• We use cookies to make your experience on this website better (More Information).

    PatchKit Privacy Policy

    This Privacy Policy applies to the services and websites related to the PatchKit platform.

    Effective date: 30 April 2026

    1. Data Controller and Contact

    The controller of personal data processed in connection with the use of PatchKit services is:

    Upsoft sp. z o.o. Al. Marcina Kromera 51A 51-163 Wrocław Poland

    Contact for matters relating to the protection of personal data: contact@patchkit.net

    PatchKit is a service developed, maintained, and provided by Upsoft sp. z o.o. The platform enables software developers and publishers to distribute, update (patch), host, and manage versions of applications and games using cloud infrastructure.

    Depending on the nature of the use of the service, Upsoft may process personal data:

    Upsoft’s role with respect to the processing of personal data depends on the nature of the services provided and the relationship with the customer using PatchKit, and is described in Section 2 of this Privacy Policy.

    2. Roles in the Processing of Personal Data

    When using the PatchKit service, Upsoft may act both as a controller of personal data and as a processor of personal data. Upsoft’s role depends on the nature of the services provided, the type of data processed, and the way customers use the platform.

    2.1 Upsoft as Controller

    Upsoft acts as the controller of personal data in particular with respect to:

    In such cases, Upsoft independently determines the purposes and means of processing personal data.

    2.2 Upsoft as Processor

    Upsoft may also process personal data on behalf of customers using the PatchKit service. This applies in particular to data of end users of applications or games distributed through PatchKit, and to data processed as part of services related to the publication, hosting, updating, and distribution of software.

    In such cases:

    Where personal data is processed on behalf of customers, Upsoft uses data processing agreements (DPAs) or appropriate contractual provisions compliant with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

    3. What Personal Data We Process

    The scope of personal data processed depends on the way the PatchKit services are used, the features utilized, and the relationship between Upsoft and the customer using the service.

    3.1 User and Customer Data

    In connection with the use of PatchKit services, Upsoft may process:

    3.2 End User Data

    As part of the services provided by PatchKit, technical data relating to end users of applications or games distributed through the platform may be processed. Depending on the service configuration and the way it is integrated with the application, the data may include in particular:

    The scope of data transmitted depends on the service configuration, the way the application is integrated with PatchKit, and the data made available by the customer using the service.

    3.3 Technical and Security Data

    To ensure the security and proper operation of PatchKit services, Upsoft may process:

    Technical data may also include information about the configuration of the user’s environment, used to ensure the proper operation of the distribution, update, and diagnostic processes.

    3.4 Payment and Billing Data

    Upsoft may process data necessary to handle payments and billing, in particular:

    Payment card data is processed directly by payment operators. Upsoft does not store full payment card details.

    3.5 Data Processed Through Integrations and External Services

    Depending on the service configuration and the integrations used by customers, PatchKit may process data originating from external services, such as:

    The scope of data processed depends on the service configuration and the integrations used by PatchKit customers.

    Personal data is processed only to the extent necessary to operate and develop the PatchKit service, support users, ensure security, and fulfill legal obligations.

    Data may be processed in particular for the purpose of:

    Technical data related to the operation of applications and their distribution process may also be used to:

    The legal basis for processing personal data may be, in particular:

    Where Upsoft processes personal data as a processor on behalf of customers using PatchKit, the data is processed solely in accordance with the documented instructions of the controller, the agreement concluded, and applicable law.

    5. Data Sharing and Processors

    Personal data may be shared only to the extent necessary to provide the services, ensure security, fulfill legal obligations, or operate the features used by PatchKit.

    Depending on the way the service is used, data may be shared with:

    Upsoft uses only providers that ensure an appropriate level of personal data security, and applies organizational and technical measures to protect the data.

    Where providers process personal data on behalf of Upsoft or of customers using PatchKit, processing is carried out on the basis of:

    Personal data may also be disclosed to competent public authorities, law enforcement agencies, courts, or other entities authorized to receive it, where such an obligation arises from the law or a legally binding request.

    Detailed information regarding providers, services, and data transfers is maintained in the organization’s security documentation and registers.

