Privacy Policy

Last Updated: 20-03-2026

1. Overview
   This Privacy Policy applies to the website and the Edgehouse Gaming Performance Dashboard software ("Software") operated by Edgehouse AB, based in Ängelholm, Sweden. We take a "privacy-first" approach, meaning we aim to collect as little data as possible to provide our services.

   This Privacy Policy should be read alongside our [End User Licence Agreement (EULA)](/eula) and [Data Processing Agreement (DPA)](/dpa), which together form the complete set of legal documents governing your use of the Software.
   
   

2. Data Controller
   Edgehouse AB is the data controller for the personal data described in this Privacy Policy.

   • Company: Edgehouse AB

   • Location: Ängelholm, Sweden

   • Contact: legal@edgehouse.io
     
     

3. Data Collection & Usage

   3.1 Website Data

   • Anonymous Usage Data: We may collect anonymous, aggregate usage data (e.g., device type, pages visited, and general region). This is stripped of identifying information and is used solely to improve our website.

   • Technical Log Data: Our hosting provider (Framer) may automatically record server log information, such as your IP address, for the technical delivery of the site.
     We do not collect personal data that can identify you (such as your name or precise location) unless you choose to make a purchase.

   3.2 Purchase and Subscription Data (via Paddle)
   When you make a purchase, you provide personal data directly to Paddle.com (Paddle Payments Ltd), which acts as our Merchant of Record. Paddle shares the following with us so we can manage your subscription:

   • Email address

   • Company name

   • Purchase history

   We do not see or store your credit card details, full billing address, or other payment information. Your data provided to Paddle is subject to the Paddle Privacy Policy.

   3.3 Software Licence Validation Data (via Keygen.sh)
   To validate your licence, the Software transmits the following data to api.keygen.sh (Keygen Inc.) once every 30 days:

   • Licence key

   • App version

   • Workspace version

   • Operating system type

   • System architecture

   • Hashed machine fingerprint (one-way SHA-256 hash; cannot identify your actual hardware)

   An active internet connection is required for licence validation. If validation fails, the Software enters a read-only grace period before features are disabled.

   3.4 Your Business Data
   The Software processes all business data (operator performance, GGR, bets, game metrics, etc.) locally on your device. Edgehouse does not access, collect, receive, or process your business data. You retain full ownership and control of this data at all times.

   3.5 No Telemetry or Tracking
   The Software does not include telemetry, analytics, or usage tracking of any kind.
   
   

4. Legal Basis for Processing
   We process personal data under the following legal bases in accordance with the GDPR:

   • Contractual necessity (Article 6(1)(b) GDPR): Processing your email address, company name, and licence information is necessary to deliver the Software and manage your subscription.

   • Legitimate interest (Article 6(1)(f) GDPR): Processing hashed machine fingerprints is necessary for fraud prevention and licence security.
     
     

5. Cookies
   We do not use tracking cookies. We do not store files on your device to monitor your behaviour across other websites.
   
   

6. Third-Party Service Providers (Sub-processors)
   We use the following third-party service providers who may process personal data in connection with our services:

   • Keygen Inc. (keygen.sh), Licence validation and release management, United States, Licence keys, email addresses, hashed machine fingerprints

   • Paddle Payments Ltd (paddle.com), Payment processing and subscription management, United Kingdom, Payment information, email, company name, billing address

   • Framer, Website hosting, Netherlands, IP addresses, server log data

   We will notify you of any new sub-processors or changes at least 30 days in advance, providing you with the right to object on reasonable grounds.
   
   

7. International Data Transfers
   Your personal data may be transferred to the following jurisdictions:

   • Keygen.sh (United States): Transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission.

   • Paddle.com (United Kingdom): The UK has been recognised as having an adequate level of data protection by the European Commission.
     
     

8. Data Retention

   • Licence and subscription data (email address, company name): Retained for the duration of your subscription plus 30 days after termination, at which point it is deleted from Edgehouse systems and Keygen.sh.

   • Your business data: Remains entirely on your local machines and is under your sole control. Upon termination of your subscription, you are responsible for managing or deleting any local data.

   • Website log data: Retained in accordance with our hosting provider's standard retention periods.
     
     

9. Data Security
   We implement the following technical and organisational measures to protect your data:

   • Encryption: All data transmitted between the Software and external services uses HTTPS with TLS 1.2 or higher.

   • Hashing: Machine fingerprints are hashed using one-way SHA-256 before transmission, preventing re-identification.

   • Local processing: All business data is processed on your local device. No business data is transmitted to Edgehouse servers or external services.

   • Access control: Licence data cached locally is protected by standard operating system file permissions.
     
     

10. Data Breach Notification
    In the event of a confirmed personal data breach that may affect your personal data, Edgehouse will notify you without undue delay, and in no case later than 72 hours after becoming aware of the breach. Notification will include the nature of the breach, likely consequences, and measures taken or proposed to address it.
    
    

11. Your Rights
    Under the GDPR and Swedish law, you have the following rights regarding your personal data:

    • Right of access (Article 15 GDPR) — request a copy of the personal data we hold about you

    • Right to rectification (Article 16 GDPR) — request correction of inaccurate data

    • Right to erasure (Article 17 GDPR) — request deletion of your personal data

    • Right to restriction of processing (Article 18 GDPR) — request that we limit how we use your data

    • Right to data portability (Article 20 GDPR) — receive your data in a structured, machine-readable format

    • Right to withdraw consent (Article 7 GDPR) — where processing is based on consent, withdraw it at any time

    To exercise any of these rights, contact us at legal@edgehouse.io with reasonable proof of identity. We will respond within 30 days.

    You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) or your local supervisory authority.
    
    

12. Children's Privacy
    The Software is designed for business use. We do not knowingly collect personal data from children under the age of 16. If we become aware that we have collected personal data from a child, we will take steps to delete it promptly.
    
    

13. Changes to This Policy
    We may update this Privacy Policy from time to time. Material changes will be communicated at least 30 days in advance, either via email or through the Software, consistent with our EULA. Continued use of our services after notification constitutes acceptance of the revised policy.
    
    

14. Governing Law
    This Privacy Policy is governed by the laws of Sweden, without regard to conflicts of law principles. Any disputes shall be exclusively submitted to the courts of Stockholm, Sweden.
    
    

15. Contact Us
    For any questions about this Privacy Policy, your personal data, or to exercise your rights:

    • Email: legal@edgehouse.io

    • Company: Edgehouse AB, Sweden