Version 2026-07-09 · Effective 2026-07-09
The controller responsible for the processing of personal data described in this Privacy Policy (within the meaning of Art. 4(7) GDPR) is Dici GmbH, [Street, Postal Code, City], Germany. Email: [privacy@dici.cc / •].
This Privacy Policy explains how Dici GmbH ("Dici," "we") processes personal data when you register for and use the Dici platform (the "Service"), including our website. It does not cover the practices of third-party sites linked from the Service.
We process your email address (stored encrypted at rest, with a separate cryptographic lookup value that lets us find your account without storing your email in plain text), passkey (WebAuthn) public key credentials (your private key never leaves your device), one-time email verification codes (cached temporarily, currently five minutes, and deleted after use or expiry), and session tokens stored as cookies to keep you signed in.
Legal basis: performance of a contract (Art. 6(1)(b) GDPR); security of the Service is pursued as a legitimate interest (Art. 6(1)(f) GDPR).
When you register, we record that you accepted our Terms and this Privacy Policy, together with the version accepted, the date and time, and (where available) the IP address from which consent was given.
Legal basis: compliance with our legal obligation to demonstrate valid contract formation and consent (Art. 6(1)(c) GDPR, in conjunction with our accountability obligations under Art. 5(2) and Art. 7(1) GDPR).
Based on your email domain, your Account may be associated with an Organization shared with colleagues who register with the same domain, so that product and questionnaire data can be shared within your organization.
Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
Data you or your organization input into the Service, including questionnaire answers, generated Assessments, product/component/material data, and uploaded documents.
Legal basis: performance of a contract (Art. 6(1)(b) GDPR). Where such Content includes personal data of third parties provided by you (e.g., supply-chain contacts), you act as controller for that data and we act as your processor under a separate Data Processing Agreement.
IP address, device/browser information, and timestamps, collected as part of normal operation of the Service (e.g., request logs, security monitoring, and the consent records described in § 3.2).
Legal basis: legitimate interest in operating and securing the Service (Art. 6(1)(f) GDPR).
We use a small number of strictly necessary cookies to operate the Service (authentication session tokens and a WebAuthn challenge cookie). These are essential for the Service to function and are not used for advertising or cross-site tracking. Because they are strictly necessary, they do not require consent under applicable e-privacy rules, but we describe them here for transparency.
We share personal data with the following categories of recipients, each bound by a data processing agreement where required by Art. 28 GDPR. We do not sell personal data.
Where a sub-processor listed in § 5 is located outside the European Economic Area (in particular, U.S.-based providers), we rely on an adequacy decision or Standard Contractual Clauses (Art. 46 GDPR), together with supplementary measures where applicable, to ensure an adequate level of protection.
We retain personal data only for as long as necessary for the purposes described above.
Subject to the conditions set out in the GDPR, you have the right to:
We apply technical and organizational measures appropriate to the risk, including encryption of stored account data, phishing-resistant passkey authentication, and transport encryption (TLS) for data in transit. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
The Service is intended for business use and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children.
We may update this Privacy Policy from time to time, in particular to reflect changes in the Service or legal requirements. We will indicate the effective date of the current version at the top of this page and, for material changes, provide notice as described in our Terms.
Dici GmbH, [Street, Postal Code, City], Germany. Email: [privacy@dici.cc / •].