Privacy Policy

This policy explains what personal data we process when you use the Institute of Nix platform, on what legal basis, and the rights you have. It is written to comply with the EU General Data Protection Regulation (GDPR).

Last updated: 5 June 2026.

1. Controller

The controller responsible for the processing of your personal data is:

Applicative Systems GmbH
Steinweg 29a, 38100 Braunschweig, Germany
Email: hello@applicative.systems
Managing Director: Jacek Galowicz

We have not appointed a Data Protection Officer, as we are not legally required to do so. For any privacy matter, please use the contact above.

2. Categories of data we process

  • Account data — your name, email address and, where you sign in via a third-party provider, your profile picture.
  • Authentication data — login identifiers and session information needed to keep you signed in.
  • Purchase and billing data — the products you buy, order and transaction identifiers, and the billing details you enter at checkout. Card numbers are entered directly with our payment provider and are never stored on our servers.
  • Usage data — which courses you are enrolled in, your video viewing progress, and your "continue watching" history, so we can deliver and resume the content you purchased.
  • Training data (for in-person / live trainings only) — if you take part in a training, the SSH public key you provide for access to the lab machines, and, for trainers, slide decks you upload.
  • Communication data — the content of emails or messages you send us, and the transactional emails we send you (e.g. training announcements, surveys, certificates).
  • Technical data — server log data such as IP address, date and time of access, and the requested resource, generated automatically when you access the platform or stream a video.

3. Purposes and legal bases

  • Providing the platform and your account, and delivering the videos and trainings you purchase — performance of a contract with you, Art. 6(1)(b) GDPR.
  • Processing payments and preventing fraud — performance of a contract, Art. 6(1)(b) GDPR, and our legitimate interest in secure payments, Art. 6(1)(f) GDPR.
  • Operating, securing and maintaining the service (e.g. server logs, abuse prevention) — our legitimate interest in a stable and secure service, Art. 6(1)(f) GDPR.
  • Sending service-related emails (e.g. certificates, training logistics, surveys about a training you attended) — performance of a contract and our legitimate interest, Art. 6(1)(b) and (f) GDPR.
  • Privacy-friendly usage statistics — see section 6.
  • Complying with legal obligations, in particular commercial and tax retention duties — Art. 6(1)(c) GDPR.

4. Recipients and processors

We host our own infrastructure and keep your data to ourselves wherever possible. To run the service we rely on the following carefully selected providers, each bound by a data processing agreement where applicable:

  • Hetzner Online GmbH (Germany, EU) — hosting of our servers and database. All core personal data is stored on servers located in Germany.
  • Paddle.com Market Ltd. — our payment provider, acting as the Merchant of Record (reseller) for your purchase. Paddle processes your billing and payment data to take payment, handle taxes and issue your invoice. See Paddle's privacy notice at paddle.com/legal/privacy.
  • BunnyWay d.o.o. (bunny.net) (Slovenia, EU) — content delivery network used to stream the course videos to you; it processes technical data such as your IP address to deliver the video.
  • Brevo (Sendinblue GmbH) — delivery of transactional emails on our behalf.
  • Single sign-on providers — if you choose to log in with Google or GitHub, the respective provider processes your login and shares basic profile data (name, email, picture) with us. This only happens if you actively choose that login method.

We do not sell your personal data. Data is only shared with the above to the extent necessary to operate the service.

5. International transfers

We aim to keep processing within the EU/EEA. Where a provider (for example a single sign-on provider you choose, or aspects of payment processing) processes data outside the EU/EEA, such transfers are safeguarded by an adequacy decision of the European Commission or by EU Standard Contractual Clauses.

6. Cookies and analytics

We only use cookies that are strictly necessary to provide the service: a session cookie to keep you logged in, cookies set by our login system, and cookies set during the Paddle checkout to process your payment securely. These essential cookies do not require your consent.

For aggregate usage statistics we use Matomo, a privacy-friendly web analytics tool that we host ourselves on our own infrastructure in Germany; your usage data is therefore not shared with any third-party analytics provider. We run Matomo in a cookieless configuration with IP-address anonymisation, so it does not store cookies on your device, does not track you across websites and does not build personal profiles. It collects only aggregated, non-identifying information about how the platform is used, on the basis of our legitimate interest in understanding and improving our service (Art. 6(1)(f) GDPR). We do not use advertising or cross-site tracking technologies.

7. Retention

We keep your account and usage data for as long as you maintain an account with us. When you delete your account, we delete or anonymise the associated data, except where we are required to retain certain records (in particular invoicing and accounting data) to comply with statutory retention periods under German commercial and tax law (up to 10 years). Server logs are kept only for a short period for security and troubleshooting and are then deleted.

8. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you (Art. 15);
  • have inaccurate data corrected (Art. 16);
  • have your data erased (Art. 17);
  • restrict processing (Art. 18);
  • receive your data in a portable, machine-readable format (Art. 20);
  • object to processing based on our legitimate interests (Art. 21); and
  • withdraw any consent you have given, with effect for the future, at any time (Art. 7(3)).

To exercise any of these rights, contact us at hello@applicative.systems.

9. Right to lodge a complaint

If you believe our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. The authority competent for us is:

Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5, 30159 Hannover, Germany
lfd.niedersachsen.de

10. Obligation to provide data

Providing account and payment data is necessary to enter into and perform the contract with us. Without it we cannot create your account or give you access to the purchased content. There is no automated decision-making or profiling within the meaning of Art. 22 GDPR.

11. Changes to this policy

We may update this privacy policy to reflect changes to our service or legal requirements. The current version is always available on this page.