Privacy Policy (Datenschutzerklärung)

Last updated: November 2025.

1. General Information
This Privacy Policy describes how N.A. Invest GmbH (“Company”, “we”, “us”, “our”) collects, uses, and protects personal data in connection with the use of our software Option Defense and related online services (“Services”).
We are committed to ensuring that your privacy is protected and that your personal data is handled in accordance with the General Data Protection Regulation (GDPR) and applicable German data-protection laws (Bundesdatenschutzgesetz – BDSG).

Service provider (§ 5 TMG):
 N.A. Invest GmbH
 Ratinger Str. 3, 40213 Düsseldorf, Germany
 📞 +49 211 59868985 / +49 152 26931948
 📧 info@nainv.de
 Authorized representative: Nataliia Shchurikova

2. Data Controller
The data controller within the meaning of Art. 4(7) GDPR is:
N.A. Invest GmbH, Ratinger Str. 3, 40213 Düsseldorf, Germany.
For all privacy-related questions, you may contact us at
 📧 info@nainv.de

3. Categories of Data We Collect
We collect and process the following categories of personal and technical data:

  1. Account Data:
    • Name, surname
    • Email address
    • Account credentials (if applicable)
  3. Payment Data:
    • Processed securely by Stripe Payments Europe Ltd.
    • We do not store or process raw payment card data on our servers.
    • Stripe may collect additional data as described in Stripe’s Privacy Policy.
  5. Hardware Identification Data (Fingerprint):
    • When activating your license, the software generates a unique hardware fingerprint based on anonymized technical characteristics of your computer (e.g. system hash, CPU ID).
    • This data is used solely to verify your license and prevent unauthorized sharing.
    • The fingerprint does not contain personal data and cannot be used to identify you personally.
    • Stored securely on servers located in the European Union.
  7. Technical and Usage Data:
    • IP address (anonymized)
    • Browser and operating system type
    • Date/time of access
    • Error logs (for technical troubleshooting)

4. Purposes of Data Processing
We process personal data exclusively for the following purposes:

  • To register and manage your customer account;
  • To process payments and provide subscription access;
  • To verify software licenses and prevent abuse;
  • To provide customer support and communicate with users;
  • To comply with legal obligations (e.g. tax, billing regulations).

5. Legal Basis for Processing
Processing of your personal data is based on:

  • Art. 6(1)(b) GDPR – performance of a contract (e.g., software license);
  • Art. 6(1)(c) GDPR – compliance with legal obligations;
  • Art. 6(1)(f) GDPR – legitimate interests, such as fraud prevention, software security, and customer management.

6. Payment Processing (Stripe)
Payments for our services are handled through Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Dublin, Ireland.
 Stripe acts as an independent data controller for payment information.
When you enter payment details, they are transmitted directly to Stripe via secure encrypted channels (TLS).
 We receive only confirmation of payment and a customer ID.
For more details, refer to Stripe’s GDPR Compliance and Stripe Privacy Policy.

7. Storage Duration
We store personal data only for as long as necessary to fulfill the purposes described above or as required by law.
Typical retention periods:

  • Account and billing data: up to 10 years (per §257 HGB / §147 AO).
  • Hardware fingerprint data: as long as the license is active, and deleted after deactivation.
  • Email/support correspondence: up to 2 years after case resolution.

8. Data Security
We use modern technical and organizational security measures to protect your data against:

  • unauthorized access or disclosure,
  • loss or destruction,
  • unlawful processing.

All data transmissions between our website, software, and servers are encrypted using SSL/TLS.
 Access to data is restricted to authorized employees under confidentiality agreements.

9. Data Sharing and Transfers
We do not sell or share personal data with third parties.
 Data may be transferred to third parties only when:

  • required by law,
  • necessary for service provision (e.g., Stripe),
  • you have provided explicit consent.

All processors are bound by Art. 28 GDPR Data Processing Agreements (DPA).
We do not transfer data outside the European Economic Area (EEA) unless adequate protection (Art. 46 GDPR) is ensured.

10. Cookies and Analytics
Our website uses only essential cookies necessary for account and payment functionality.
 We do not use tracking cookies, marketing pixels, or third-party analytics without explicit user consent (per Art. 6(1)(a) GDPR).

11. Your Rights (Art. 12–23 GDPR)
As a data subject, you have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (“right to be forgotten”, Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

You may exercise these rights by contacting us at 📧 info@nainv.de.

12. Third-Party Links
Our website may contain links to third-party services (e.g. payment providers).
 We are not responsible for the content or privacy practices of these external sites.

13. Changes to This Privacy Policy
We reserve the right to modify this Privacy Policy at any time to reflect changes in legal requirements or business processes.
 The updated version will always be published on this page with a new “last updated” date.

14. Contact
For all data protection inquiries, please contact:
N.A. Invest GmbH
 Ratinger Str. 3, 40213 Düsseldorf, Germany
 📧 info@nainv.de