Privacy Policy

1. Data Controller

The data controller responsible for the processing of your personal data is:

This Privacy Policy applies to the CKB (Code Knowledge Backend) software, our website, and all related services (collectively, the "Services"). It explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Austrian Data Protection Act (Datenschutzgesetz, "DSG").

2. What Personal Data We Collect

2.1 CKB Software (Local Processing)

CKB runs entirely on your local machine. By default, we do not collect, transmit, or have access to:

• Your source code or codebase content
• Your queries or search patterns
• Analysis results or reports
• Any telemetry or usage data

All code analysis and indexing occurs locally on your device. We have designed CKB to be privacy-preserving by default.

2.2 Website Visitors

When you visit our website, we may process the following data:

• Technical data: IP address, browser type and version, operating system, referral URL, pages visited, date and time of access
• Cookies: Essential cookies for website functionality (see Section 8)

2.3 Customers (Commercial Licenses)

When you purchase a commercial license, we collect:

• Contact information: Name, email address
• Company information: Company name, business address (for enterprise customers)
• Billing information: Billing address, VAT number (where applicable)
• Payment data: Processed exclusively by Stripe (we do not store credit card numbers)
• Transaction records: Purchase history, subscription status, invoices

2.4 Support Communications

When you contact us for support, we process:

• Name and email address
• Content of your inquiry
• Any attachments or additional information you provide

3. Legal Basis for Processing

We process your personal data on the following legal bases under Article 6(1) GDPR:

Where we rely on legitimate interests, we have conducted a balancing test to ensure your rights and freedoms are not overridden. You may request details of this assessment by contacting us.

4. Purposes of Processing

We process your personal data to:

• Provide, operate, and maintain our Services
• Process payments and manage subscriptions
• Communicate with you about your account, purchases, or support requests
• Send service-related notifications (e.g., security alerts, product updates)
• Comply with legal obligations (e.g., tax documentation, invoicing)
• Ensure the security and proper functioning of our website
• Improve our products and Services based on aggregated, anonymised usage patterns
• Prevent fraud and abuse

5. Recipients and International Data Transfers

We share your personal data only with the following categories of recipients, and only to the extent necessary for the stated purposes:

5.1 Service Providers (Processors)

All processors are bound by data processing agreements in accordance with Article 28 GDPR.

5.2 Transfers to Third Countries

Where your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place as required by Chapter V GDPR. This includes:

• Adequacy decisions by the European Commission
• EU-US Data Privacy Framework certification
• Standard Contractual Clauses (SCCs) adopted by the European Commission

You may request a copy of the relevant safeguards by contacting us.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

After the retention period expires, data is securely deleted or anonymised.

7. Your Rights Under GDPR

Under the GDPR and Austrian DSG, you have the following rights regarding your personal data:

• Right of Access (Art. 15 GDPR): You may request confirmation of whether we process your personal data and obtain a copy of that data.
• Right to Rectification (Art. 16 GDPR): You may request correction of inaccurate or incomplete personal data.
• Right to Erasure (Art. 17 GDPR): You may request deletion of your personal data where no legal basis for continued processing exists ("right to be forgotten").
• Right to Restriction (Art. 18 GDPR): You may request that we restrict processing of your data in certain circumstances.
• Right to Data Portability (Art. 20 GDPR): You may request your data in a structured, commonly used, machine-readable format and have it transmitted to another controller.
• Right to Object (Art. 21 GDPR): You may object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right Not to be Subject to Automated Decision-Making (Art. 22 GDPR): You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

To exercise any of these rights, please contact us at support@tastehub.io. We will respond within one month as required by GDPR. In complex cases, this period may be extended by two additional months, in which case we will inform you.

7.1 Right to Lodge a Complaint

If you believe that our processing of your personal data violates applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority. In Austria, this is:

8. Cookies and Similar Technologies

Our website uses only essential cookies that are strictly necessary for the website to function. These cookies do not require your consent under applicable law, as they are necessary for the provision of the service you have requested.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies that require consent.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/HTTPS)
• Secure payment processing via PCI-DSS compliant providers (Stripe)
• Access controls and authentication requirements
• Regular security assessments
• Employee confidentiality obligations as required by Section 6 DSG

10. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

11. Children's Privacy

Our Services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately so we can delete it.

12. Third-Party Links

Our website may contain links to third-party websites (e.g., GitHub, documentation sites). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal data.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify customers via email if the changes significantly affect the processing of their data
• Post a notice on our website

We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about our data practices, please contact us:

We aim to respond to all inquiries within 30 days.