Privacy Policy (Datenschutzerklärung)

Last updated: April 9, 2026

Controller Information

This privacy policy applies to the processing of personal data by NETCUBE Inc. on the npass.io website and services. The controller responsible for data processing is:

NETCUBE Inc.
Kurfürstendamm 195
10707 Berlin, Germany
Email: global@netcube.com
Phone: +49 30 408174005

Data Protection Officer: datenschutz@netcube.com

Data Processing Overview

We process personal data to provide our npass.io service, which is a cloud-based Network Access Control (NAC) solution. The following sections describe what data we collect, why we collect it, and the legal bases for processing.

Website Usage Data

Server Logs

When you visit npass.io, our servers automatically record certain information:

IP address
Browser type and version
Operating system
Pages visited and time spent
Date and time of request
Referrer URL

Legal Basis: Legitimate interest in analyzing website performance and security (GDPR Article 6(1)(f))
Retention: 90 days

Cookies

We use cookies to improve your experience. See our Cookie Policy for detailed information.

Account Registration Data

To use npass.io, you must create an account. We collect:

Full name
Email address
Company/organization name
Password (hashed, not stored in plain text)
Phone number (optional)
Billing address

Legal Basis: Performance of contract (GDPR Article 6(1)(b))
Retention: For the duration of your account and 30 days after account deletion

Service Usage Data

When you use npass.io, we collect:

Authentication logs (login/logout events with timestamps)
Device information (device name, MAC address, IP address)
Network access requests and approvals
Security events and policy violations
API calls and usage statistics
Configuration changes and audit trail

Legal Basis: Performance of contract and legitimate interest in security (GDPR Article 6(1)(b) and (f))
Retention: 12 months for active data, up to 36 months for archived audit logs

Data Recipients and Processors

We share personal data with the following processors and sub-processors:

Amazon Web Services (AWS): Infrastructure hosting in Frankfurt (eu-central-1). Acting as a processor under a Data Processing Agreement.
Paddle: Payment processing and Merchant of Record. See Paddle's privacy policy at paddle.com/privacy.
Google Cloud (optional): IdP federation relay for single sign-on. Only used if you enable SSO integration.

All processors have signed Data Processing Agreements (DPA) ensuring GDPR compliance.

International Data Transfers

All personal data is processed within the European Economic Area (EEA). We do not transfer data outside the EEA except where explicitly authorized by you (e.g., if you use non-EEA third-party services through integrations). For any such transfers, we rely on appropriate safeguards including Standard Contractual Clauses.

Data Subject Rights

Under GDPR, you have the following rights:

Right of Access (Article 15): You can request a copy of your personal data at any time.
Right to Rectification (Article 16): You can request correction of inaccurate data.
Right to Erasure (Article 17): You can request deletion of your data (subject to legal retention obligations).
Right to Restriction (Article 18): You can request restriction of processing.
Right to Data Portability (Article 20): You can request your data in a machine-readable format.
Right to Object (Article 21): You can object to processing for marketing or profiling.

To exercise any of these rights, please contact us at datenschutz@netcube.com.

Right to Lodge a Complaint

If you believe we have violated your data protection rights, you have the right to lodge a complaint with your local supervisory authority. The competent authority for NETCUBE Inc. is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstraße 219
10969 Berlin, Germany
Email: mailbox@datenschutz-berlin.de
Phone: +49 30 13889-0

Automated Decision-Making

We do not use automated decision-making or profiling in a way that produces legal or similarly significant effects on you.

Changes to This Policy

We may update this privacy policy from time to time. When we make material changes, we will notify you via email or by posting a notice on our website. Your continued use of npass.io after such changes constitutes your acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or our data handling practices, please contact us:

Email: datenschutz@netcube.com
Data Protection Officer: datenschutz@netcube.com
General Inquiries: global@netcube.com

German Version (Datenschutzerklärung): A German version of this privacy policy is available upon request. In case of any discrepancy between the English and German versions, the German version shall prevail for GDPR compliance purposes.