Privacy Policy

This privacy policy explains how personal data is processed when you visit nibbly.dev or use Nibbly services that connect a Nibbly installation to external backup storage providers.

Controller

The controller responsible for data processing is:

Ing. Christian Högl
bytewerk.dev
Vorgartenstraße 145/6/40
1020 Vienna, Austria

Tel: +43 699 11811038
Email: hello@bytewerk.dev

General Principles

We process personal data only where this is necessary to provide this website, respond to enquiries, operate Nibbly services, or comply with legal obligations. Processing is carried out in accordance with the General Data Protection Regulation (GDPR), the Austrian Data Protection Act and other applicable data protection laws.

Website Access and Server Logs

When you access this website, the web server automatically processes technical access data. This may include your IP address, date and time of access, requested URL, referrer URL, browser type, operating system and the amount of data transferred.

This processing is necessary to deliver the website securely and reliably, to detect technical problems and to prevent misuse. The legal basis is our legitimate interest under Article 6(1)(f) GDPR. Server log data is kept only for as long as necessary for these purposes and is then deleted or anonymised, unless a longer retention period is required for security or legal reasons.

No Cookies, Analytics or External Media Embeds

This website does not use tracking cookies or analytics cookies. We do not use Google-hosted fonts, and we do not embed YouTube videos or comparable third-party media players on this website.

Contact by Email or Phone

If you contact us by email or phone, we process the information you provide, such as your name, email address, phone number and message content, in order to respond to your enquiry. The legal basis is Article 6(1)(b) GDPR where the communication relates to a contract or pre-contractual steps, and Article 6(1)(f) GDPR for general enquiries.

Contact data is retained for as long as necessary to handle the enquiry and any follow-up communication. Where statutory retention obligations apply, data may be kept for the required period.

Nibbly OAuth Broker for Backup Connections

Nibbly may provide an OAuth broker on auth.nibbly.dev to help Nibbly installations connect to external backup storage providers such as Dropbox, Google Drive or Microsoft OneDrive. This broker is used only to complete the provider's login and authorisation process.

During this process, the broker may temporarily process technical OAuth data such as an authorisation code, state parameter, provider response, access token and refresh token. These tokens are transmitted back to the requesting Nibbly installation so that backups can be uploaded directly from that installation to the selected storage provider.

Backup ZIP files are not uploaded to or stored by auth.nibbly.dev. The broker does not read, inspect or store the content of your backups. The legal basis is Article 6(1)(b) GDPR where the broker is used to provide a requested Nibbly function, and Article 6(1)(f) GDPR for secure operation and misuse prevention.

External Backup Storage Providers

If you connect a Nibbly installation to an external storage provider, that provider processes data according to its own terms and privacy policy. The files uploaded to that provider are controlled by the operator of the respective Nibbly installation and by the account holder of the selected storage service.

Depending on the provider and account settings, data may be processed outside the European Economic Area. Please review the privacy information and account settings of the selected provider before enabling remote backups.

Processors and Service Providers

We may use technical service providers, such as hosting providers, to operate this website and related Nibbly services. These providers process data only as necessary to provide their services and, where required, on the basis of a data processing agreement under Article 28 GDPR.

Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse or alteration. Access to systems and data is limited to what is necessary for operation, maintenance and support.

Your Rights

Subject to the conditions set out in the GDPR, you have the right to request access to your personal data, rectification, erasure, restriction of processing, data portability and objection to processing based on legitimate interests. Where processing is based on consent, you may withdraw that consent at any time with effect for the future.

To exercise your rights, please contact us using the contact details above.

Right to Lodge a Complaint

You also have the right to lodge a complaint with a supervisory authority. In Austria, the competent authority is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde), Barichgasse 40-42, 1030 Vienna, Austria, www.dsb.gv.at.

Changes to this Privacy Policy

We may update this privacy policy when the website, Nibbly services or legal requirements change. The current version is published on this page.