Back to search

Privacy notice

Last updated: 2026-03-21

This Privacy Notice explains how versionPing processes personal data when you use the website and when you subscribe to email notifications about software releases and optional CVE alerts.

1. Controller

The controller responsible for data processing on this website is:

Alexander Fischer
trading as versionPing
Benediktenwandstr. 8a
85221 Dachau
Germany

Email: hello@versionping.app

Business designation:
Fischer-Netz IT-Dienstleistungen

2. About versionPing

versionPing provides publicly accessible information about software products, versions, release history, release trains, and selected vulnerability information. Users can subscribe by email to receive notifications about new releases for selected products and, if chosen, alerts for newly identified high and critical vulnerabilities.

3. Categories of personal data we process

Depending on how you use the service, we may process the following data:

  • email address
  • selected products for subscription
  • subscription preferences, including whether CVE alerts are enabled
  • double opt-in token and token-related verification data
  • confirmation status of the subscription
  • IP address
  • timestamps relating to subscription, confirmation, changes, and unsubscription
  • server access logs, including IP address, user agent, requested URL, date and time
  • limited audit log data relating to subscription events and administrative processing
  • technical email delivery data where necessary to operate the service securely and reliably

4. Purposes and legal bases of processing

a) Website delivery and security

When you access the website, we process server log data to provide the website, ensure stability and security, detect misuse, and defend against attacks.
Legal basis: Article 6(1)(f) GDPR.

b) Processing subscription requests

When you submit your email address and select products and notification options, we process your data to handle your subscription request and store your preferences.
Legal basis: Article 6(1)(b) GDPR and Article 6(1)(f) GDPR.

c) Double opt-in verification

We use a double opt-in process to verify that the owner of the email address requested the subscription. For this purpose, we process the confirmation token, IP address, timestamps, and related subscription metadata.
Legal basis: Article 6(1)(c) GDPR where documentation is required by law, and Article 6(1)(f) GDPR for accountability, abuse prevention, and legal defense.

d) Sending release notifications and optional CVE alerts

Once the subscription has been confirmed, we send the selected notifications.
Legal basis: Article 6(1)(a) GDPR.

e) Audit logging and abuse prevention

We maintain limited audit logs to investigate misuse, protect the integrity of the service, and administer subscriptions securely.
Legal basis: Article 6(1)(f) GDPR.

5. Double opt-in

Subscriptions are activated only after confirmation through a double opt-in process. For evidentiary and security purposes, we store the email address, selected subscription settings, token-related confirmation data, IP address, and timestamps connected to the subscription and confirmation process.

6. Recipients of data

We do not expose, sell or analyze personal data.

Personal data may be disclosed only where necessary to:

  • hosting and infrastructure providers acting on our instructions
  • technical service providers strictly required for operation or security
  • email delivery providers, if such a provider is used in the future. (Currently we're running our own email delivery system)
  • authorities or courts where there is a legal obligation

Where processors are used, they are engaged under applicable data processing agreements.

7. International data transfers

We aim to process personal data within the European Union or the European Economic Area.

If personal data is transferred to a country outside the EU/EEA, this will only take place in compliance with applicable data protection law, for example on the basis of an adequacy decision or appropriate safeguards.

8. Retention periods

We retain personal data only for as long as necessary for the relevant purpose.

In particular:

  • active subscription data is stored for as long as the subscription remains active
  • data related to the double opt-in process may be retained for as long as needed to demonstrate consent, prevent abuse, and defend legal claims
  • audit logs are stored for 14 days and then deleted
  • server access logs are stored for 14 days, unless longer retention is required for investigating a concrete security incident
  • after unsubscription, we may retain limited records where necessary to document the prior subscription, handle legal claims, or prevent abuse

9. No cookies / no tracking

versionPing does not use cookies for analytics, advertising, profiling, or cross-site tracking.

At present, versionPing does not use analytics tools or advertising technologies.

If technically necessary storage mechanisms or additional third-party services are introduced in the future, this Privacy Notice will be updated accordingly.

10. No automated decision-making

We do not use personal data for automated decision-making within the meaning of Article 22 GDPR.

11. Your rights

Subject to the applicable legal requirements, you have the right to:

  • request access to your personal data
  • request rectification of inaccurate personal data
  • request erasure of your personal data
  • request restriction of processing
  • object to processing based on Article 6(1)(f) GDPR
  • withdraw consent at any time with effect for the future
  • receive your data in a portable format, where applicable
  • lodge a complaint with a competent data protection supervisory authority

12. Withdrawal / unsubscribe

You can unsubscribe from release notifications and CVE alerts at any time with effect for the future. Each notification email contains an easy way to unsubscribe or manage your preferences. You may also contact us by email.

13. Obligation to provide data

Providing your email address and selected subscription preferences is voluntary. However, without this data we cannot provide the notification service.

Server log data is technically necessary to deliver the website securely.

14. Contact regarding privacy

If you have questions about privacy or want to exercise your rights, please contact us. You can find the contact details at the top.