Privacy Policy (Data Protection Notice) – Speedbits / Infinity Tools

Smart In Venture GmbH
Last Updated: 2025-12-25

This Privacy Policy explains how Smart In Venture GmbH (“we”, “us”, “our”) processes personal data when you visit our websites, create an account, purchase or use our products (Speedbits / Infinity Tools), use our SaaS services, activate perpetual licenses, or contact support.

We are committed to protecting your privacy and processing personal data in compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the German TDDDG/TTDSG cookie rules, and other applicable privacy laws depending on your location.

If you have questions about this Privacy Policy, please contact us using the details in Section 2.

1. Who This Privacy Policy Applies To

This Privacy Policy applies to:

visitors of our websites (e.g., speedbits.io and related domains),

customers and users of Speedbits / Infinity Tools,

trial and community version users,

SaaS users and administrators,

purchasers (including those purchasing through a Merchant of Record),

anyone who contacts our support team.

2. Controller and Contact
Controller (Data Controller under GDPR)

Smart In Venture GmbH
Gleueler Str. 245–249
50935 Cologne (Köln), Germany
Email: info@smartinventure.com

Website: www.speedbits.io

Data Protection Contact

Email: privacy@speedbits.io
(recommended to set up)
If you do not have a dedicated privacy mailbox, you may use: info@smartinventure.com

(If you appoint a Data Protection Officer (DPO), add name/contact here. If you do not have one, you may omit the DPO section.)

3. Categories of Data We Process

Depending on how you interact with us, we may process:

3.1 Website and Usage Data

IP address (usually in shortened/anonymized form where possible)

device information (browser type/version, operating system)

referrer URL, pages visited, time spent, click behavior

date/time of access

cookie identifiers (if you consent to non-essential cookies)

3.2 Account and Contract Data

name, email address

company name (if provided)

billing address (where required)

purchase records and license details

communication history

3.3 SaaS Product Data

account identifiers (user ID, email)

usage events (feature usage, performance metrics)

configuration details (e.g., settings you choose)

optional: content and data you upload into the SaaS (depending on product features)

3.4 License Activation and Server Information (Perpetual Licensing)

machine identifiers (“Machine ID”), server identifiers, and related technical fingerprints

activation timestamps and license seat usage

version information (installed version, update status)

3.5 Support and Error Log Data

support requests and correspondence

system details provided by you (OS, environment, version)

error logs and diagnostic data (potentially including IP address and usernames, depending on log content)

files you upload for troubleshooting (only when voluntarily provided)

3.6 Payment and Transaction Data

Payment processing is handled primarily by our Merchant of Record (FastSpring). We do not receive full payment card data. Depending on your purchase method, we may receive:

purchase confirmation, subscription status

transaction ID / order ID

billing name/address (if required for invoicing/tax)

VAT ID (if applicable)

refund/chargeback status

4. Purposes and Legal Bases (GDPR Art. 6)

We process personal data only when we have a legal basis.

4.1 Website Operation and Security

Purpose: website display, performance, security, prevention of abuse, troubleshooting
Legal basis: Art. 6(1)(f) GDPR (legitimate interest)
Legitimate interest: secure and reliable website operation

4.2 Self-Hosted Matomo Analytics

Purpose: analyze website usage and improve content and performance
Legal basis:

For EU/EEA/UK users: typically consent (Art. 6(1)(a) GDPR) if cookies or tracking identifiers are used

If Matomo is configured in a privacy-friendly way (without cookies, with IP anonymization, no fingerprinting): legitimate interest (Art. 6(1)(f) GDPR) may be used

We operate Matomo on our own infrastructure (“self-hosted Matomo”).
We do not sell this data and do not use it to identify you.

(Important: your actual legal basis depends on how Matomo is configured. See Section 9.)

4.3 Account Registration and User Management

Purpose: create and administer accounts, manage authentication, provide access to SaaS and licensed products
Legal basis: Art. 6(1)(b) GDPR (performance of contract / pre-contract steps)

4.4 Providing SaaS Services

Purpose: provide SaaS functionality, store and process data you submit, ensure service stability and security
Legal basis: Art. 6(1)(b) GDPR (contract)
Where we process personal data on behalf of business customers in SaaS, we act as processor and may enter into a Data Processing Agreement (DPA) under Art. 28 GDPR.

4.5 Perpetual License Activation (Machine Binding)

Purpose: license compliance, server-based licensing, preventing fraud, enabling activation and transfers
Legal basis: Art. 6(1)(b) GDPR (contract) and/or Art. 6(1)(f) GDPR (legitimate interest)
Legitimate interest: preventing misuse and ensuring lawful licensing

4.6 Support, Troubleshooting, and Error Logs

Purpose: responding to requests, diagnosing problems, improving reliability
Legal basis: Art. 6(1)(b) GDPR (contract) and/or Art. 6(1)(f) GDPR (legitimate interest)
If you send us sensitive data or special categories of personal data voluntarily, please avoid doing so unless necessary.

4.7 Billing, Accounting, Taxes

Purpose: invoicing, tax compliance, accounting records
Legal basis: Art. 6(1)(c) GDPR (legal obligation) and Art. 6(1)(b) GDPR (contract)

4.8 Marketing Communications

We do not use CRM systems and do not conduct automated profiling or targeted advertising.
If we send newsletters, we do so only with your explicit consent (Art. 6(1)(a) GDPR) and you may unsubscribe at any time.

