Privacy Policy

Effective Date: January 1, 2026
Last Updated: January 1, 2026

1. Controller Information

The data controller responsible for your personal information is:

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when using our Services:

• Software Submissions: Software name, website URL, repository URL, license type, contact email, description, features, target users, deployment information, and additional notes
• Update Requests: Your email address, software name, suggested corrections, and supporting references
• Correspondence: Email address and message content when you contact us

2.2 Automatically Collected Information

We automatically collect certain information when you visit our Site:

• Usage Data: Pages viewed, time spent, referring URLs, browser type, device type, operating system
• Technical Data: IP address (anonymized), approximate geographic location (country/city level)
• Analytics Data: Collected via Vercel Analytics for traffic analysis and site improvement

2.3 Third-Party Services

• Google reCAPTCHA: Collects technical and interaction data to prevent spam and abuse
• Vercel Analytics: Privacy-friendly analytics without cookies or personal identifiers

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Consent (Article 6(1)(a) GDPR): When you submit forms or contact us voluntarily
• Legitimate Interests (Article 6(1)(f) GDPR): For website analytics, security, fraud prevention, and service improvement
• Legal Obligations (Article 6(1)(c) GDPR): When required by applicable law
• Contract Performance (Article 6(1)(b) GDPR): To provide requested services

4. How We Use Your Information

We use collected information for the following purposes:

• Reviewing and processing software submissions for directory inclusion
• Responding to inquiries, support requests, and update suggestions
• Improving website content, functionality, and user experience
• Analyzing traffic patterns and usage statistics
• Preventing spam, fraud, and abuse through reCAPTCHA verification
• Complying with legal obligations and enforcing our Terms of Use
• Sending administrative communications (e.g., submission confirmations)

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share data in the following limited circumstances:

• Service Providers: Third-party vendors who assist in operating our Site (e.g., Vercel for hosting, Google for reCAPTCHA, email service providers). These providers are contractually obligated to protect your data and use it only for specified purposes.
• Legal Requirements: When required by law, court order, or governmental authority
• Protection of Rights: To protect our rights, property, safety, or that of our users or the public
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with prior notice)

6. International Data Transfers

Our Services are hosted in Germany (EU). If you access our Site from outside the European Economic Area (EEA), your data may be transferred to and processed in Germany. We ensure appropriate safeguards are in place through:

• EU Standard Contractual Clauses (SCCs) with service providers
• Adequacy decisions by the European Commission
• Your explicit consent where required

7. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this Policy:

• Submission Data: Retained for review and potential directory inclusion (up to 2 years)
• Published Information: Retained as long as the software is listed in our directory
• Analytics Data: Aggregated and anonymized data retained indefinitely for statistical purposes
• Correspondence: Retained for 3 years for support and legal purposes

After the retention period, data is securely deleted or anonymized.

8. Your Rights (GDPR & CCPA)

8.1 European Economic Area (EEA) Residents

Under GDPR, you have the following rights:

• Right of Access (Article 15): Request a copy of your personal data
• Right to Rectification (Article 16): Request correction of inaccurate data
• Right to Erasure (Article 17): Request deletion of your data ("right to be forgotten")
• Right to Restriction (Article 18): Request limitation of processing
• Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format
• Right to Object (Article 21): Object to processing based on legitimate interests
• Right to Withdraw Consent (Article 7): Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

8.2 California Residents (CCPA)

Under CCPA, California residents have the right to:

• Know: Request disclosure of personal information collected, used, and shared
• Delete: Request deletion of personal information
• Opt-Out: Opt-out of the sale of personal information (Note: We do not sell personal data)
• Non-Discrimination: Not be discriminated against for exercising your rights

8.3 Exercising Your Rights

To exercise any of these rights, contact us at info@dpro.at with "Data Subject Request" in the subject line. We will respond within 30 days (GDPR) or 45 days (CCPA).

9. Cookies and Tracking Technologies

We use minimal cookies and tracking technologies:

• Essential Cookies: Required for site functionality (e.g., reCAPTCHA)
• Analytics: Vercel Analytics (privacy-friendly, no cookies, no personal identifiers)

You can disable cookies in your browser settings, though this may affect site functionality. For more information, visit allaboutcookies.org.

10. Third-Party Services

10.1 Google reCAPTCHA

We use Google reCAPTCHA to protect forms from spam and abuse. reCAPTCHA collects hardware and software information and sends it to Google. This service is subject to:

• Google Privacy Policy: https://policies.google.com/privacy
• Google Terms of Service: https://policies.google.com/terms

10.2 Vercel Analytics

We use Vercel Analytics for privacy-friendly website analytics. This service does not use cookies, does not collect personal identifiers, and is GDPR-compliant. Learn more: Vercel Analytics Privacy.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• SSL/TLS encryption for data transmission
• Secure hosting infrastructure with regular security updates
• Access controls and authentication mechanisms
• Regular security audits and vulnerability assessments
• Data minimization and pseudonymization where possible

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

12. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, contact us immediately at info@dpro.at and we will delete it promptly.

13. External Links

Our Site contains links to third-party websites (software vendors, documentation, repositories). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies. All external links (except to flowxtra.com) use rel="nofollow sponsored noopener noreferrer" attributes.

14. Do Not Track Signals

Our Site does not currently respond to "Do Not Track" (DNT) browser signals. We use privacy-friendly analytics that do not track individual users across websites.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification if you have provided your email address
• Displaying a prominent notice on our Site

Your continued use of the Services after changes become effective constitutes acceptance of the updated Policy.

16. Disclosure Statement

This directory is operated by Dpro GmbH, the company that develops Flowxtra (a SaaS recruiting platform). Flowxtra is listed in our directory for transparency and informational comparison purposes. We maintain editorial neutrality and do not rank or endorse specific software solutions.

17. Contact Information & Data Protection Officer

For privacy-related questions, to exercise your rights, or to contact our Data Protection Officer:

18. Supervisory Authority

If you are located in the EEA and have concerns about our data processing practices, you have the right to lodge a complaint with your local data protection authority. In Austria, the supervisory authority is: