Privacy Policy
Last updated: 19.04.2026
This Privacy Policy explains how Niklas Martin Eicker, trading as Oicana (“Oicana,” “we,” “us,” or “our”), collects and processes personal data in connection with our website at https://oicana.com and the purchase of commercial licenses for the Oicana software.
1. Who We Are
Section titled “1. Who We Are”We are the data controller for the processing activities described in this policy.
| Legal name | Niklas Martin Eicker, trading as Oicana |
| Legal form | Eenmanszaak (sole proprietorship) |
| Address | Smidspad 27, 1506 MW Zaandam, the Netherlands |
| support@oicana.com | |
| KVK number | 42036325 |
| BTW-id | NL005445995B24 |
Given the nature and scale of our data processing activities, we are not required to appoint a Data Protection Officer. For any privacy-related inquiries, please contact us at support@oicana.com.
2. What Our Software Does NOT Collect
Section titled “2. What Our Software Does NOT Collect”The Oicana software libraries run entirely within your own infrastructure. The software does not collect, transmit, store, or process any personal data. There is no telemetry, no analytics, no crash reporting, no license verification, and no network calls made by the software to Oicana or any third party.
This Privacy Policy covers only our website and the commercial license purchase process — not the software itself.
3. What Personal Data We Process
Section titled “3. What Personal Data We Process”We process personal data only in the limited situations described below.
3.1 Website Hosting (Server Logs)
Section titled “3.1 Website Hosting (Server Logs)”When you visit our website, our hosting provider Netlify automatically processes server access logs.
| Data | IP address, browser type and version, pages visited, date and time of access, referring URL |
| Purpose | Website delivery, security, and abuse prevention |
| Legal basis | Legitimate interest (Art. 6(1)(f) GDPR) — ensuring the availability and security of our website |
| Retention | Up to 30 days (Netlify’s standard log retention) |
| Recipient | Netlify, Inc. (USA) — see Section 5 |
3.2 Netlify Analytics
Section titled “3.2 Netlify Analytics”We may use Netlify Analytics, a server-side analytics service that processes server logs to provide aggregate website usage statistics. Netlify Analytics does not use cookies, does not run client-side scripts, and does not track individual users across sites.
| Data | Derived from server logs (see Section 3.1): page views, bandwidth, top pages, top sources |
| Purpose | Understanding aggregate website usage to improve our content and service |
| Legal basis | Legitimate interest (Art. 6(1)(f) GDPR) — improving our website based on aggregate usage patterns |
| Retention | Aggregate statistics are retained indefinitely; underlying server logs are retained for up to 30 days |
| Recipient | Netlify, Inc. (USA) — see Section 5 |
3.3 Purchases via Creem
Section titled “3.3 Purchases via Creem”When you purchase a commercial license, the transaction is processed by Armitage Labs OÜ, trading as Creem (“Creem”), registered in Estonia under registry code 16977866 at Telliskivi 57b/1, Tallinn 10412. Creem acts as our merchant of record and as an independent data controller for payment data. Creem collects and processes your payment information (such as credit card details) directly — this information is never shared with or accessible to us.
Creem shares limited data with us for the purpose of license fulfillment:
| Data shared with us by Creem | Name, email address, country, transaction details (product, price, payment status) |
| Purpose | License fulfillment, product support, subscription management, and service communications (e.g., notice of changes to our Terms of Service) |
| Legal basis | Performance of a contract (Art. 6(1)(b) GDPR) — necessary to provide you with the commercial license you purchased |
| Retention | Duration of your subscription plus 7 years thereafter (Dutch tax record-keeping obligation under Art. 52 Algemene wet inzake rijksbelastingen) |
| Recipient | Stored by us; see Section 5 for service providers |
For details on how Creem handles your data, please refer to Creem’s Privacy Policy.
We may only use the buyer data Creem shares with us for order fulfillment, product support, and service communications necessary for the performance of your subscription contract (such as notifying you of changes to our Terms of Service or pricing). We will not use this data for marketing purposes unless you give us separate, explicit consent.
3.4 No Automated Decision-Making
Section titled “3.4 No Automated Decision-Making”We do not engage in automated decision-making or profiling within the meaning of Art. 22 GDPR.
