Privacy Policy

1. Introduction

This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use the OctoSniff website, desktop software, web-based tools, and related services (collectively, the “Service”). We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Norwegian Personal Data Act (personopplysningsloven), and other applicable data protection legislation.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Data Controller

The operator of OctoSniff is the data controller responsible for processing your personal data as described in this policy. For contact details, see Section 14 below.

3. Personal Data We Collect

We may collect the following categories of personal data:

• Account information: Email address, username, and hashed password when you create an account.
• Payment information: Billing name, billing address, and payment card details. Card details are collected and processed directly by our PCI DSS-compliant payment processor (Stripe) and are never stored on our servers.
• Usage data: Features used, session duration, crash reports, and general interaction patterns within the software.
• Technical data: IP address, browser type, operating system, device information, and referral source when visiting our website.
• Support data: Communications, support tickets, and Discord messages when you contact us for assistance.
• Third-party account data: If you link your PlayStation or Xbox account, we receive a limited authentication token and your public online ID/gamertag. We do not access your console account password.

Network data: All network packet data captured by the OctoSniff software is processed locally on your device. We do not collect, transmit, or store any network capture data on our servers.

4. Legal Basis for Processing (GDPR Art. 6)

We process your personal data based on the following legal grounds:

• Performance of a contract (Art. 6(1)(b)): To provide the Service, manage your subscription, process payments, and deliver customer support.
• Legitimate interests (Art. 6(1)(f)): To improve the Service, ensure security, prevent fraud, and perform analytics.
• Legal obligation (Art. 6(1)(c)): To comply with applicable tax, accounting, and regulatory requirements.
• Consent (Art. 6(1)(a)): Where we rely on consent, you may withdraw it at any time.

5. How We Use Your Data

We use your personal data to:

• Create and manage your account and subscription.
• Process payments and prevent fraudulent transactions.
• Provide, maintain, and improve the Service.
• Deliver cloud-based features such as filter synchronization and license verification.
• Respond to support requests and communicate important service updates.
• Analyze aggregated usage patterns to improve functionality and user experience.
• Comply with legal obligations, including tax and financial reporting.
• Enforce our Terms of Service and protect the rights, safety, and property of our users.

We do not use your personal data for automated decision-making or profiling that produces legal effects concerning you.

6. Data Sharing & Third Parties

We do not sell, rent, or trade your personal data. We may share data with:

• Payment processors: Stripe processes your payment information under their own privacy policy and PCI DSS compliance.
• Hosting & infrastructure providers: Cloud hosting services under strict data processing agreements.
• Analytics providers: Privacy-focused analytics tools in aggregated, anonymized form.
• Legal authorities: Where required by law, court order, or governmental regulation.

All third-party processors are bound by data processing agreements in compliance with GDPR Article 28.

7. International Data Transfers

Your data may be processed outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or reliance on an adequacy decision.

8. Data Retention

• Account data: Retained for the duration of your active subscription and up to 12 months after account deletion.
• Payment records: Retained for up to 7 years as required by Norwegian accounting legislation (bokføringsloven).
• Usage & technical data: Retained in aggregated, anonymized form. Raw data deleted within 90 days.
• Support data: Retained for up to 24 months after the last interaction.

9. Cookies & Tracking Technologies

• Strictly necessary cookies: Required for the website and Service to function. Cannot be disabled.
• Analytics cookies: Help us understand how visitors interact with our website. Only set with your consent.

We do not use advertising or marketing cookies.

10. Data Security

We implement appropriate technical and organizational measures including encryption in transit and at rest, password hashing, optional 2FA, regular security reviews, and restricted access on a need-to-know basis.

11. Your Rights Under GDPR

If you are located in the EEA or Norway, you have rights including: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), objection (Art. 21), and withdrawal of consent. Contact us using the details in Section 14. We will respond within 30 days.

12. Children’s Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated at least 30 days before they take effect.

14. Contact & Supervisory Authority

If you have questions about this Privacy Policy or wish to exercise your data protection rights, contact us through our in-app support system, support ticket portal, or community Discord server.

In Norway, the relevant supervisory authority is: