Privacy Policy

1. Introduction

InstaSoft Informatikai Zrt. ("we", "us", "our") operates the BarGen API service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Data Controller

3. Information We Collect

3.1 Account Information

When you register, we collect:

• Email address
• Name
• Password (stored encrypted)

3.2 Usage Data

When you use our API, we automatically collect:

• API request logs (endpoint, timestamp, response status)
• IP address
• Request parameters (barcode type, data encoded)

3.3 Payment Information

Payment processing is handled by Stripe. We do not store your credit card details. We only receive your Stripe customer ID and subscription status.

4. How We Use Your Information

We use your information to:

• Provide and maintain the API service
• Process your transactions
• Send you service-related communications
• Monitor and analyze usage patterns
• Detect and prevent fraud or abuse
• Comply with legal obligations

5. Data Retention

We retain your data for the following periods:

• Account data: Until account deletion + 30 days
• API logs: 90 days
• Billing records: 8 years (legal requirement)

6. Data Sharing

We share your data only with:

• Stripe: Payment processing
• Microsoft Azure: Email delivery
• Law enforcement: When legally required

We do not sell your personal data to third parties.

7. Your Rights (GDPR)

Under the EU General Data Protection Regulation, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data
• Portability: Receive your data in a structured format
• Object: Object to processing of your data
• Restriction: Request restriction of processing

To exercise these rights, contact us at privacy@bargen.pro.

8. Security

We implement appropriate security measures including:

• TLS/SSL encryption for all data in transit
• Argon2ID password hashing
• API key authentication
• Rate limiting and brute force protection
• Regular security audits

9. Cookies

We use only essential cookies for:

• Session management (authentication)
• CSRF protection

We do not use tracking or advertising cookies.

10. International Transfers

Your data is processed within the European Union. If data is transferred outside the EU, we ensure appropriate safeguards are in place (Standard Contractual Clauses).

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact Us

For privacy-related inquiries:

13. Supervisory Authority

You have the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH):