Privacy Policy

Last updated: May 2026 · Applies to all users of QGIS WPS Service

🔒 Short version: We collect only what is necessary to operate the Service. Pro and Enterprise users' geodata is never stored persistently. We do not sell your data.

1. Controller

Dr. Horst Düster / Kappasys
Längmoos 6, 3636 Forst bei Längenbühl, Switzerland
horst.duester@kappasys.ch

This Privacy Policy is governed by the Swiss Federal Act on Data Protection (nFADP) and, where applicable, the GDPR.

2. Data We Collect

2.1 Account data

Email address – for login and communication
Password – stored as bcrypt hash
Plan / subscription status
Registration date

2.2 Usage data

Job metadata – job ID, process ID, status, timestamps (no input/output data for Pro/Enterprise)
API keys – stored as SHA-256 hashes
Uploaded model files (.model3)

2.3 Geodata (inputs and outputs)

✓ Pro and Enterprise: Geodata is processed in memory only – no persistent storage on our servers.

ℹ Free plan: Job data is stored temporarily for up to 24 hours, then deleted.

2.4 Payment data

Payments are handled exclusively by Stripe, Inc. We receive only a Stripe customer ID. See stripe.com/privacy.

2.5 Server logs

Standard HTTP access data (IP, path, status, timestamp). Retained for max. 30 days.

3. Legal Basis

Data	Purpose	Legal basis
Account data	Service provision	Contract performance (Art. 6(1)(b) GDPR)
Job metadata	Service provision, limits	Contract performance
Geodata (Free)	Temporary result storage	Contract performance
Payment data	Billing	Contract performance
Server logs	Security, debugging	Legitimate interest

4. Data Sharing

We do not sell your data. Sharing only with: Stripe (payments), hosting infrastructure (EU/Switzerland), authorities where legally required.

5. Data Retention

Data type	Retention period
Account data	Until deletion + 30 days
Geodata (Free)	24 hours after job completion
Geodata (Pro/Enterprise)	Not stored persistently
.model3 files	Until deleted by user or account deletion
Server logs	30 days
Payment records	10 years (Swiss accounting law)

6. Your Rights

You have the right to access, rectify, erase, port, and object to your data. Contact: horst.duester@kappasys.ch. You may also lodge a complaint with the Swiss FDPIC.

7. Security

We use HTTPS/TLS, bcrypt password hashing, JWT authentication, SHA-256 API key hashing, and in-memory processing for Pro/Enterprise geodata.

8. Cookies

We use one technically necessary cookie (access_token) for login sessions and one (lang) for language preferences. No tracking or advertising cookies.

9. Changes

Material changes are announced by email at least 14 days before taking effect.

10. Contact

horst.duester@kappasys.ch
Dr. Horst Düster / Kappasys, Längmoos 6, 3636 Forst bei Längenbühl, Switzerland