Privacy

This page explains how 92 Research ApS processes personal data in connection with SoftFission.

Controller

92 Research ApS

SoftFission is operated by 92 Research ApS, which is the controller for the personal data described on this page.

Scope

Account + workspace

This notice covers account access, project storage, compute-node operations, billing, and related support and security processing.

Contact

[email protected]

Privacy-related questions and requests can be sent to the contact address listed here.

1. Controller and contact details

Identity of the controller responsible for processing personal data for SoftFission.

Controller	92 Research ApS
Address	Skolevej 2, 2820 Gentofte, Denmark
Email	[email protected]
Website	92research.com

SoftFission does not currently identify a separate data protection officer on this page. If that changes later, this notice should be updated.

2. Categories of information processed

Personal data and related technical information processed in connection with SoftFission.

Account information such as name, email address, profile image, provider identifier, and login-related timestamps.

Project files, uploaded inputs, generated outputs, run records, workspace metadata, and user-generated content stored in the platform.

Compute-node, reservation, scheduling, job, storage, and billing-related records needed to operate the service.

Limited technical, operational, and security logs used for reliability, abuse prevention, troubleshooting, and protection of the service.

3. Purposes of processing and legal bases

The GDPR requires the controller to explain both why data is processed and the legal basis for each processing activity.

Purpose	Examples	Legal basis
Account access and authentication	Google sign-in, session handling, account continuity	Performance of a contract or steps requested by the user before entering into a contract
Workspace and compute functionality	Project storage, run history, compute-node provisioning, scheduler-managed jobs	Performance of a contract or steps requested by the user before entering into a contract
Billing and payment operations	Credit purchases, payment records, reservation tracking, refunds of unused reserved credits	Performance of a contract and compliance with legal obligations, including accounting obligations where applicable
Security and reliability	Service logs, fraud prevention, abuse prevention, debugging, infrastructure protection	Legitimate interests in operating, securing, and improving the service
Legal compliance	Required disclosures, bookkeeping, legal claims, regulatory obligations	Compliance with legal obligations and, where relevant, legitimate interests in establishing, exercising, or defending legal claims

Where processing is based on legitimate interests, those interests include maintaining service security, preventing misuse, diagnosing failures, protecting infrastructure, and administering the platform in a reliable way.

4. Recipients and service providers

Categories of recipients that may process personal data on behalf of or in connection with SoftFission.

Authentication

Google is used for sign-in and account identity information associated with the selected login provider.

Payments

Stripe is used for payment-related processing connected with credit purchases.

Infrastructure

Hosting and compute infrastructure providers, including Hetzner, may process data needed to run and secure the service.

Legal disclosures

Information may be disclosed where required by law or where necessary to protect rights, users, or the service.

5. International transfers

Some service providers used in connection with authentication or payments may involve processing outside the European Economic Area.

Where personal data is transferred to a country outside the European Economic Area, SoftFission aims to rely on an adequacy decision or other appropriate safeguards recognised under the GDPR, such as standard contractual clauses where relevant.

More provider-specific information may be available in the privacy documentation of the relevant service provider.

6. Cookies and session technology

SoftFission uses limited browser-side storage only for core service operation.

SoftFission uses essential session cookies to keep users signed in and to protect authenticated account access.

These cookies are used for login, session continuity, and secure access to workspace pages. They are not currently described as advertising cookies.

SoftFission may also store a small browser-side preference indicating that the cookie notice has already been acknowledged.

If analytics or additional optional cookie categories are introduced later, this page and the cookie notice should be updated accordingly.

7. Retention

Different categories of data may be retained for different periods depending on service needs and legal requirements.

Account data	Retained while the account remains active and afterwards only as long as reasonably necessary for security, legal, administrative, or dispute-related purposes.
Project files and run outputs	Retained in the user workspace until deleted by the user, the account is closed, or retention is otherwise required for operational or legal reasons.
Payment and accounting records	May be retained for the period required by applicable accounting, tax, and bookkeeping law.
Technical and security logs	Retained only as long as needed for debugging, security review, abuse prevention, and service reliability.
Backups	Deleted information may persist temporarily in backups or recovery systems before final removal.

8. Your rights

Depending on the circumstances, individuals may have rights under the GDPR in relation to their personal data.

Information and access

You may request information about whether your personal data is processed and request access to that data.

Rectification

You may request correction of inaccurate or incomplete personal data.

Erasure and restriction

In some situations, you may request deletion of personal data or restriction of processing.

Portability and objection

Where applicable, you may request portability of certain personal data or object to processing based on legitimate interests.

Automated decisions

This page does not currently describe decision-making based solely on automated processing producing legal or similarly significant effects.

How to exercise rights

Requests can be sent to [email protected].

You also have the right to lodge a complaint with the competent data protection authority, including the Danish Data Protection Agency (Datatilsynet), if you believe personal data is processed in breach of applicable law.

9. Changes to this notice

This notice may be updated as the SoftFission service and its integrations evolve.

The current SoftFission product is an MVP and may add or change integrations, features, workflows, or providers over time. When privacy-relevant changes are made, this page should be updated accordingly.

Last updated: 2026-03-30