GDPR Compliance

Does VulpaSoft use cookies?

No. VulpaSoft does not set any cookies on your visitors' browsers. We use a privacy-friendly fingerprinting method based on a daily-rotating hash. This means no cookie consent banner is required under GDPR, PECR, or ePrivacy Directive.

How does VulpaSoft handle IP addresses?

All IP addresses are anonymized using SHA-256 hashing with a daily-rotating salt before any data is stored. Raw IP addresses are never persisted. The hashing is irreversible and unlinkable across days.

// The IP is NEVER stored
const salt = getDailySalt(); // rotates every 24h
const hash = sha256(ip + userAgent + salt);
// Result: "a8f2e1..." — unlinkable across days
// The raw IP is discarded immediately

Can VulpaSoft capture personal data?

Not by default. All form inputs, textareas, and contenteditable elements are masked by default. Session replays never capture personal data unless you explicitly opt out masking for specific elements using the data-hm-unmask attribute.

<!-- All inputs masked by default -->
<input type="email" />  <!-- ●●●●●● in the replay -->

<!-- Opt-out for non-sensitive fields only -->
<input type="search" data-hm-unmask />

Where is my data stored?

All data is stored exclusively in Frankfurt, Germany. Our entire infrastructure stack runs on EU servers. Data never leaves the European Union. No US data transfers, no adequacy decisions required.

What are your sub-processors?

Do you offer a Data Processing Agreement?

Yes. A DPA is available for all customers. You can download it from your Settings page after creating an account, or download it directly here. It covers all sub-processors, data flows, and security measures.

Which regulations does VulpaSoft comply with?