This Privacy Policy describes how Inducera ("we", "us", "our") collects, uses, and protects information when you use the NocoBase Page Converter service ("Service").
1. Data Controller
Inducera is the data controller for personal data processed through the Service.
Contact: nocobasetools@inducera.eu
2. What Data We Collect
| Data Type | When Collected | Storage | Retention |
|---|---|---|---|
| NocoBase API URL | When you connect | Server-side PHP session only | Session duration (max 24h) |
| API Token | When you connect | Server-side PHP session only | Session duration (max 24h) |
| License key | When you activate | Server-side session + license file | Until license expires |
| Conversion statistics | On each conversion | JSON file on server (anonymized — no page names or content) | Until manually deleted |
| Feedback / email | When you submit feedback | JSON file on server | Until resolved + 12 months |
| Terms consent timestamp | At license activation | JSON log file on server | Duration of license + 24 months |
| Page structure (if consented) | When you opt in to share | JSON file on server | Until analysis complete, then deleted |
| Customer account | When you register | JSON file on server | Until account deletion requested |
| Payment records | When you pay via Stripe | JSON file on server (transaction IDs only) | As required by law |
3. What We Do NOT Collect or Store
- We do not store your NocoBase API token on disk — it exists only in your server-side session.
- We do not store page schemas, page definitions, field configurations, or collection data after conversion is complete.
- We do not use cookies for tracking or analytics.
- We do not use third-party analytics (no Google Analytics, no tracking pixels).
- We do not share any data with third parties (except Stripe for payment processing).
- We do not sell personal data.
- Temporary files used during conversion (connection credentials, page schema) are automatically deleted immediately after conversion — on both success and failure.
3a. Optional: Sharing Page Structure for Analysis
You may optionally consent to share an anonymized copy of your page structure with us for the purpose of improving the conversion engine. This is offered:
- Before conversion: As an opt-in checkbox in the conversion confirmation dialog.
- After a failed conversion: As a button you can click to help us investigate the issue.
If you consent, we save the page layout metadata (block types, field types, nesting structure). This does not include your business data, record contents, or API credentials. Shared data is deleted after analysis is complete.
You can request deletion of any shared analysis data at any time by contacting us.
4. How We Use Your Data
- API URL + Token: Used exclusively to perform the conversion against your NocoBase instance. Transmitted server-to-server. Stored only in your encrypted server-side session — never written to disk, logs, or displayed.
- License key: Used to validate your license tier and remaining conversions.
- Conversion statistics: Anonymized metrics (model count, duration, success/fail) displayed to you for reference. No page names or content are stored.
- Feedback: Used to improve the Service. If you provide an email address, we may respond to your feedback.
- Consent records: Stored for legal compliance to prove acceptance of Terms of Service.
- Shared page structures (if consented): Used exclusively to diagnose conversion issues and improve the conversion engine. Deleted after analysis is complete.
5. Data Storage and Security
- All data is stored on our server infrastructure in the EU (Hetzner, Germany).
- The Service uses HTTPS for all communication.
- API tokens are stored exclusively in server-side PHP sessions — never written to disk, client-side storage, cookies, or logs.
- Temporary files used during conversion (connection data, page schema) are automatically deleted immediately after conversion completes — on both success and failure.
- Session data is automatically destroyed after 24 hours of inactivity or on logout.
- Encrypted connection credentials stored for payment-based conversions are automatically cleared after conversion completes.
- Server access is restricted to authorized personnel only (SSH key authentication).
6. Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the right to:
- Access: Request a copy of all personal data we hold about you.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your personal data ("right to be forgotten").
- Portability: Request your data in a machine-readable format.
- Object: Object to processing of your personal data.
- Complaint: Lodge a complaint with a supervisory authority (Integritetsskyddsmyndigheten, IMY, in Sweden).
To exercise any of these rights, contact us at: nocobasetools@inducera.eu
We will respond within 30 days.
7. Third-Party Services
The Service may use the following third-party services:
- Stripe (payment processing): If you purchase a license via Stripe, your payment data is handled by Stripe Inc. under their privacy policy. We do not store credit card details.
- Hetzner (hosting): Our server infrastructure is provided by Hetzner Online GmbH, located in Germany (EU).
8. Children's Privacy
The Service is not intended for use by individuals under 18. We do not knowingly collect personal data from children.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date.
10. Contact
If you have questions about this Privacy Policy or our data practices:
- Email: nocobasetools@inducera.eu
- Website: inducera.eu