Privacy Policy
Last updated: June 2026
This is an English courtesy translation. In case of doubt, the German version is legally binding.
1. Controller within the meaning of the GDPR
Wienold-IT UG (haftungsbeschränkt)
Ziegelbrennerstraße 29, 31157 Sarstedt, Germany
Represented by: Michael Wienold
E-mail: info@wienold-it.de
2. Principle: D.Code is fully offline
D.Code is a purely offline application. The app requires no account, no registration and no internet connection. The release build does not even hold the android.permission.INTERNET permission. There is no server, no cloud and no synchronisation operated by Wienold-IT. We run no backend for the app and can never access the data you store in it.
3. Data in the D.Code app
All data you manage in D.Code – in particular your 2FA accounts (TOTP/HOTP secrets), scanned and generated codes, the history, "My QR" cards and settings – is stored exclusively locally on your device. Sensitive data is held encrypted in the operating system's hardware-backed secure storage (Android Keystore or iOS Keychain, via flutter_secure_storage).
This data does not leave your device unless you actively export or share it yourself (see section 6). Wienold-IT does not process this data.
4. No tracking, no telemetry
D.Code contains no analytics SDK, no crash reporting (e.g. Sentry), no Firebase and no advertising. No device or advertising identifiers are collected, and no usage statistics are transmitted to us or to third parties.
5. In-app purchases (D.Code Lifetime)
D.Code offers an optional one-time in-app purchase ("D.Code Lifetime"). The purchase is processed exclusively by the respective app store operator (Apple App Store or Google Play) via its system payment function. Wienold-IT receives no payment data; the store merely informs the app whether a valid purchase exists in order to unlock the purchased features. This purchase status is cached locally on the device.
The controller for data processing in connection with the purchase is the respective store operator under its own privacy policy (Apple Inc. or Google Ireland Limited).
6. Export, backup and sharing by the user
D.Code lets you export codes and accounts as an image or document file (PNG/SVG/PDF), as an otpauth:// or migration QR, or as an encrypted vault backup, and share these files via channels of your choice (operating-system share dialog, messengers, third-party cloud storage, e-mail, etc.).
These actions are triggered solely by you. Once data leaves the app through export or sharing, it is outside Wienold-IT's sphere of control. You alone are responsible for the processing, storage and disclosure of such exported data – as well as for any third-party services used in the process. Details are set out in the Terms of Use.
7. Visiting this website
When you visit decode.wienold-it.de for purely informational purposes, we do not process any personal data for analytics or advertising purposes. No cookies, no tracking tools, no analytics services (e.g. Google Analytics), no advertising and no social-media plugins are used.
The website is operated on Wienold-IT's own infrastructure with a server location in the Hanover area, Germany. Data processing takes place exclusively within Germany; no transfer to third countries outside the EU/EEA occurs. On the server side, only briefly retained anonymised server log files (including a shortened IP address, timestamp, page requested) are stored for security and operational purposes. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in security and stability).
All fonts are served locally from our own server. No resources are loaded from third-party servers (in particular no Google Fonts); visiting the website establishes no connection to Google or other external providers.
8. Contacting us by e-mail
If you contact us by e-mail, we process your details solely to handle your request and any subsequent correspondence. Legal basis: Art. 6(1)(f) or (b) GDPR. The data is deleted once it is no longer required and no statutory retention periods prevent deletion.
9. Data subject rights (Art. 15–22 GDPR)
You have the right to access, rectification, erasure, restriction of processing, data portability and objection. Since Wienold-IT stores no personal data for the app, such rights essentially relate to any e-mail correspondence (section 8). You can view, change and delete the data stored in the app yourself at any time within the app.
10. Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority – the competent authority in Lower Saxony being:
Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5, 30159 Hannover, Germany
E-mail: poststelle@lfd.niedersachsen.de
11. Scope
This privacy policy applies to the domain decode.wienold-it.de and to the D.Code app (Android and iOS). The privacy policy of the parent domain wienold-it.de applies in addition.
