Privacy policy

Last updated: April 2026

1. Data controller

CodeRaft — Geneva, Switzerland

Contact: contact form

2. Data collected

We collect the following data in connection with the provision of our services:

  • Registration: name, email address, organisation name
  • Payment: payment data processed by our provider (Stripe). We do not store your banking details.
  • Licence validation: anonymous machine fingerprint (SHA-256 hash of hostname, OS, architecture and MAC address), validation timestamps, IP address. This data is used solely to prevent licence abuse.
  • Contact: name, email, company, message (via contact form)

3. Purposes of processing

  • Service provision and management (licences, portal access)
  • Customer support
  • Billing and payment
  • Product improvement (anonymised data)

4. Audit data

CodeRaft tools (EntraGuard, Ravenscan, RedFox Bastion) operate 100% on-premise. Audit data and session data from your infrastructure are never transmitted to CodeRaft. Only licence validation requests pass through our servers.

5. Data hosting and international transfers

All personal data is stored in Switzerland (Equinix ZH4 datacenter, Zurich), encrypted at rest (AES-256). We do not transfer personal data outside of Switzerland, except through Cloudflare (US-based CDN) for website delivery, which is covered by the EU-US Data Privacy Framework and Swiss-US Data Privacy Framework.

6. Data sharing

We do not sell or share your personal data with third parties, except for:

  • Payment providers (Stripe) for transaction processing
  • Legal obligations as required by Swiss law

7. Data retention

  • Account data: duration of the business relationship + 1 year
  • Billing data: 10 years (Swiss legal requirement)
  • Contact data: 1 year after the last exchange

8. Your rights

In accordance with the Swiss Federal Act on Data Protection (nFADP), you have the following rights:

  • Right of access — obtain a copy of your data
  • Right to rectification — correct inaccurate data
  • Right to erasure — request deletion of your data
  • Right to data portability — receive your data in a structured format

To exercise your rights, contact us via the contact form.

9. Cookies

This marketing site does not use tracking cookies. Only strictly necessary technical cookies may be used by the customer portal.

10. Governing law

This policy is governed by Swiss law, in particular the Federal Act on Data Protection (nFADP). In the event of a dispute, the courts of Geneva shall have jurisdiction.