Privacy

Privacy

Sendity is designed to process only the data required to create, verify and audit authentication sessions.

Last updated: 30 May 2026

This privacy notice explains how Dachs Consulting GmbH processes personal data when operating the Sendity website and hosted Sendity service.

Controller

Dachs Consulting GmbH is the controller for this website and for direct communications about Sendity.

Dachs Consulting GmbH, Mierendorffweg 8, 64572 Büttelborn, Germany. Email: hallo@dachs.consulting.

Hosted Sendity service

The hosted Sendity service is operated in a GDPR-compliant setup. The application server is hosted with Hetzner Online GmbH in Nuremberg, Germany.

When Sendity is embedded into a customer application, the customer normally decides why and how authentication data is processed. In that case, the customer acts as controller and Dachs Consulting GmbH acts as processor for the hosted Sendity service under Art. 28 GDPR.

Data processed

Sendity processes only the data needed to create, verify, secure and audit short-lived authentication sessions. Depending on the integration this may include:

  • technical request data such as IP address, user agent, timestamps and security logs;
  • public app identifiers, allowed origins and session identifiers;
  • authentication challenge codes, verification status and expiry timestamps;
  • email sender information required to verify control over the email channel;
  • support or contact messages sent directly to Dachs Consulting GmbH.

Purposes and legal bases

  • Providing the website and hosted authentication service: Art. 6(1)(b) GDPR where processing is necessary for a contract or pre-contractual steps.
  • Protecting the service against abuse, debugging, rate limiting and security logging: Art. 6(1)(f) GDPR based on our legitimate interest in operating a secure service.
  • Processing customer end-user data in the hosted service: Art. 28 GDPR, based on a data processing agreement with the customer.
  • Complying with legal retention or disclosure duties: Art. 6(1)(c) GDPR where applicable.

Hosting, processors and recipients

The Sendity hosted service and website are hosted on infrastructure provided by Hetzner Online GmbH in Nuremberg, Germany. Hetzner acts as infrastructure processor.

Data is disclosed only where required to operate Sendity, fulfil legal obligations, defend legal claims or where a customer has configured an integration that necessarily receives a verification result.

Cookies and analytics

Sendity uses technically necessary cookies and similar storage where required for security, CSRF protection, demo sessions and customer-area sessions.

Sendity does not use advertising trackers or third-party analytics on the public website.

Retention

Authentication challenges and session state are short-lived. Security logs are retained only as long as needed to operate, secure and audit the service unless a longer retention period is required by law or necessary to investigate abuse.

International transfers

The hosted Sendity service is operated in Germany. If a customer configures external systems or email providers, data may be processed by those systems according to the customer’s configuration and agreements.

Your rights

Subject to the statutory requirements, you may request access, rectification, erasure, restriction of processing, data portability and objection to processing. You may also lodge a complaint with a supervisory authority.

For Dachs Consulting GmbH in Hesse, the competent authority is the Hessian Commissioner for Data Protection and Freedom of Information.