Privacy Policy

Last updated: March 18, 2026

01 Data Controller

Volter is a product of Asenko BV, located at Nieuwstraat 9, 3472 Kortenaken, Belgium. For privacy-related questions, contact us at info@volter.be.

02 What Data We Collect

We only collect personal data that is necessary to provide our service. We do not use analytics, tracking pixels, or advertising cookies.

Payment & Billing

When you subscribe, Paddle (our payment processor and merchant of record) collects your name, email address, billing address, and payment details. Paddle processes this data as an independent data controller under their own privacy policy.

License Management

We store your email address and subscription identifiers with Keygen to create and manage your software license.

Transactional Emails

We use Resend to send you transactional emails such as your license key, subscription confirmations, and payment notifications. Your email address is shared with Resend for this purpose.

In-App Feedback

When you submit feedback from within the Volter desktop app, we collect your feedback message, feedback type, and optional email address. A screenshot may be included if you choose to attach one. We also collect app metadata such as your app version, platform, view mode, license status, and language setting. This data is stored in Google Cloud Firestore and used to improve the Software.

Waitlist Signup

When you sign up for the beta waiting list, we collect your email address and role. This data is stored in Google Cloud Firestore.

Webhook Event Logs

We log subscription lifecycle events (e.g. subscription created, canceled, payment failed) in Google Cloud Firestore for customer support purposes. These logs contain your email address, subscription identifiers, and event details.

Server Logs

Our website is hosted on Google Cloud (Firebase Hosting). Standard server logs including your IP address and user agent are collected automatically.

Cookie

We use a single functional cookie (__session) to remember your language preference. This cookie does not track you and no consent is required.

03 Legal Basis

Payment processing, license management, and transactional emails are necessary for the performance of our contract with you (GDPR Art. 6(1)(b)).

Server logs and webhook event logs are processed based on our legitimate interest in operating our service and providing customer support (GDPR Art. 6(1)(f)).

Waitlist signup is processed based on your consent (GDPR Art. 6(1)(a)).

04 Third-Party Processors

We share your personal data with the following service providers:

  • Paddle (UK/EU) — payment processing and merchant of record
  • Keygen (US) — license management
  • Resend (US) — transactional emails
  • Google Cloud / Firebase (EU, europe-west1) — website hosting and event logging

05 International Data Transfers

Some of our processors (Keygen, Resend) are located in the United States. These transfers are protected by the EU-US Data Privacy Framework and/or Standard Contractual Clauses (SCCs). Google Cloud stores your data in the EU (europe-west1 region).

06 Data Retention

  • Webhook event logs are retained for 24 months, then automatically deleted.
  • Feedback submissions are retained for 12 months, then automatically deleted.
  • Waitlist data is retained until you request its removal or we delete it after the beta period ends.
  • Server logs are retained for 30 days (standard Firebase Hosting retention).
  • License data is retained while your subscription is active and deleted after cancellation.
  • Payment data retention is governed by Paddle's own privacy policy and legal obligations.

07 Your Rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure of your data
  • Restrict processing of your data
  • Receive your data in a portable format
  • Object to processing based on legitimate interest

To exercise any of these rights, contact us at info@volter.be. We will respond within 30 days.

You also have the right to lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit): gegevensbeschermingsautoriteit.be.

08 Security

All data is transmitted over HTTPS. Personal data is only accessed server-side. Webhook signatures are verified cryptographically. Client-side access to our database is denied by security rules.

09 Automated Decision-Making

We do not use automated decision-making or profiling.

10 Changes to This Policy

We may update this privacy policy from time to time. The updated version will be indicated by the "Last updated" date at the top of this page.