Privacy Policy
Last updated: April 2026 · Version 2.0
This policy applies to all services provided by Sky-Tech (operated via skytech24.de), including our live device bypass service, diagnostics, and subscription platform. It complies with the EU General Data Protection Regulation (GDPR – Regulation 2016/679), the UK Data Protection Act 2018 (UK GDPR), the German Bundesdatenschutzgesetz (BDSG), and where applicable the California Consumer Privacy Act (CCPA) and other international data protection laws.
1. Data Controller
The data controller responsible for your personal data is:
For data protection enquiries, contact us at privacy@skytech24.de. We will respond within 30 days as required by GDPR Article 12.
2. Data We Collect and Why
We only collect data that is strictly necessary for providing our services. The table below sets out each category, the legal basis under GDPR, and the retention period.
| Category | Data collected | Purpose | GDPR basis | Retention |
|---|---|---|---|---|
| Account | Name, email, password (hashed) | Create and manage your account | Art. 6(1)(b) — contract | Account lifetime + 3 years |
| Service request | IMEI/serial, device model, locked account email, issue notes, ownership declaration | Verify ownership; provide bypass service | Art. 6(1)(b) — contract; Art. 6(1)(f) — legitimate interest (fraud prevention) | 12 months post-session |
| Session chat | Messages exchanged during live session | Deliver the live bypass service; dispute resolution | Art. 6(1)(b) — contract | 90 days post-session |
| Payment | Subscription plan, payment status, Stripe/PayPal customer ID | Process and record payments | Art. 6(1)(b) — contract; Art. 6(1)(c) — legal obligation (accounting) | 10 years (German §147 AO, §257 HGB) |
| Technical logs | IP address (anonymised after 7 days), browser type, session tokens | Security, fraud prevention, error diagnostics | Art. 6(1)(f) — legitimate interest | 30 days |
| Communication | Contact form messages, support emails | Respond to enquiries | Art. 6(1)(b) — pre-contract; Art. 6(1)(f) — legitimate interest | 2 years |
We do not store full payment card numbers. Card processing is handled entirely by Stripe (PCI DSS Level 1 certified) and PayPal. We only store a token/customer reference.
3. Special Category Data
We do not intentionally collect special category data (health, biometrics, political opinions, etc.) as defined in GDPR Article 9. Device IMEI and account email addresses provided during bypass sessions are treated as confidential technical identifiers, not special category data. If you believe you have submitted such data inadvertently, contact us immediately for erasure.
4. How We Use Automated Decision-Making
Our credential verification process involves a human technician (admin) reviewing your submitted credentials — it is not automated. No decisions that produce legal or significant effects on you are made solely by automated means (GDPR Article 22).
5. Third-Party Processors
We engage the following third-party processors under GDPR-compliant Data Processing Agreements (Art. 28):
- Stripe, Inc. — Payment processing (PCI DSS L1). Privacy: stripe.com/privacy
- PayPal Holdings, Inc. — Payment processing. Privacy: paypal.com/privacy
- STRATO / KAS Hosting — Web hosting in Germany (EU data centre). Subject to German DSGVO.
- Email provider — Transactional email delivery (session confirmations, receipts).
We do not sell, rent, or trade your personal data with third parties for marketing purposes.
6. International Transfers
Our primary servers are located in Germany (EU/EEA). When data is processed by Stripe or PayPal in the United States, transfers are protected by the EU–US Data Privacy Framework (adequacy decision, July 2023) and/or Standard Contractual Clauses (SCCs) per GDPR Articles 46 and 49. UK users: transfers are protected under equivalent UK International Data Transfer Agreements (IDTAs).
7. Your Rights Under GDPR / UK GDPR
You have the following rights. To exercise any of them, email privacy@skytech24.de. We will respond within 30 days.
- Right of access (Art. 15) — obtain a copy of all personal data we hold about you
- Right to rectification (Art. 16) — correct inaccurate data
- Right to erasure ("right to be forgotten") (Art. 17) — request deletion, subject to legal retention obligations
- Right to restriction (Art. 18) — limit how we process your data
- Right to data portability (Art. 20) — receive your data in machine-readable format
- Right to object (Art. 21) — object to processing based on legitimate interests
- Right to withdraw consent — where processing is based on consent, withdraw at any time without affecting prior lawful processing
- Right to lodge a complaint — with your supervisory authority. In Germany: BfDI (bfdi.bund.de). In the UK: ICO (ico.org.uk).
8. California Residents (CCPA / CPRA)
If you reside in California, you have the right to: (a) know what personal information is collected, (b) request deletion, (c) opt out of the sale of personal information (we do not sell personal information), and (d) non-discrimination for exercising these rights. To exercise your rights, email privacy@skytech24.de with subject "CCPA Request".
9. Data Security
We implement appropriate technical and organisational measures (GDPR Art. 32) including: TLS/HTTPS encryption in transit, hashed passwords (bcrypt), database access controls, session token authentication, CSRF protection on all forms, and regular security reviews. In the event of a data breach affecting your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay.
10. Children's Privacy
Our services are intended for individuals aged 18 and over. We do not knowingly collect data from anyone under 18. If you are aware of a minor who has submitted data, contact us immediately and we will delete it. This policy is consistent with the EU Age Appropriate Design Code and COPPA (US).
11. Cookies
We use strictly necessary cookies (session management and CSRF protection) which do not require consent. Optional analytics cookies are only set with your explicit consent. See our Cookie Policy for full details.
12. Changes to This Policy
We may update this policy to reflect changes in law or our practices. Material changes will be notified by email to registered users and a notice on this page. The "last updated" date at the top indicates when changes were last made. Continued use of our services after the effective date constitutes acceptance of the revised policy.
13. Contact & Complaints
For any data protection concerns: privacy@skytech24.de. If you are not satisfied with our response, you have the right to complain to your local supervisory authority:
- Germany / EU: Bundesbeauftragter für den Datenschutz (BfDI)
- UK: Information Commissioner's Office (ICO)
- USA (FTC): Federal Trade Commission
- Other EU countries: contact your national Data Protection Authority listed at edpb.europa.eu