Privacy Policy

This is a convenience translation. The German version is legally binding.

1. Controller

cilku.io DOOEL
Bratstvo Edinstvo Br. 70, 1250 Debar, North Macedonia
Email:

2. Core principle of redact.al

redact.al has been developed according to the Privacy by Design principle. The anonymisation of your texts takes place exclusively locally in your browser. Neither the texts you enter nor the recognised entities nor the mapping table (Vault) are transmitted to our servers.

The NER model (Named Entity Recognition) is downloaded into your browser the first time the application is loaded and runs entirely offline thereafter. You can verify this at any time using your browser's network console.

3. What data we process

3.1 Account data

On registration and during use we store:

• Name and email address
• Hashed password (not in plain text)
• Time of registration and sign-in / security activity on your account (see §3.6)
• Assigned licence and role (user, team manager, admin)

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

3.2 Licence administration

We store information on licence validity (domain, type, expiry date, number of seats) in order to control access to the application. A daily licence check runs server-side.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

3.3 Server log files

When our servers are accessed, technical access data is processed in a server log file:

• IP address
• Date and time of access
• Requested URL and HTTP status code
• Browser type and operating system (user agent)

This data is required to ensure technical operation and to detect attempted attacks. Server log files are automatically and irreversibly deleted within 24 hours at the latest. No longer-term storage or evaluation of the full log files takes place. IP addresses are not linked to user accounts.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the technical security and integrity of the service).

3.4 IP blocks to protect against abusive access

To protect our servers against automated attack attempts (e.g. unauthorised access to paths such as /.env, /admin or similar typical attack targets), we use the fail2ban tool. fail2ban evaluates the server log files within the 24-hour window. If abusive behaviour is detected, the offending IP address is added to the firewall block list.

The firewall block list stores only the IP address and the time at which the block expires. No log data, request paths, user agents or user accounts are linked to blocked IP addresses. Once the block period expires, the entry is automatically removed.

Block duration: up to 365 days, depending on the severity and frequency of the detected violation.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in protecting the service against abusive access).

3.5 Contact form

If you send us a message via the contact form, we store your name, your email address and the contents of your message in order to process your enquiry. This data is deleted once processing is complete, unless statutory retention obligations require otherwise.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries).

3.6 Sign-in and security audit log

To make security-relevant actions on your account traceable, we record the following events with a timestamp:

• Successful and failed sign-ins
• Password changes, resets and initial password set events
• Activation, deactivation and recovery-code regeneration of two-factor authentication
• Registration and removal of passkeys (WebAuthn)
• Exercise of data-subject rights (e.g. Art. 15 GDPR data export)
• Administrative actions performed on your account by our team (e.g. deactivating an account, changing a licence)

The contents of your processing — entered texts, recognised entities, pseudonym mappings — are never logged, since they never reach our servers (see §2 and §4). The Art. 15 GDPR data export available in the "Settings" area only contains audit entries that relate to you personally; operational actions an administrator performed on other accounts are not part of your export.

Legal basis: Art. 6(1)(f) GDPR in conjunction with §32 BDSG (legitimate interest in IT security, abuse detection and accountability obligations toward supervisory authorities).

4. What we expressly do NOT process

• The texts or documents you enter
• Recognised entities (names, addresses, IBANs, etc.)
• The mapping table (Vault) between original data and pseudonyms
• Session contents or anonymisation results

This data remains exclusively within your browser's IndexedDB and is never transmitted to our servers. It is technically impossible for us to access this data.

5. Cookies

redact.al uses functional cookies: an authentication cookie to maintain the session after sign-in (legal basis: §25(2) No. 2 TDDDG, no consent required) and, if you reach our site via a sales partner's referral link (format /r/<id>), a referral cookie redactal_referrer valid for 90 days. This cookie is set only when such a referral link is opened, never on a direct visit. It stores only the anonymous identifier of the referring sales partner and serves to attribute the referral to the responsible sales contact for commission accounting in the event of a later contract. It is not used for tracking, analytics, marketing or third-party purposes. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in commission accounting with our sales partners). You can delete the referral cookie at any time via your browser's cookie settings; deletion ends the attribution. No tracking, analytics, marketing or third-party cookies are used.

6. Server location, administration and processing on behalf

The servers for redact.al are operated at Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Personal data is held exclusively on servers within the European Union. All components of the infrastructure, including backup, monitoring and other operational services, are hosted exclusively at Hetzner Online GmbH in Germany. No content delivery network and no external analytics, tracking, marketing or monitoring services are used.

The servers are administered by the controller exclusively from a workstation located in Germany. All administrative access to the servers takes place from this German workstation. This ensures that personal data is at no point processed on devices or in networks outside the European Union.

For the dispatch of transactional emails (registration confirmation, password reset, licence and contract notifications) we use IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany.

A processing on behalf agreement pursuant to Art. 28 GDPR is in place with both processors. No personal data is transmitted to any further recipients.

7. Retention period

We store personal data only for as long as is necessary for the respective purposes.

• Account data (email, password hash, team membership, licence assignment): until termination of the contractual relationship plus a grace period of 14 days. The entire account record is then irreversibly deleted.
• Server access logs: a maximum of 24 hours, after which they are automatically and irreversibly deleted.
• Firewall block list (following automatically detected abuse): up to 365 days, storing only the IP address and the unblock time.
• Audit log of sign-in and security activity (§3.6): 365 days, after which entries are automatically and irreversibly deleted by a daily background job.
• Transactional emails at the mail provider IONOS: in accordance with the processor's retention policies; redact.al itself does not store sent emails.

8. Necessity of provision

Providing your email address is contractually required in order to enter into a contract and use redact.al. Without a valid email address we cannot create an account for you or grant you access to the service. There is no statutory obligation to provide it. Consequence of non-provision: no contract with cilku.io DOOEL for the use of redact.al will come into existence.

9. Automated decision-making

Automated decision-making, including profiling within the meaning of Art. 22 GDPR, does not take place at redact.al. No automated assessments, risk classifications or decisions producing legal effects in relation to you are made.

10. Consents and right of withdrawal

We process your personal data exclusively on the basis of Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest in the technical security of our servers). No processing on the basis of consent within the meaning of Art. 6(1)(a) GDPR takes place. A right to withdraw consent is therefore moot.

11. Data security

The connection to redact.al is end-to-end TLS-encrypted (HTTPS). Passwords are stored exclusively as bcrypt hashes. Access to the application requires a valid licence and an active user account.

12. Your rights

You have the right at any time to:

• Access to the data we hold about you (Art. 15 GDPR)
• Rectification of inaccurate data (Art. 16 GDPR)
• Erasure of your data (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Object to processing (Art. 21 GDPR)

To exercise your rights, please use our contact form or write to the address given in section 1

13. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is the Agency for Personal Data Protection of the Republic of North Macedonia (azlp.mk). Users in the EU may also contact the supervisory authority of their respective member state.

14. Changes

We reserve the right to amend this Privacy Policy in order to reflect changes in legal requirements or in functionality. The current version is always available on this page.