Privacy Policy

Effective date: March 11th, 2019

This page describes how we, X41 D-SEC GmbH, process personal data when you use the X41 BeanStack API.

Collected Data and Collection Purposes

If you submit a stack trace to the API, we record your IP address to ensure the stability of the system (through rate limiting). The moment of access is only recoverable in aggregate form, so dynamic IP addresses may not even be traceable to an individual subscriber within an ISP.

If your trace contains classes that are not in our system, we log which classes are missing so that we can make the API more complete.

If you register for an API key, we store your IP address (to prevent anyone from registering an infinite number of API keys) and your email address (to send you the API key). We may contact you about breaking changes to the API or information related to your API key.

In the future, we may also collect the user agent (HTTP header value) from which the API was accessed. For example, if we notice we get a lot of invalid requests, we may check which user agent was used for those requests and contact those using the faulty user agent.

Finally, if you wish to use biometric identification instead of an API key, please check your local legislation in relation to GDPR article 9 paragraph 2 point (a), as well as paragraph 4, before submitting your DNA sequence free of charge.

Storage Term

For API usage, your IP address is stored for as long as the rate limit applies.

Your registration data will be stored indefinitely. If you withdraw consent, it will be deleted along with your API key. If we collect user agent data in an identifiable manner, this will only be to debug issues and the data will be deleted latest when the issue has been resolved.


We use SendGrid, a subsidiary of Twilio, to send you email (currently API keys) without it ending up in a spambox. They established Binding Corporate Rules for internal (between SendGrid and Twilio) transfers of personal information, which have been approved by European Union data Protection Authorities. They additionally comply with the EU-U.S. Privacy Shield Framework. You can view their privacy policy here.

We do not share personal data with any other third party or for any other purpose.

Your Rights

  • You may request to view a copy of your data.
  • You may request a copy of your data in machine-readable form for data portability.
  • You may request to rectify your personal information.
  • You may withdraw any consent given at any time.
  • You may ask that we erase your data, even where we did not need your consent to process it.
  • You may lodge a complaint with a supervisory authority. This Wikipedia page may help you in finding the right authority.
  • You have the right not to be subject to automated decision-making including profiling, but we do not do that in the first place.


If we expand this policy and need to seek your consent, you will receive an email. The new policy only comes into effect when you agreed to it (opt-in).


To unsubscribe, exercise any of your rights, or if you have any questions, please find our contact info at