Privacy Policy
Last Updated: May 2026
Our data processing is GDPR compliant and follows German data protection standards. This statement transparently describes what data we collect and how we protect it.
Data Controller:
Dominik Tirschler
dominik.tirschler@scrylab.de
https://scrylab.de
What Data We Collect
License Data
When activating a license, the following data is stored on our servers:
| Data | Purpose | Retention |
|---|---|---|
| Email address | License delivery and communication | 2 years after expiry |
| Device ID (SHA-256 hash) | License binding to prevent sharing | 2 years after expiry |
| Platform | License validation (linux/windows/macos) | 2 years after expiry |
| Subscription status | Access control | Until subscription ends |
The device ID is a SHA-256 hash of local hardware characteristics and cannot be reversed. It does not directly identify your device or your person.
Users of the free (non-commercial) version do not activate a license key and no data is sent to our servers unless you explicitly opt in to telemetry (see below).
Anonymous Telemetry (Opt-In Only)
By default, ScryLab collects no usage data. On first launch, you are offered a voluntary opt-in for anonymous usage statistics. You can change this at any time in Settings > General > Privacy.
If you opt in, the following anonymous, aggregated data is collected:
| Data | Examples | Purpose |
|---|---|---|
| Daily ID (rolling hash) | Changes every midnight | Deduplication without tracking |
| Date | 2026-05-10 | Daily aggregation |
| License tier | commercial / non-commercial | Feature analytics |
| App version | 0.1.4 | Compatibility tracking |
| Platform | linux | System requirements |
| Event counters | app_start: 2, file_load_mf4: 5, plot: 3 | Feature usage |
| Session count | 2 | Usage frequency |
| Total session minutes | 47 | Usage depth |
| Numeric metrics | total_samples_plotted, api_samples_sent | Performance analytics |
| Crash count | 0 | Stability monitoring |
The daily ID is derived from a hashed device fingerprint and the date and rotates daily at midnight. Two days from the same device cannot be linked together. Your device ID itself is never transmitted.
Never collected:
- File contents, signal payloads, or project data
- File paths or file names
- IP address (beyond standard server logs, see below)
- Hostname or directly identifying information
Upload timing: Telemetry is aggregated locally throughout the day. Upload attempts happen at app startup and periodically while the app is running. If an upload fails (for example offline), it is retried on the next attempt.
Withdrawal: Disabling telemetry in Settings > General > Privacy immediately deletes all locally queued telemetry data and stops any further collection and upload.
Website
Only standard server logs (IP address, browser) for security purposes. No cookies. No tracking.
Data Security
- Servers in Germany (EU)
- Encrypted connection (HTTPS / TLS)
- No sharing with third parties
- GDPR retention: telemetry data is automatically deleted after 12 months
Your Rights
You can at any time:
- Request access to your data
- Request correction of inaccurate data
- Request deletion of your data (license data is deleted after expiry; telemetry data is anonymous and cannot be assigned back to you)
- Withdraw telemetry consent at any time via Settings > General > Privacy
For questions or requests, contact support@scrylab.de. You can also file a complaint with the data protection authority (BfDI).