Privacy Policy

Date of last revision: September 5, 2025

1. Introduction and Controller's Details

This Privacy Policy (hereinafter: "Policy") describes how DORAI, through its operator Cryptix AG, a company incorporated under the laws of Switzerland with its registered office at Bundesstrasse 5, 6300 Zug, registration number: CHE-361.505.762 (hereinafter: "Controller" or "we"), collects, stores, uses, and protects the personal data of users and customers (hereinafter: "data subject" or "you") of the DORAI platform and services (hereinafter: "Platform"), accessible at dora.cryptix.ag.

We are committed to protecting your privacy and processing your personal data lawfully, fairly, and transparently in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter: "GDPR") and applicable national legislation.

2. Types of Personal Data We Collect

We collect personal data only when you interact with our Platform. Here's what we collect:

• Account and Purchase Data: First and last name, company name, email address, phone number, billing address, tax ID or VAT number, and payment information (we do not store credit card details directly—payment processing is handled by secure third-party providers).
• Contact Data: Email address and any information you provide through contact forms, support requests, or direct communication.
• Product Usage Data: Information about how you use our templates and services, such as which documents you download, modifications you make, and how long you use our platform.
• Technical Data: IP address, browser type, operating system, device information, access times, and page views. We collect this automatically using cookies and similar technologies to ensure functionality and security.
• Communication Data: Records of your communications with us, including support tickets, email exchanges, and feedback you provide.

3. Legal Bases and Purposes of Data Processing

We process your personal data based on the following legal bases:

Performance of a Contract (GDPR Article 6(1)(b))

• Purpose: To process your purchase, deliver digital templates, issue invoices, and provide customer support.
• Data: Account, purchase, and contact data.

Compliance with a Legal Obligation (GDPR Article 6(1)(c))

• Purpose: To comply with tax, accounting, and regulatory requirements.
• Data: Invoice and transaction records.

Legitimate Interest (GDPR Article 6(1)(f))

• Purpose: To ensure platform security, prevent fraud and abuse, improve our services, and respond to support inquiries.
• Data: Technical data, contact data, and usage data.

Consent (GDPR Article 6(1)(a))

• Purpose: To send marketing communications, newsletters, and product updates—only if you have explicitly opted in.
• Data: Email address.
• You can withdraw consent at any time by clicking the unsubscribe link in any email or by contacting us at hello@cryptix.ag.

4. Users and Data Transfer

We do not sell or share your personal data with third parties, except as necessary to operate the Platform:

• Service Providers: We share data with trusted partners who provide essential services:
  • Payment processors (e.g., Stripe, PayPal, Adyen)
  • Email and hosting providers
  • Analytics providers
  • Accounting and tax service providers
  All service providers have signed data processing agreements requiring GDPR compliance.
• Legal Authorities: We may disclose data to public authorities based on a lawful, documented request.
• Business Transfers: If DORAI or Cryptix AG is acquired or merged, your data may be transferred as part of that transaction.

As a rule, data is not transferred outside the EU/EEA. If such a transfer occurs, we will ensure appropriate safeguards (e.g., Standard Contractual Clauses) as required by the GDPR.

5. Data Retention Periods

We retain personal data only as long as necessary for the purpose it was collected:

• Purchase and Contract Data: Retained for 5 years after contract completion (statute of limitations).
• Invoices: Retained for 10 years from the end of the year they relate to (tax law requirement).
• Marketing and Newsletter Data: Retained until you withdraw consent.
• Support and Communication Data: Retained for 3 years after your last interaction, unless a dispute requires longer retention.
• Technical and Analytical Data: Typically retained for 13 months.

6. Your Rights Regarding Personal Data

Under the GDPR, you have the following rights:

• Right of Access: You can request confirmation of whether we are processing your data and can access it.
• Right to Rectification: You can request correction of inaccurate or incomplete data.
• Right to Erasure ("Right to Be Forgotten"): You can request deletion of your personal data under the conditions set out in the GDPR.
• Right to Restriction of Processing: You can request that we limit how we use your data in certain circumstances.
• Right to Data Portability: You can request your data in a structured, machine-readable format.
• Right to Object: Where we process data based on legitimate interest, you can object to that processing.

To exercise any of these rights, contact us at hello@cryptix.ag or send a written request to the address below. We will respond within 30 days (or 90 days for complex requests).

If you believe your rights have been violated, you have the right to lodge a complaint with your local data protection authority.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal data, including:

• SSL/TLS encryption for all data in transit
• Encrypted storage for sensitive data at rest
• Regular security audits and vulnerability assessments
• Restricted access to data (need-to-know basis)
• Regular software and security patches
• Employee data protection training
• Incident response procedures

While we strive to protect your data, no system is completely secure. If you believe your data has been compromised, please contact us immediately.

8. Cookies and Tracking Technologies

Our Platform uses cookies and similar technologies to:

• Essential Functions: Maintain your session, process orders, and provide platform functionality.
• Analytics: Understand how you use the Platform to improve performance and user experience.
• Marketing: Deliver relevant content and measure the effectiveness of our campaigns (only with your consent).

Upon your first visit, you will be asked to consent to non-essential cookies. You can manage your cookie preferences at any time through your browser settings or our cookie management tool.

9. Children's Privacy

Our Platform is not intended for children under 18. We do not knowingly collect personal data from children under this age. If we become aware that a child under 16 has provided us with personal data, we will delete it immediately.

10. Third-Party Links

Our Platform may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before providing any personal data.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated Policy on this website with a revised "Date of last revision." Your continued use of the Platform following such notification constitutes your acceptance of the updated Policy.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about our data practices, please contact us:

• Email: hello@cryptix.ag
• Mailing Address: Cryptix AG, Bundesstrasse 5, 6300 Zug, Switzerland
• Data Protection Officer: For GDPR-related inquiries, contact our DPO at dpo@cryptix.ag

We aim to respond to all inquiries within 30 days.

---

This Privacy Policy is provided in English. If there are translations in other languages, in the event of any conflict or inconsistency, the English version shall prevail.