3.5 Support Communications
Section titled “3.5 Support Communications”When you contact us by email for support or other inquiries, we process the data you provide.
| Data | Name, email address, and the content of your communication |
| Purpose | Responding to your inquiry and providing support |
| Legal basis | Performance of a contract (Art. 6(1)(b) GDPR) for existing customers; legitimate interest (Art. 6(1)(f) GDPR) for other inquiries |
| Retention | Duration of the business relationship plus 7 years |
| Recipient | Zoho Corporation Pvt. Ltd. (email hosting) — see Section 5 |
4. Cookies and Similar Technologies
Section titled “4. Cookies and Similar Technologies”4.1 Our Website
Section titled “4.1 Our Website”Our website does not set any first-party cookies. The Starlight documentation framework may store a theme preference (light/dark mode) in your browser’s local storage. This is strictly functional data that remains on your device and is never transmitted to us.
4.2 No Tracking or Advertising Cookies
Section titled “4.2 No Tracking or Advertising Cookies”We do not use any tracking cookies, advertising cookies, or third-party analytics scripts that run in your browser. We do not participate in any advertising networks.
5. Third-Party Service Providers
Section titled “5. Third-Party Service Providers”We use the following third-party service providers who may process personal data on our behalf or as independent controllers:
| Provider | Role | Data processed | Location | Safeguards |
|---|---|---|---|---|
| Netlify, Inc. | Website hosting and server-side analytics | Server logs (IP address, browser data, pages visited) | USA | Netlify DPA; Standard Contractual Clauses |
| Armitage Labs OÜ (Creem) | Merchant of record (independent controller) | Payment and billing data | Estonia (EU) | Independent controller for payment data; see Creem’s Privacy Policy |
| Zoho Corporation Pvt. Ltd. | Email hosting | Email communications | India/EU (we use their EU data centers) | Zoho Privacy; we signed a DPA with Zoho |
| IONOS SE | DNS hosting | DNS query logs (IP addresses) | Germany | EU-based; subject to GDPR |
5.1 Package Registries
Section titled “5.1 Package Registries”Our software is distributed through public package registries including npm, PyPI, crates.io, NuGet, Maven Central, and Packagist. When you download our software from these registries, your interaction is subject to that registry’s own terms and privacy policy. We do not receive personally identifiable information about individual package downloads.
6. International Data Transfers
Section titled “6. International Data Transfers”Some of our service providers are located outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place:
- Netlify (USA): Standard Contractual Clauses (SCCs) as part of Netlify’s Data Processing Agreement
- Zoho (India): Standard Contractual Clauses; EU data center option available
7. Data Retention
Section titled “7. Data Retention”| Data category | Retention period |
|---|---|
| Server logs | Up to 30 days |
| Buyer data from Creem | Duration of subscription + 7 years (tax obligation) |
| Support communications | Duration of business relationship + 7 years |
| Aggregate analytics | Indefinitely (no personal data) |
When the retention period expires, personal data is deleted or anonymized.
8. Your Rights
Section titled “8. Your Rights”Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15) — You may request a copy of the personal data we hold about you.
- Right to rectification (Art. 16) — You may request correction of inaccurate or incomplete personal data.
- Right to erasure (Art. 17) — You may request deletion of your personal data, subject to legal retention obligations.
- Right to restriction of processing (Art. 18) — You may request that we restrict the processing of your personal data in certain circumstances.
- Right to data portability (Art. 20) — You may request to receive your personal data in a structured, commonly used, and machine-readable format.
- Right to object (Art. 21) — You may object to processing based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
- Right to withdraw consent (Art. 7(3)) — Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, please contact us at support@oicana.com. We will respond to your request within one month. If we need more time (up to two additional months for complex requests), we will inform you within the initial one-month period.
If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority:
Autoriteit Persoonsgegevens Postbus 93374 2509 AJ Den Haag https://www.autoriteitpersoonsgegevens.nl
9. Children’s Privacy
Section titled “9. Children’s Privacy”Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us and we will promptly delete it.
10. Changes to This Policy
Section titled “10. Changes to This Policy”We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on our website with a revised “Last updated” date. If you have an active subscription, we will also notify you by email.
11. Contact
Section titled “11. Contact”For any questions or requests regarding this Privacy Policy or the processing of your personal data, please email support@oicana.com. Our full legal identity and postal address are listed in Section 1.