Privacy Policy

Information pursuant to Articles 13 and 14 of the General Data Protection Regulation (EU) 2016/679

Last updated: 9 July 2026

Introduction

This policy explains what personal data we process when you use the SiliconRig service at siliconrig.dev and the associated API, why we process it, on what legal basis, who receives it, and what rights you have. SiliconRig provides remote access to microcontroller development hardware.

Controller

RAWS Consulting e.U.
Dipl.-Ing. Armin Steinhauser, PhD
Koglerweg 64
4040 Linz, Austria
Email: contact@raws.at
Phone: +43 (0) 681 812 112 83

What We Process, Why, and on What Legal Basis

Account data

When you register we store your email address, a securely hashed password, and account metadata (account identifier, subscription tier, credit balance, verification status, creation and last-activity timestamps). Purpose: creating and operating your account. Legal basis: performance of a contract (Article 6(1)(b) GDPR).

Usage and session data

When you use the service we store records of your hardware sessions (which board, session state, start and end times, credits consumed) and related events. Purpose: providing the service, accounting for usage, and operational diagnostics. Legal basis: performance of a contract (Article 6(1)(b) GDPR).

Payment data

When you purchase credits we store a payment record (amount, credits, status, and the payment-processor session identifier). Card details are entered directly with our payment processor (see Recipients) and are not received or stored by us. Purpose: processing payments and meeting bookkeeping obligations. Legal basis: performance of a contract (Article 6(1)(b)) and compliance with a legal obligation under Austrian tax and commercial law (Article 6(1)(c)).

Email verification and transactional email

We send a verification link and service-related messages to your email address. Legal basis: performance of a contract (Article 6(1)(b) GDPR).

IP addresses and server logs

We temporarily process the IP address of requests to protect the service against abuse (for example, rate limiting of sign-up and login attempts). These addresses are held only briefly in memory and are not stored permanently for this purpose. Legal basis: our legitimate interest in the security and integrity of the service (Article 6(1)(f) GDPR).

Recipients and Processors

We use the following service providers, who process data on our behalf or as independent controllers for the stated purpose:

  • Stripe — payment processing. Your email address and the payment metadata are transmitted to Stripe; card data is entered directly with Stripe. Stripe processes data in the EU and may transfer data to the United States; such transfers are covered by the EU Standard Contractual Clauses and Stripe's certification under the EU–US Data Privacy Framework.
  • Our email provider — delivery of verification and service emails (your email address and message content).
  • Our hosting provider — operation of the servers on which the service runs, within the EU.

We do not sell your personal data and do not use it for advertising.

Retention

We keep account, usage, and session data for as long as your account exists. When you delete your account, we delete or anonymise this data, except where we are legally required to retain it. Payment and invoicing records are retained for seven years to meet Austrian bookkeeping obligations (Section 132 BAO). Backups are retained for a limited period and then overwritten.

Cookies

The application sets a single, strictly necessary session cookie to keep you logged in after authentication. It contains a signed session token, is restricted to this site, and expires after 24 hours or when you log out. This cookie is required to provide the service and therefore does not require consent. We do not use tracking, advertising, or analytics cookies.

Web Analytics

To understand how our website is used and to improve it, we use Umami — a privacy-friendly, self-hosted web-analytics tool. It records aggregate statistics only (such as which pages are visited, referring sources, and approximate country, browser, and device type). Umami runs on our own server within the EU. It is cookieless by design: no cookies are set, no cross-site or persistent identifiers are created, and no profile of you is built. Your IP address is used only transiently to derive these aggregate statistics and is not stored, and no data is shared with third parties. Legal basis: our legitimate interest in measuring and improving our website (Article 6(1)(f) GDPR). You may object to this processing at any time (Article 21 GDPR).

Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of access to your personal data (Article 15)
  • Right to rectification of inaccurate data (Article 16)
  • Right to erasure (Article 17)
  • Right to restriction of processing (Article 18)
  • Right to data portability (Article 20)
  • Right to object to processing based on legitimate interest (Article 21)
  • Right not to be subject to a decision based solely on automated processing (Article 22)

To exercise any of these rights, contact contact@raws.at. You also have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde): https://www.dsb.gv.at.

Data Security

We apply appropriate technical and organisational measures, including TLS encryption for data in transit and hashing of passwords and API keys, in line with Article 25(1) and Article 32 GDPR.

Changes to This Policy

We may update this policy as the service evolves. The current version, with its date, is always available at this address.

Contact

For any question about this policy or your personal data, contact us at contact@raws.at.