Legal

Privacy Policy

Your privacy is fundamental to how we build and operate Dependra.

Last updated: March 1, 2026

Privacy at a Glance

Dependra is built on the principles of data sovereignty and GDPR compliance. Here's what you need to know:

🇪🇺Data stored exclusively in the EU
🔒End-to-end encryption
🚫No tracking or analytics cookies
Full GDPR compliance
📤Export your data anytime
🗑️Delete your account instantly

1. Data We Collect

Account Information

  • Required: Name, email address
  • Optional: Company name, industry sector
  • Secured: Password (hashed with bcrypt, never stored in plain text)

Usage Data

  • Projects and organizations you create
  • Digital assets you scan (dependencies, services)
  • Compliance scan results and reports
  • API usage logs (for debugging and security purposes only)

What We Don't Collect

We never store your source code. During scans, we only analyze dependency manifest files (package.json, pom.xml, etc.). Your actual code never touches our servers.

2. Where We Store Your Data

All data is stored exclusively in European Union data centers. Your data never leaves the European Union and is never transferred to third countries.

🇩🇪
Primary
Frankfurt, Germany
🇫🇷
Backup
Paris, France
🇪🇺
Provider
EU-Based Infrastructure

3. How We Protect Your Data

Encryption at Rest
AES-256 encryption for all stored data
Encryption in Transit
TLS 1.3 for all connections
Security Audits
Regular penetration testing and audits
Access Control
Role-based access control (RBAC)
MFA Available
Multi-factor authentication support
Automated Backups
30-day backup retention

4. We Don't Sell Your Data

We never sell your personal information or usage data to third parties. We only share data in these limited circumstances:

Service Providers

EU-based infrastructure providers and email services operating under strict data processing agreements.

Legal Obligations

Only when required by EU law or court order.

With Your Consent

Only when you explicitly authorize data sharing.

5. Your Rights (GDPR)

Under GDPR, you have comprehensive rights over your personal data:

Right to Access
Request a copy of all your personal data
Right to Rectification
Correct inaccurate data
Right to Erasure
Request deletion of your data
Right to Restrict
Limit how we process your data
Right to Portability
Export your data in JSON format
Right to Object
Object to certain processing
Right to Withdraw
Withdraw consent at any time

To exercise these rights, contact us at privacy@dependra.eu

6. Cookies

We use minimal, essential cookies only:

  • Authentication cookie: To keep you logged in (httpOnly, secure)
  • Preference cookie: To remember your settings (optional)

We do not use tracking cookies, analytics cookies, or third-party advertising cookies. See our Cookie Policy for details.

7. Data Retention

We retain your data for as long as your account is active. When you delete your account:

  • Personal information is deleted immediately
  • Usage data is anonymized for aggregate statistics
  • All backups are removed within 30 days

8. Children's Privacy

Dependra is designed for business use and is not intended for children under 16. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. We'll notify you via email 30 days before any material changes take effect.

10. Contact Us

For privacy-related questions or to exercise your GDPR rights:

Company
Dependra GmbH
Location
Berlin, Germany
Privacy Email
privacy@dependra.eu
Data Protection Officer
dpo@dependra.eu

Related Policies

Terms of ServiceCookie PolicyContact Us