Skip to content
ALTCHA ALTCHA ALTCHA

Data Processing & Privacy Position (GDPR)

ALTCHA (operated by BAU Software s.r.o.) does not process customer data.

When the software is self-hosted (on-premises or private cloud), all data remains entirely within the customer’s infrastructure. During normal operation:

  • No personal data is transferred to our servers or other services
  • We do not receive or access logs, telemetry, analytics, or backups.
  • We do not have visibility into any data processed by the customer.

Under the GDPR:

  • The customer is the Data Controller — they determine how personal data is processed.
  • ALTCHA (operated by BAU Software s.r.o.) is not a Data Processor, because we do not process any personal data on behalf of the customer.

Therefore, a Data Processing Agreement (DPA) is not legally required (GDPR Art. 4 & 28).

For customers who need documentation for internal compliance purposes, we provide a “No-Processing DPA Statement”, confirming that:

  • The product is fully self-hosted.
  • No personal data is transferred to us.
  • No processing relationship is created.

For managed deployments, or if temporary access is ever requested (for example, during support or troubleshooting), a separate agreement will be executed defining access scope and security controls.

Documents