Claim Device Get Access

Privacy

Last updated: 2026-03-12

This Privacy Notice explains how we handle personal data when you use:

  • arcanagrow.io (website, blog, and membership/subscriptions),
  • lic.arcanasolis.com (license portal for users: sign-in, device management, and claiming/redeeming/refreshing a device license),
  • and any early tester application forms we use for Arcana Grow test rounds.

1) Who we are (Controller)

  • Controller: Dennis Rodewyk (“we”, “us”)
  • Address: Barmbeker Str. 140, 22299 Hamburg, Germany
  • Contact: privacy@arcanasolis.com

2) Personal data we collect / receive

A) Website membership/subscriptions

  • Account identifiers: email address (and optional name) in our membership/subscription system on arcanagrow.io.
  • Subscription status: tier, billing status, and membership metadata in our membership/subscription system on arcanagrow.io.
  • Payment data: payments are processed by Stripe; we do not receive your full card details. We may receive basic payment status and subscription information from Stripe.

B) License portal and license server

  • Email address: used for one-time-password (OTP) login to the license portal; stored in the license database in order to manage sessions and entitlements.
  • Session data: login/session identifiers (portal sessions) and security tokens/cookies.
  • Device identifiers: device fingerprint (device_fp, currently MAC-like) used to bind licenses to devices and to list/manage devices in the portal.
  • License artifacts: issued license tokens and issuance records (timestamps / expiry), vouchers, and claim sessions.
  • Technical data: IP address and request metadata in server/proxy logs (for security, abuse prevention, and troubleshooting).

C) Early tester applications

If you apply for an early tester round, we may collect the personal data you provide in the application form and in related follow-up communication.

We process personal data for:

  • Providing the service / contract performance: subscriptions, license issuance/refresh, device management in the portal, and related account access.
  • Reviewing and managing early tester applications (legitimate interests / steps prior to entering a contract): evaluating applications, selecting a balanced tester group, contacting applicants, organizing the test run, and managing tester participation.
  • Security and abuse prevention (legitimate interests): rate limiting, fraud/abuse detection, protecting accounts and infrastructure.
  • Compliance (legal obligation): accounting/tax records and responding to lawful requests (where applicable).
  • Support (legitimate interests / contract): diagnosing licensing, access, and tester/support issues.

4) Cookies and similar technologies

The license portal uses cookies for authentication and security:

  • sid (session cookie): required to stay signed in; set as HttpOnly, Secure, SameSite=Lax.
  • csrf (CSRF protection cookie): used to protect state-changing actions; set as Secure, SameSite=Lax.

These cookies are strictly necessary for the portal to work and are not used for advertising.

Retention (default behavior):

  • Portal session lifetime is configurable; default is 30 days unless you log out sooner.

5) Sharing / recipients (processors and third parties)

Depending on how you deploy the system, we may share or disclose personal data to:

  • Stripe (payment processing): payment processing and subscription billing.
  • Infrastructure providers: VPS/hosting provider(s) that run our website, license portal, database, backups, and email services.
  • Email delivery: if we send portal OTPs or application-related emails, these may be delivered through our self-hosted email infrastructure (SMTP) or another configured email provider.
  • Backups/monitoring: systems used for backups and operational monitoring (if enabled).
  • Form / survey provider: if we use a hosted form or survey tool for early tester applications, applicant data may be processed through that service.

We do not sell personal data.

6) International transfers

If our infrastructure providers, payment providers, or other service providers process data outside your country (including outside the EU/EEA), transfers may occur under appropriate safeguards (for example Standard Contractual Clauses).

  • Hosting region(s): Germany

Where relevant, personal data may be processed by payment, hosting, infrastructure, email, backup, or monitoring providers.

7) Retention (how long we keep data)

We keep personal data only as long as needed for the purposes above.

Typical retention (may be adjusted):

  • Membership/subscription data: for the duration of your membership and as needed for accounting, tax, and other legal obligations.
  • OTP codes: short-lived; expire within minutes; may be retained briefly for abuse prevention.
  • Portal sessions: retained until expiry (default ~30 days) and then removed.
  • Claim sessions / vouchers / issuance records: retained for a limited time as needed for audit, support, and abuse prevention, and then removed or minimized where appropriate.
  • Server / proxy logs: retained for a limited time (for example days to weeks) for security and troubleshooting.
  • Early tester application data: retained for as long as needed to review applications, contact applicants, manage the tester round, and handle related support or follow-up. If you are selected, relevant application data may be kept for the duration of the tester relationship and a reasonable period afterward. If you are not selected, application data will generally be kept only as long as reasonably needed for this tester round and related follow-up, unless a longer retention period is required for legal, security, or operational reasons.

8) Automated decisions

Licensing decisions (for example allowing or denying license refresh or OTA access) may be made automatically based on subscription status, entitlement availability (seats), and device identifiers. You can contact us if you believe a decision is incorrect.

9) Your rights

Depending on your location (and in particular within the EU/EEA), you may have rights to:

  • access your personal data,
  • correct inaccurate data,
  • request deletion,
  • object to or restrict certain processing,
  • data portability,
  • lodge a complaint with your supervisory authority.

10) How to request access / deletion / export

Email us at privacy@arcanasolis.com with:

  • the email address used for your website membership, license portal login, or early tester application,
  • a description of your request (for example access, export, correction, or deletion),
  • and, if relevant, the device fingerprint(s) shown in the portal.

We may need to verify your identity before fulfilling the request.

11) Changes to this notice

We may update this notice from time to time. We will post the latest version at https://arcanagrow.io/privacy and link it from the license portal login page (lic.arcanasolis.com) where appropriate.