Legal

Privacy Policy

Last updated: June 18, 2026

The German version is the legally binding version for the DACH market; this English translation is provided for convenience only.

We take the protection of your personal data seriously. This policy informs you pursuant to Art. 13/14 GDPR about processing when visiting and using saqura.de.

1. Controller

KyotoTech LLC (合同会社KyotoTech)
Kyō-machi 2-237-202, Fushimi-ku, Kyoto 612-8083, Japan
E-Mail: support@kyototech.co.jp

Representative in the EU (Art. 27 GDPR) and in Switzerland (FADP)

As the controller is established outside the EU/EEA (Japan), we have appointed a representative in the European Union pursuant to Art. 27 GDPR and a representative in Switzerland under the Swiss Federal Act on Data Protection (FADP). You may exercise your data-protection rights through our representative in your own country:

DataRep (Data Protection Representative Limited, trading as DataRep)
Germany: 3rd & 4th floor, Altmarkt 10 B/D, 01067 Dresden
Switzerland: Leutschenbachstrasse 95, 8050 Zürich
Email: datarequest@datarep.com (please mark the subject with "KyotoTech; SaQura")
Online form: www.datarep.com/data-request

DataRep maintains contact points in all EU/EEA countries and in Switzerland; please always address postal inquiries to "DataRep" so they reach us. For questions about our products or services, please continue to contact us directly at support@kyototech.co.jp.

2. Hosting & data residency

This website is hosted on a server in Germany (Nuremberg) at Hetzner Online GmbH; processing therefore takes place within the EU (Art. 6(1)(f) GDPR).

3. Server log files

On access the server processes: IP address, date/time, requested resource, referrer, user agent — for technical delivery, security and abuse prevention (Art. 6(1)(f) GDPR); deletion/anonymisation generally after 14 days.

4. Cookies & local storage

We use no tracking or marketing cookies and therefore need no consent banner. Language and theme preferences are stored, where technically necessary, locally in your browser (localStorage) and do not leave your device (§ 25(2) TDDDG).

5. Analytics (Umami)

We use Umami, a self-hosted, cookieless analytics tool on our server in Germany. No cookies, no transfer to third parties; only aggregated, non-identifying data is collected (page, referrer, approximate country, browser/device); IP addresses are not stored persistently (Art. 6(1)(f) GDPR).

6. Payments (Stripe)

Purchases are processed via Stripe (Stripe Payments Europe, Ltd., Ireland / Stripe, Inc., USA). Name, email, billing and payment data are processed to perform the contract (Art. 6(1)(b) GDPR); you enter payment data directly with Stripe. Transfers to the USA rely on the EU Standard Contractual Clauses. The Stripe Privacy Policy applies.

7. Subscription / licence management

To provide licences/API keys we process your email and contract-related data in our billing system (Art. 6(1)(b) GDPR).

8. Crypto API (no-log)

The cryptographic operations and the storage of the associated metadata take place on a server in Germany (Nuremberg) at Hetzner Online GmbH — i.e. within the EU. Cryptographic payloads (plaintext/keys) are neither logged nor stored persistently (processed only transiently in memory). Metadata (e.g. key identifier, timestamp, associated customer email) is stored (Art. 6(1)(b)/(f) GDPR).

9. Contacting us

If you contact us via the contact form or by email, we process your data (name, email, subject, message) to handle the request (Art. 6(1)(b)/(f) GDPR).

To protect the contact form against spam and automated requests we use Cloudflare Turnstile (Cloudflare, Inc., USA) — a cookieless, privacy-friendly CAPTCHA. It evaluates technical data (incl. IP address and browser/device signals) to distinguish human from automated access (Art. 6(1)(f) GDPR; legitimate interest in abuse prevention). Transfers to the USA rely on the EU Standard Contractual Clauses. The Cloudflare Privacy Policy applies.

10. International data transfers

Website hosting, analytics and the Crypto API are operated in Germany (EU). The controller (company) and the billing/licence administration are based in Japan; an EU Commission adequacy decision (2019) exists for transfers to Japan. Transfers to Stripe third countries rely on Standard Contractual Clauses.

11. Retention

We store data only as long as necessary for the stated purposes or required by law (commercial/tax).

12. Your rights

  • Access (Art. 15), rectification (Art. 16), erasure (Art. 17)
  • Restriction (Art. 18), portability (Art. 20), objection (Art. 21)
  • Withdrawal of consent (Art. 7(3)), complaint to a supervisory authority (Art. 77)

To exercise these, an email to support@kyototech.co.jp suffices.

13. Data security

We implement technical and organisational measures according to the state of the art (TLS, hardened server in Germany, access restrictions).