Privacy Policy
Last updated: March 2026
1. Overview
This privacy policy describes how StepLinq handles personal data. StepLinq is committed to transparency and to the principle of data minimization. The short version: the StepLinq desktop application collects no personal data, and this website collects only the minimum necessary to operate.
2. Data controller
The data controller responsible for processing is Luka Marusic, operator of StepLinq. Contact: hello@steplinq.com. Full postal address is available in the Impressum.
3. The StepLinq desktop application
StepLinq is offline-first software. When you use the desktop application, no usage data, telemetry, or personal information is transmitted to StepLinq or any third party. Your work instructions, photos, part numbers, and all other data remain entirely on your machine or your local network share. StepLinq does not phone home. License validation is performed locally using an HMAC-SHA256 signature — no network request is made and no identifying information leaves your machine.
4. The steplinq.com website
The steplinq.com marketing website is hosted by Vercel Inc. (USA) on Vercel's edge network. When you visit the site, Vercel automatically processes your IP address and technical request metadata (browser, OS, referrer) for the purpose of delivering the page and preventing abuse. This processing is based on our legitimate interest under Art. 6(1)(f) GDPR. Anonymized page-view analytics are collected via Vercel Analytics. No cookies are set, no cross-site tracking is performed, and no identifiers are stored.
5. Paddle payments
When you purchase a StepLinq license, the checkout is handled by Paddle.com Market Ltd as our Merchant of Record. Paddle collects the information required to process the payment (name, billing address, email, payment details) and to fulfil tax obligations. StepLinq receives only the order confirmation and your email address to deliver the license key. Paddle's own privacy policy applies to the checkout process.
6. Support email
When you contact us at hello@steplinq.com, your email address and the content of your message are stored for the purpose of responding and for future reference. Legal basis: Art. 6(1)(b) or (f) GDPR. Messages are retained for as long as reasonably needed for support continuity and then deleted.
7. Cookies
The steplinq.com website does not set any cookies of its own. No consent banner is shown because no consent is needed — no tracking cookies are used.
8. Third-party services
The following third parties are involved in operating StepLinq: Vercel Inc. (USA) — website hosting and analytics; Paddle.com Market Ltd (UK) — payment processing and tax compliance; Cloudflare, Inc. (USA) — DNS and license validation worker; GitHub, Inc. (USA) — auto-update distribution for the desktop app.
9. EU data transfers
Some of the third-party services above are based in the United States. Transfers of personal data to the US are covered by the EU-US Data Privacy Framework (where the recipient is certified) or by the European Commission's Standard Contractual Clauses. You can request details of the specific safeguards at hello@steplinq.com.
10. Your rights under the GDPR
As a data subject, you have the right to access the data we hold about you (Art. 15), to rectify inaccurate data (Art. 16), to erasure (Art. 17), to restrict processing (Art. 18), to data portability (Art. 20), and to object to processing (Art. 21). You also have the right to lodge a complaint with the supervisory authority in your country. To exercise any of these rights, email hello@steplinq.com.
11. Contact
Questions about this policy: hello@steplinq.com.