Legal
Last updated: May 2026
The controller for obsid.dev is Florian Josef Altendorfer, Einzelunternehmen, Zeller Straße 12/1, 6330 Kufstein, Österreich. Contact: info@altendorfer.dev.
Obsidian Interactive processes personal data where needed to operate the website, answer contact and support requests, create user accounts, process license purchases, issue license keys and activation codes, manage domain seats, handle license validation requests, send transactional emails, and operate customer, admin, and community features.
Payments are processed by Stripe and PayPal when selected during checkout. Stripe payment card fields are provided through Stripe.js and the Stripe Payment Element; PayPal approval happens through PayPal. The local platform stores the customer, order, payment session or provider order identifiers, license, fulfillment, and account data needed to complete the purchase and provide access.
Contract-related account, checkout, license delivery, license validation, support, and forum account processing is based on Art. 6(1)(b) GDPR. Security, abuse prevention, access logs, admin/security logs, service reliability, and necessary operational records are based on Art. 6(1)(f) GDPR. Statutory retention, accounting, and tax records are processed under Art. 6(1)(c) GDPR where applicable.
The platform uses hosting infrastructure, database, email, payment, and operational service provider categories as required to deliver the service. Transactional emails are sent through the configured SMTP provider. Payment data is processed by Stripe or PayPal according to the provider selected during checkout.
Personal data is retained for as long as needed for the account, contract, licensing, support, security, and legal purposes described here. Order, invoice-related, license, and accounting records may be retained for statutory retention periods. Server logs, magic link tokens, session metadata, moderation records, and security records are deleted or anonymized when no longer required unless security review or legal duties require longer retention.
Necessary cookies, local storage, and session storage may be used for login, security, checkout, cart/session behavior, interface preferences, and consent state. The platform uses an httpOnly session cookie for authenticated sessions and the Nuxt color mode setting with the oi-color-mode storage key. No analytics, marketing, or tracking cookies are configured.
You can review the active categories on the Cookie Settings page. Because only necessary cookies/storage are currently used, no opt-in banner is shown.
The platform uses conservative technical and organizational measures such as TLS-capable deployment, httpOnly session cookies, hashed session and magic-link tokens, CSRF protection, role-based admin checks, webhook verification, rate limiting, input sanitization, and security headers. No internet service can be guaranteed to be risk-free.
Subject to the legal requirements, you may request access, rectification, erasure, restriction, data portability, and objection to processing based on legitimate interests. You may also complain to a supervisory authority. In Austria, the competent authority is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, Austria, dsb.gv.at.
Privacy requests can be sent to info@altendorfer.dev.