Mårdhund Privacy Policy

Effective Date: 6 November 2025

This Privacy Policy describes how Mårdhund ("we", "our", or "us") collects, uses, stores, and discloses personal data in connection with our services and infrastructure. Mårdhund operates as a platform provider for various digital services. In some cases, more complex services, such as Klipspringer, may maintain their own specific privacy policies. Where such policies exist, they take precedence over this policy for that product or service.

1. Applicability

This policy applies to visitors using Mårdhund-operated websites and dashboards, as well as users of services that do not yet have their own privacy policy. It also applies to administrators managing their own instances through the Mårdhund platform. If a specific product, like Klipspringer, has its own privacy policy, that document governs your data for that service instead.

2. Roles Under Law

Depending on how our services are being used, Mårdhund may act as either a Data Controller or a Data Processor. When you interact directly with us (for example, through the Mårdhund Dashboard), we act as the controller, meaning we determine how and why your data is processed. For hosted or managed applications, we act as the processor, meaning we handle data only on behalf of and under the instruction of the organization using the software.

3. Data We Collect

Mårdhund collects only the data required to provide and secure our services. This includes basic account information, technical metadata, and limited interaction history. We do not collect behavioral analytics, biometric identifiers, or government-issued identification numbers.

• Account Information may include your name and email address, which are used for account creation, communication, and system access.
• Technical Metadata, such as your IP address, is used to keep your account secure, like detecting impossible travel
• Verification Status (if applicable) may be recorded to confirm whether identity verification was completed, but we never store ID documents or verification data ourselves.
• Support Interactions, such as emails or tickets, are stored only as long as necessary to resolve your request.

4. Legal Basis for Processing

We process data under recognized legal bases, including the performance of a contract (for example, managing your account or providing access to services), legitimate interests (such as preventing abuse or maintaining system security), and legal obligations (for example, responding to lawful requests). If we ever use your data for purposes beyond those described here, we will seek your explicit consent beforehand.

We do not use automated decision-making or profiling in connection with the processing of your personal data.

5. Subprocessors

To operate efficiently, Mårdhund relies on a minimal number of trusted third parties. These subprocessors help us maintain secure, reliable infrastructure while remaining under contractual obligations to follow our instructions and comply with all applicable data protection laws.

• Our primary hosting provider is Contabo GmbH (Germany), which stores infrastructure within the European Union.
• Cloudflare, Inc. (United States) provides network-level protection and content delivery under Standard Contractual Clauses (SCCs) to safeguard international transfers.
• For identity verification, we partner with Didit (Spain), which processes only verification data and deletes it immediately after verification is complete.

6. Data Location and Transfers

Our infrastructure is primarily hosted in Germany (European Union) through Contabo GmbH, though Mårdhund remains legally established in the State of Georgia, United States. We maintain full administrative control over our systems and ensure compliance with both EU and U.S. data protection requirements.

Data is primarily stored within the European Union or in other jurisdictions deemed to provide adequate protection under Article 45 of the General Data Protection Regulation (GDPR). Where data is transferred internationally, Mårdhund uses legally recognized safeguards such as Standard Contractual Clauses (SCCs) or equivalent measures.

7. Security Measures

We take data protection seriously. All data in transit is encrypted using TLS 1.3, while all data at rest resides on encrypted volumes. Access to personal data is restricted to authorized personnel who are bound by confidentiality obligations.

8. Data Retention

Mårdhund retains personal data only for as long as necessary to provide our services. Account data is stored until an account is deleted or a deletion request is made. Verification status data, if applicable, is kept only while an account remains active. Technical logs and metadata are retained temporarily and anonymized when possible. For individual services managed through our platform, specific retention periods may be governed by their respective privacy policies.

9. Your Rights

Regardless of where you live, Mårdhund extends to all users the data rights set out in the General Data Protection Regulation (GDPR) and relevant U.S. law, including Georgia's Fair Business Practices Act. You have the right to request access to your personal data, correct inaccuracies, ask for your data to be deleted, or restrict how it is used. You may also object to certain types of processing or request that we provide your data in a portable format. To exercise any of these rights, please contact us at privacy [at] [this domain].

10. Legal Compliance and Law Enforcement

Mårdhund is based in the State of Georgia, United States, and complies with all applicable state and federal privacy laws. While our servers are located in the European Union, as a U.S.-based company we may still be legally compelled to comply with lawful orders issued under U.S. law, including those authorized under the Patriot Act or National Security Letters. In such cases, Mårdhund will seek to interpret or challenge such requests narrowly and disclose only the minimum information required by law. We also review the jurisdictional validity of every request and, whenever permitted, will notify affected users of such disclosures.

11. Policy Updates

We may update this Privacy Policy periodically to reflect changes in law, technology, or business operations. The most recent version will always be published at https://dashboard.mardhund.com/privacy. If any updates significantly affect your rights or data, we will provide advance notice through email and/or in-dashboard communication.

12. Contact and Oversight

For questions, complaints, or data access requests, you may contact us directly at:

• Email:privacy [at] [this domain]
• Website: https://mardhund.com

If you are located in the State of Georgia (United States) and believe your privacy rights have been violated, you may contact the:

If you are located in the European Union or EEA, you may contact your national data protection authority. A list of such authorities is available at https://edpb.europa.eu/about-edpb/board/members_en.

Mårdhund does not currently maintain an EU representative under GDPR Article 27, but we make good-faith efforts to respond to all valid GDPR inquiries and cooperate with event organizers or customers who act as data controllers under EU law.