    6. Transfers Outside the European Economic Area (EEA)

    In connection with the use of cloud services, SaaS services, Content Delivery Networks (CDNs), analytics tools, integrations, and third-party services, personal data may be transferred outside the European Economic Area (EEA).

    Upsoft seeks to store personal data in infrastructure located within the EEA; however, some services or providers used within PatchKit may carry out data processing outside the EEA, in particular in the United States.

    Where data is transferred outside the EEA, Upsoft applies appropriate data protection mechanisms in accordance with the requirements of the GDPR, in particular:

    Data transfers may relate in particular to:

    Upsoft applies a risk-based approach and minimizes the scope of data transferred to external services.

    7. Security of Personal Data

    Upsoft applies organizational and technical measures to protect personal data and ensure the security of PatchKit services. In particular, the following are applied:

    Data is stored in secured cloud environments, including:

    Access to personal data is granted only to authorized persons, and only to the extent necessary to perform their duties or provide the services.

    Administrative access to customer data, organizations, and PatchKit environments is limited to situations requiring:

    Access to data processed as part of customer services is carried out solely to the extent necessary to resolve the reported issue, provide technical support, or ensure the security of services, and in accordance with the access configuration, the support request, or the permissions granted by the account or organization owner.

    Upsoft carries out activities aimed at:

    8. Data Retention Period

    Personal data is stored only for the period necessary to:

    The data retention period depends on the type of data, the nature of the service, legal requirements, information security requirements, and legitimate business needs.

    Data related to user accounts, service configuration, application publication, the distribution process, version history, technical logs, and other information processed as part of PatchKit services may be stored for the duration of the use of the service, unless the customer or user deletes the data earlier or requests its deletion in accordance with applicable law.

    Where Upsoft processes personal data solely as a processor on behalf of a customer using PatchKit services, the data retention period is determined by the controller in accordance with the agreement concluded and applicable law.

    After the retention period ends, data is deleted or anonymized in accordance with applicable legal requirements and information security principles.

    Specific retention periods are determined based on applicable legal and business requirements and the information security principles applied by Upsoft.

    9. User Rights

    Persons whose personal data is processed have the rights set out in Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), in particular the right to:

    Requests regarding the exercise of these rights can be sent to the contact address: contact@patchkit.net

    Upsoft may verify the identity of the person submitting a request before fulfilling it, to the extent necessary to ensure the security of personal data and protect the rights and freedoms of others.

    Where Upsoft processes personal data solely as a processor on behalf of a customer using PatchKit services, the exercise of data subject rights takes place in cooperation with the controller, in accordance with applicable law and the provisions of the agreements concluded.

    10. Cookies and Analytics Technologies

    PatchKit uses cookies and similar technologies in order to:

    As part of PatchKit services, the following may be used:

    PatchKit may use analytics and monitoring tools, in particular:

    Analytics tools are used solely for the purpose of:

    Users can manage cookie settings using:

    To the extent required by law, the use of analytics cookies or similar technologies may require the user’s consent.

    11. Children’s Data

    PatchKit is not a service intended for independent use by children below the age required by applicable law on the use of digital services.

    Upsoft does not direct its services to children and does not knowingly process children’s personal data without an appropriate legal basis or the consent required by law.

    PatchKit is a platform used by software developers, publishers, and providers to distribute, update, and manage applications and games. Where applications or games made available through PatchKit are intended for children or may be used by children, the customer using the service is responsible for ensuring that the user acquisition process and the processing of personal data comply with the requirements of applicable law.

    If Upsoft becomes aware of the unauthorized processing of a child’s personal data, it may take action to restrict processing, anonymize, or delete the data.

    12. Changes to the Privacy Policy

    Upsoft may update this Privacy Policy in the event of:

    The current version of the Privacy Policy is published within the services and on the websites related to PatchKit.

    In the event of significant changes, users may be informed of the changes via a notice in the service, by electronic means, or through other appropriate communication channels.

    The date indicated at the beginning of this Privacy Policy specifies the effective date of its current version.