Battleship OS Privacy Policy

Last updated: March 2026

This Privacy Policy describes how Battleship OS ("we", "us", or "our") collects, uses, and protects your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

1. Data Controller

The data controller responsible for your personal data is:

Note: Business entity details will be finalized prior to commercial launch.

2. What Data We Collect

We collect and process the following categories of personal data:

Data Type	Description	Purpose
Email Address	Provided at purchase	License delivery and account access
Hardware Fingerprint	SHA-256 hash of CPU, RAM, and disk attributes	License binding to your hardware
Payment Information	Processed by Stripe (we do not store card details)	Payment processing
Transaction IDs	Stripe payment and session identifiers	Audit trail and financial records
License Activation Timestamps	Date and time of license activations	License enforcement and support
Transfer History	Records of hardware transfer requests	License management and fraud prevention

Important Note on Hardware Fingerprints

The hardware fingerprint is a one-way cryptographic hash (SHA-256). It cannot be reversed to identify your specific hardware components. We use it solely to verify that a license is being used on authorized hardware.

3. Lawful Basis for Processing

Under GDPR Article 6(1), we process your data based on the following lawful bases:

• Contract Performance (Art. 6(1)(b)): Email address and hardware hash are necessary to deliver and activate the software license you purchased.
• Legal Obligation (Art. 6(1)(c)): Transaction IDs and financial records are retained to comply with tax and accounting laws.
• Legitimate Interest (Art. 6(1)(f)): Activation timestamps and transfer history support license enforcement and fraud prevention, which are necessary to protect our business interests and the integrity of the licensing system.

4. Third-Party Data Processors

We share your data with the following third-party processors, all of which are GDPR-compliant:

Stripe (Payment Processing)

Stripe, Inc. processes all payment transactions. We do not store credit card information on our servers. Stripe's privacy policy: stripe.com/privacy

SendGrid/Twilio (Email Delivery)

Twilio SendGrid delivers license keys and account-related emails. Privacy policy: twilio.com/legal/privacy

VPS Provider (Hosting)

Our license server and database are hosted on [VPS Provider Name]. The provider has access to server infrastructure but does not access customer data. Details will be specified upon deployment.

5. Data Retention

We retain your data for the following periods:

• License Records: Retained for the lifetime of your license. If you request deletion, your license will be terminated.
• Financial Records: Retained for 7 years from the date of purchase to comply with tax and accounting legal obligations.
• Grace Period Tokens: Deleted automatically after expiry (30 days from license creation).
• Email Address: Retained as long as you have an active license. You may request deletion, which will terminate your license.

6. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access (Art. 15): Request a copy of the personal data we hold about you.
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Right to Erasure (Art. 17): Request deletion of your data. Note that this will terminate your license and may prevent us from fulfilling legal obligations for financial records.
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to Object (Art. 21): Object to processing based on legitimate interests.
• Right to Restriction (Art. 18): Request restriction of processing under certain circumstances.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your national data protection supervisory authority.

To exercise any of these rights, contact us at privacy@battleshipos.com. We will respond within 30 days.

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in Transit: All data transmitted between your system and our servers uses HTTPS/TLS encryption.
• Database Security: Access to the license database is restricted to authorized systems only. Database credentials are stored securely and never committed to version control.
• Hardware Fingerprint Hashing: Hardware attributes are hashed using SHA-256 before transmission and storage, making them irreversible.
• Access Controls: Server access is restricted via SSH key authentication with password login disabled.
• Regular Updates: Server software is kept up-to-date with security patches.

8. International Data Transfers

Your data may be processed and stored in [Country — to be determined based on VPS provider selection]. If data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all third-party processors
• Adequacy decisions where applicable

9. Cookies and Tracking

We do not use tracking cookies, analytics, or advertising pixels on our website. Stripe may set session cookies on their checkout page, which are governed by Stripe's privacy policy.

10. Children's Privacy

Battleship OS is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced on this page with an updated "Last updated" date. We encourage you to review this policy periodically. Continued use of Battleship OS after changes constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact: