasure ("right to be forgotten") — request deletion of all personal data we hold about you
Restriction — request that we restrict processing of your data
Portability — receive your data in a machine-readable format
Object — object to processing based on legitimate interest
Lodge a complaint — with the supervisory authority in your country or the Bavarian State Office for Data Protection Supervision (BayLDA) in Germany

7. Forget Me — Right to Erasure

The Forget Me function permanently deletes all personal data we hold about you from our systems. This includes your name, email address, subject identifier, privilege grants, and job history. This action cannot be undone.

You can exercise this right directly from the dashboard:

Sign in to the dashboard
Navigate to Settings
Click the Forget Me button
Confirm the deletion

Alternatively, send a written request to privacy@secure-dimensions.de from the email address associated with your account. We will process your request within 30 days as required by GDPR Article 17.

Note: The Forget Me function removes your data from our service only. Any data held by AUTHENIX about your account must be deleted separately through AUTHENIX's own account management.

8. Contact

For any privacy-related questions or to exercise your rights, please contact:

Secure Dimensions GmbH
Privacy / Data Protection
Munich, Germany
privacy@secure-dimensions.de

9. Changes to This Notice

We may update this Privacy Notice from time to time. The effective date at the top of this page reflects the date of the most recent revision.