Privacy Policy

1. Who this applies to

This policy covers personal data we process as a provider of the DataLotse service — primarily the account and contact details of the people who register for and use the Service. For the SAP data you process with the Service, you are the controller and we act on your instructions.

2. Data we collect

• Account data — name, work email, company and role provided at registration.
• Authentication data — credentials and security settings (stored hashed/encrypted), including two-factor settings where enabled.
• Operational metadata — system display names, job records, counts and timestamps, and audit logs of actions in the portal.
• Billing data — plan and subscription information; card payments are handled by our payment processor and we do not store full card numbers.
• Support & chat — messages you send us by email or live chat.

3. Your SAP business data

In the cloud model, copies are executed by an outbound agent running inside your own network. SAP credentials are encrypted and your business data is moved directly between your source and target systems — it is not routed through or stored by our control plane. We do not require, request or retain the contents of your SAP documents.

4. How we use data

• to provide, secure and operate the Service;
• to authenticate users and enforce plan entitlements;
• to provide support and respond to your requests;
• to process billing and prevent fraud and abuse;
• to comply with legal obligations.

5. Legal bases

Where the GDPR or similar laws apply, we process personal data to perform our contract with you, to pursue our legitimate interests in operating and securing the Service, to comply with legal obligations, and with your consent where required.

6. Sharing & processors

We share personal data only with service providers that help us run the Service — such as hosting, email delivery, live chat and payment processing — under appropriate confidentiality and data-protection terms. We do not sell personal data. We may disclose data where required by law.

7. Retention

We keep account and operational data for as long as your account is active and as needed to provide the Service, then for a reasonable period to meet legal, accounting and security requirements, after which it is deleted or anonymised.

8. Security

We use technical and organisational measures including encryption of secrets at rest, encrypted transport (TLS), access controls, two-factor authentication for the vendor console, and audit logging. No system is perfectly secure, but we work to protect data appropriately to its sensitivity.

9. International transfers

Our control-plane infrastructure is hosted in the EU. Where data is transferred across borders, we use appropriate safeguards as required by applicable law.

10. Your rights

Depending on your location, you may have rights to access, correct, delete or port your personal data, and to object to or restrict certain processing. To exercise these rights, contact us at support@datalotse.com. For SAP data you process with the Service, please contact the relevant data controller (your organisation).

11. Cookies & tracking

The marketing site uses minimal cookies necessary for its operation and for the live chat widget. The portal uses bearer-token authentication rather than tracking cookies. We do not use advertising trackers.

12. Changes

We may update this policy from time to time. Material changes will be communicated through the Service or by email, and the "last updated" date above will change.

13. Contact

For privacy questions or requests, contact us at support@datalotse.com.