5. Recipients of Personal Data

We only share personal data when necessary for the purposes described above.

5.1 Hosting and Infrastructure

Hetzner Online GmbH (hosting / server infrastructure)

GitHub, Inc. (repository hosting, issue tracking, and software distribution where used)

5.2 Merchant of Record / Payment Processing

FastSpring (Merchant of Record, payment processing, tax/VAT handling, invoicing, refund processing)

5.3 Support and Error Logs

We may store support emails and attachments. If we use third-party error monitoring tools in the future, we will list them here and update the policy accordingly.

We do not use CRM platforms.

6. Merchant of Record (FastSpring) – Important Information

In some regions or sales channels, purchases are processed by FastSpring, acting as Merchant of Record (MoR). This means FastSpring is the contractual seller of record and handles:

payment processing,

invoicing and tax/VAT,

refunds and chargebacks.

FastSpring processes personal data as independent controller for payment and compliance purposes.
Please also review FastSpring’s privacy policy, which applies to transactions processed by FastSpring.

We receive only the transaction information necessary to provide the Software and to manage licenses and customer support (e.g., purchase confirmation, license scope, and billing status).

7. International Data Transfers

We are based in Germany and primarily store data on infrastructure located in the EU (Hetzner).
However, some service providers (e.g., GitHub, FastSpring) may process data outside the EU/EEA, including in the United States.

Where personal data is transferred to third countries, we rely on appropriate safeguards such as:

adequacy decisions (where available),

Standard Contractual Clauses (SCCs),

or other legally permitted transfer mechanisms.

8. Retention and Deletion

We store personal data only as long as necessary for the purposes described or as required by law.

Typical retention periods include:

Website logs: generally a limited period (e.g., 7–30 days), unless required longer for security investigation

Account data: for as long as your account remains active; after deletion request, we delete or anonymize data unless legal retention obligations apply

Contract and billing records: retained as required by commercial and tax law (typically 6–10 years under German law)

Support records: retained for a reasonable period to handle follow-ups and improve reliability

License activation data: retained for license enforcement and fraud prevention, typically for the lifetime of the license and reasonable time thereafter

If you request deletion, we will delete data unless we must retain it due to legal obligations or to establish, exercise, or defend legal claims.

9. Cookies and Tracking Technologies
9.1 Cookies

Cookies are small text files stored on your device. We use cookies for:

Strictly necessary cookies (essential): required for website operation (e.g., login session, security)

Analytics cookies (optional): used for measuring and improving our website (Matomo)

9.2 Consent Requirements (EU/EEA/UK)

Under EU rules and German cookie laws (TTDSG/TDDDG), we generally require your opt-in consent before placing non-essential cookies or accessing non-essential tracking information on your device.

Strictly necessary cookies do not require consent.

9.3 Matomo (Self-Hosted)

We use self-hosted Matomo to understand how our website is used and improve it.
Depending on configuration:

If Matomo uses cookies or comparable identifiers, we request consent before enabling it.

If Matomo is configured without cookies and with IP anonymization, we may run it based on legitimate interest.

9.4 How to Manage Cookies

You can manage cookie preferences via our cookie banner (where available). You can also delete cookies or block cookies in your browser settings.

10. Your Rights (GDPR)

If you are located in the EU/EEA or otherwise subject to GDPR, you have rights including:

Right of access (Art. 15 GDPR)

Right to rectification (Art. 16 GDPR)

Right to erasure (“right to be forgotten”) (Art. 17 GDPR)

Right to restriction (Art. 18 GDPR)

Right to data portability (Art. 20 GDPR)

Right to object (Art. 21 GDPR), especially where processing is based on legitimate interest

Right to withdraw consent at any time (Art. 7 GDPR)

To exercise your rights, contact us at privacy@speedbits.io
or info@smartinventure.com
.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR), particularly in the EU member state of your habitual residence, place of work, or the place of the alleged infringement.

For Germany, the competent supervisory authority depends on your federal state (Bundesland).

11. Security Measures

We use appropriate technical and organizational measures to protect personal data, such as:

encryption in transit (TLS) where possible,

access controls and least-privilege access,

regular updates and patching,

secure hosting infrastructure (Hetzner),

monitoring and logging for security events.

No system can guarantee 100% security. If a data breach occurs, we will act in accordance with legal requirements.

12. Automated Decision-Making / Profiling

We do not use automated decision-making that produces legal effects concerning you or similarly significantly affects you (Art. 22 GDPR).
We do not engage in profiling for advertising purposes.

13. Children

Our products and services are not intended for children under 16. We do not knowingly collect personal data from children.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal changes or changes in our services.
The “Last Updated” date will be updated accordingly. Significant changes will be communicated where appropriate.

15. Contact

For privacy inquiries, please contact:

Smart In Venture GmbH
Gleueler Str. 245–249
50935 Köln, Germany
Tel.: +49 221 67002150
Fax: +49 221 67002151
Email: info@smartinventure.com

Company Website: www.smartinventure.com

Product Website: www.speedbits.io

CEO: Dr. Martin Weihrauch
Registered: Amtsgericht Köln HRB 109490
VAT ID: DE357398390