Privacy Policy

Last updated: 16 April 2026

        Summary: We collect only the data necessary to provide the service (account management, license activation, billing). We do not sell your data. You can request deletion at any time. We use Google Analytics/AdSense on the public website — you can opt out via the cookie banner.
    

1. Who We Are (Data Controller)

The data controller for this website and the Scania SOPS Editor platform is:

Service name: Scania SOPS Editor
Contact email: prrc97@gmail.com
Website: https://scaniasops.com

If you have any questions about how we handle your personal data, please contact us at the email above.

2. What Personal Data We Collect

We collect and process the following categories of personal data:

Account data: name, email address, and hashed password when you register an account.
License data: machine hardware key (generated locally by the desktop app), license plan, activation dates, and renewal history.
Billing data: payment transaction references and plan selection. We do not store full card numbers — payments are processed by third-party providers (e.g. Stripe).
Support data: content of support tickets and messages you send us.
Usage logs: login timestamps and IP addresses (for security and fraud prevention).
Download logs: records of software installer downloads associated with your account.
Cookie and analytics data: if you consent, Google Analytics / AdSense collects anonymised browsing data. See Section 6 and our Cookie Policy.

3. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR (Regulation EU 2016/679):

Contract performance (Art. 6(1)(b)): processing necessary to deliver the service you purchase (account, license activation, downloads, support).
Legitimate interests (Art. 6(1)(f)): security logging, fraud prevention, and product improvement.
Consent (Art. 6(1)(a)): analytics and advertising cookies — only after you opt in via the cookie consent banner.
Legal obligation (Art. 6(1)(c)): billing records retained to meet tax/accounting obligations.

4. How We Use Your Data

Create and manage your account
Activate, verify, and manage your software licenses
Process payments and issue receipts
Provide technical support
Send you service-related emails (license expiry reminders, important updates)
Send marketing emails — only if you opted in, and you can unsubscribe at any time
Improve the platform and detect abuse

5. Data Retention

Account data is retained while your account is active and for up to 3 years after deletion (legal basis: legitimate interest / tax obligations).
Billing records are retained for 10 years (Portuguese tax law obligation).
Support ticket data is retained for 2 years.
Security/login logs are retained for 12 months.
You can request deletion of personal data not required by law at any time (see Section 7).

6. Cookies and Tracking Technologies

We use cookies to operate the platform (session, CSRF security, authentication) and, with your consent, for analytics and advertising via Google AdSense. Please see our full Cookie Policy for details.

7. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

Right of access (Art. 15): request a copy of all data we hold about you.
Right to rectification (Art. 16): correct inaccurate or incomplete data.
Right to erasure / "right to be forgotten" (Art. 17): request deletion of your data (subject to legal retention obligations).
Right to restriction of processing (Art. 18): limit how we use your data in certain circumstances.
Right to data portability (Art. 20): receive your data in a machine-readable format.
Right to object (Art. 21): object to processing based on legitimate interests.
Right to withdraw consent: withdraw consent for cookies or marketing at any time, without affecting prior processing.

To exercise any of these rights, email us at prrc97@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with the Portuguese supervisory authority: CNPD (www.cnpd.pt).

8. Third-Party Services and Data Transfers

Stripe: payment processing. Your payment data is handled directly by Stripe under their own privacy policy and PCI-DSS compliance.
Google AdSense / Analytics: web analytics and advertising (consent required). Data may be transferred to the USA under Google's Standard Contractual Clauses.
Google Fonts: font delivery. Google may log your IP address when loading fonts.
Email provider: we use SMTP to send transactional emails. Email content is not shared with third parties.

We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encrypted connections (HTTPS/TLS), hashed passwords (bcrypt), CSRF protection, and access controls. No method of transmission over the internet is 100% secure, but we take all reasonable precautions.

10. Children's Privacy

This service is not directed to persons under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. The date at the top of this page always reflects the most recent revision.

12. Contact

For any privacy-related requests or questions: prrc97@gmail.com