Privacy Policy

Last updated: May 13, 2026

1. Controller

The controller responsible for the processing of personal data within the meaning of the General Data Protection Regulation (GDPR) is:

VidiScope GmbH
Römerstr. 27
89250 Senden
Germany
Commercial Register: HRB 22291, Amtsgericht Memmingen

Managing Director: Valentin Schierhuber
Phone: +49 731 25072700
Email: privacy@vidiscope.com

2. General Principles

We process personal data exclusively on the basis of statutory provisions (GDPR, German Federal Data Protection Act BDSG, Telecommunications and Telemedia Data Protection Act TTDSG). This policy informs you about the nature, scope and purpose of the processing of personal data when visiting this website and using our products and services.

3. Hosting and Provision of the Website

This website is hosted by Strato AG, Pascalstr. 10, 10587 Berlin, Germany, on servers located in Germany. A data processing agreement pursuant to Art. 28 GDPR is in place.

When accessing the website, the following information is automatically transmitted by your browser to our server and stored in server log files:

• IP address of the requesting device
• Date and time of access
• Name and URL of the file requested
• Amount of data transferred
• HTTP status code
• Browser type and browser version
• Operating system
• Referrer URL (the previously visited page)

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in stable and secure operation of the website).
Retention: Log files are deleted after 14 days as a rule, unless a longer retention is required for security reasons (e.g. for the investigation of an attack).

4. Cookies and Local Storage

This website only uses technically necessary cookies required for operation:

• Session cookie (vidiscope_session): maintains your session, e.g. to keep you signed in. Deleted when you close your browser or after 120 minutes of inactivity at the latest.
• CSRF token (XSRF-TOKEN): protects against cross-site request forgery attacks. Same lifetime as the session cookie.
• Language preference: stores your selected language (DE/EN) so the site appears in the same language on your next visit.
• Admin locale (admin_locale): only set when you are logged into the admin panel.

No tracking via cookies or comparable third-party technologies takes place.

Legal basis: § 25(2)(2) TTDSG (strictly necessary) and Art. 6(1)(f) GDPR (legitimate interest).

5. Bot Protection (Cloudflare Turnstile)

To protect our forms from automated requests (bots) we use Cloudflare Turnstile (Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA, with European data centers). When loading a form, technical information (e.g. IP address, browser properties, a single-use token) is transmitted to Cloudflare in order to determine whether you are a human or a bot.

Cloudflare states that Turnstile does not set tracking cookies and that data is processed solely for bot detection. Transmission to the USA takes place on the basis of EU Standard Contractual Clauses and Cloudflare's certification under the EU-US Data Privacy Framework.

In addition, we operate our own server-side spam filter on form submissions. It evaluates technical signals (e.g. IP address, time between form rendering and submission, content patterns such as random character sequences, email domain) in order to detect and silently discard obvious bot submissions. The check happens in real time on our server; no data is transmitted to third parties for this purpose. Blocked submissions are logged for a limited period (server log files, see Section 3) for security analysis only.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in protecting our infrastructure against abusive requests). Further information: cloudflare.com/privacypolicy.

6. Contact, Demo and Waitlist Forms

If you contact us via the contact form, a demo request or a product waitlist, we process the data you provide (e.g. name, email, phone, company name, message) in order to respond to your inquiry and prepare a potential contractual relationship.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures / performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest in efficient handling of inquiries).
Retention: We keep your inquiry as long as necessary to handle it, then in accordance with statutory retention periods (in particular § 257 HGB, § 147 AO) or for as long as you do not object.

7. Email Communication and Delivery

When you send us an email or receive a transactional message from us, your email address and the content of the message are processed by our mail server (Strato AG, Berlin) and our SMTP infrastructure. Outgoing messages are authenticated via SPF, DKIM and DMARC to protect against spoofing.

Legal basis: Art. 6(1)(b) GDPR (contract initiation) and Art. 6(1)(f) GDPR (secure communication).

8. Customer Account and SaaS Use

When using our products and creating a customer account we process the data required for contract fulfilment (e.g. login and master data, company data, usage and billing data, license keys).

Legal basis: Art. 6(1)(b) GDPR.
Retention: During the term of the contract and for the duration of any statutory retention periods.

9. Payment Processing

Online payment processing via third-party providers is currently technically prepared but not yet active on this website. Once we use payment service providers in production (in particular Stripe – Stripe Payments Europe, Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland; possibly SumUp), this policy will be supplemented with:

• Name and seat of the payment service provider
• Categories of data transmitted (e.g. name, email, payment method)
• Purpose and legal basis of the transmission
• Link to the payment provider's privacy policy
• Information on transfers to third countries (where relevant)

While these providers are not active, no payment data is transmitted to them.

10. Disclosure to Third Parties

Your personal data will only be passed on to third parties if:

• you have given your express consent (Art. 6(1)(a) GDPR),
• the disclosure is necessary for performance of a contract (Art. 6(1)(b) GDPR),
• there is a legal obligation to do so (Art. 6(1)(c) GDPR), or
• disclosure is necessary to safeguard legitimate interests and there are no overriding interests on your part (Art. 6(1)(f) GDPR).

Where we use processors (e.g. hosting providers, mail delivery, payment service providers), this takes place on the basis of a data processing agreement (DPA) pursuant to Art. 28 GDPR.

11. Transfers to Third Countries

Personal data is transferred to countries outside the EU/EEA only if an adequacy decision of the European Commission exists, appropriate safeguards (e.g. EU Standard Contractual Clauses) are in place, or an exception under Art. 49 GDPR applies.

12. Your Rights as a Data Subject

Subject to the statutory requirements, you have the following rights:

• Right of access to the data stored about you (Art. 15 GDPR)
• Right to rectification of inaccurate data (Art. 16 GDPR)
• Right to erasure of your data (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR)
• Right to withdraw consent with effect for the future (Art. 7(3) GDPR)

Please direct your request to: privacy@vidiscope.com.

13. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The competent authority is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany, www.lda.bayern.de.

14. Changes to this Privacy Policy

We update this privacy policy when changes to our data processing make this necessary (e.g. when activating Stripe). The current version is always available at https://vidiscope.com/datenschutz.