* LEGAL

Privacy policy

Last updated: 31 May 2026

1. Who we are

Retro Commander ("the app", "we", "us") is an independent software product operated by Jarno Beumer, based in the Netherlands. We are the data controller for the personal data described in this policy. For any privacy question or to exercise your rights, contact support [at] datucker [dot] nl.

2. What data we collect

  • Account data - your email address and a securely hashed (never plaintext) password.
  • Licence & device data - your licence status and expiry, and a per-device hardware fingerprint plus a device name you choose, used to enforce the device limit.
  • Usage statistics - aggregate counters such as session count, total usage minutes, the number of Commodore files you open, and coarse indicators of Ultimate-64 use (how many files you launch on the device and how many disks you mount). These are operational metrics, not the contents of your files. The app sends a small running tally roughly every two minutes and a final total when you close it. Collection is on by default; it carries no advertising or profiling purpose.
  • Anonymous device sessions - the same usage counters are recorded even when you are not signed in, tied only to a random identifier stored on your machine (not your name, email, or hardware fingerprint). This identifier lets us count distinct installations without identifying you.
  • Security data - a hashed (not raw) form of your IP address and failed-login counts, used to prevent brute-force attacks and licence abuse.

3. Why we process it & legal basis

  • To provide the service (account, licence, device activation) - performance of our contract with you.
  • To prevent fraud and abuse (device limits, rate-limiting, lockouts) - our legitimate interest in protecting the service.
  • To send essential service email (email confirmation, password reset) - performance of our contract.
  • To improve the app via aggregate usage statistics - our legitimate interest, kept to the minimum needed.

4. Who we share it with (processors)

We use a small number of carefully chosen sub-processors. We do not sell your data and do not share it for advertising.

  • Brevo - sends our transactional email (confirmations, receipts, resets).
  • Hetzner - hosts our licence server within the EU.

5. Cookies & tracking

This website uses no advertising or cross-site tracking cookies. The app stores its session locally on your device (a signed licence lease and your sign-in tokens) so it can work offline; this never leaves your machine except to talk to our licence server.

6. How long we keep it

Account and licence records are kept for as long as your account exists and as required by law (e.g. tax records). Security logs and IP hashes are kept only as long as needed for abuse prevention. When you delete your account we erase your personal data except records we are legally required to retain.

7. Your rights (GDPR)

You have the right to access, correct, delete, export, restrict, or object to the processing of your personal data, and to withdraw consent where processing is based on it. To exercise any of these, email support [at] datucker [dot] nl; we respond within 30 days. You also have the right to lodge a complaint with your local data protection authority (in the Netherlands: the Autoriteit Persoonsgegevens).

8. Changes to this policy

We may update this policy as the service evolves. Material changes will be reflected by the "last updated" date above and, where appropriate, announced in the app or by email.