This Privacy Policy explains what personal data KoinCad ("we", "us") collects when you use our web application, why we collect it, and the rights you have over it. KoinCad is operated by Civ. Eng. Panagiotis Koinis (Greece).
| Data | Why | Required? |
|---|---|---|
| Username | Identifies your account at login | Required |
| Email address | Account verification, support, security notices | Required |
| Password (hashed) | Authentication โ stored as a one-way bcrypt hash, never in readable form | Required |
| Full name | Addressed correspondence, invoices | Optional |
| Address | Billing/invoicing where applicable | Optional |
| Activation code | Links a payment to your account | Required to activate access |
Your drawings are stored only in your own browser (localStorage), not on our servers. We do not see or store what you draw.
The app stores a short-lived login token and your drawing in your browser's localStorage. This data never leaves your device except for the explicit API calls you make (drawing exports, calculations), which require your authenticated session.
Payments are handled by our merchant-of-record provider. We never receive or store your full card number or banking details โ those go directly to the payment processor under their own compliance (PCI-DSS). We retain only the record that a payment occurred and the activation code it generated.
Under the EU General Data Protection Regulation (Regulation 2016/679) and Greek Law 4624/2019, we process your data on the following bases:
To exercise any right, email privacy@koincad.com. We respond within 30 days.
We keep your account data for as long as your account is active. Inactive accounts and their associated data are deleted after 24 months of inactivity, unless retention is required by law (e.g. tax records, retained per Greek tax law).
Passwords are bcrypt-hashed. All traffic is served over HTTPS. Access to the application is token-gated. The calculation, export, and scripting engines run server-side and are never exposed to the browser. No method of transmission or storage is fully secure, but we apply measures appropriate to the sensitivity of the data.
We may update this policy. Material changes will be notified by email or in-app. Continued use after a change constitutes acceptance.