Privacy Policy

Effective date: 3 May 2026.

This Privacy Policy explains how Armbian d.o.o. ("Armbian", "we", "us") collects, uses and shares personal data when you visit www.armbian.com or interact with us through our forms. We process personal data in accordance with the EU General Data Protection Regulation (GDPR).

1. Data controller

Armbian d.o.o., registered in Slovenia (VAT SI38201194). For privacy questions or to exercise your rights, contact info@armbian.com.

2. What we collect and why

2.1 Information you provide via forms

When you submit the contact form (/contact) we collect your first name, last name, company name, email address and the content of your message. When you submit the maintainer update form (/update-data) we additionally collect: forum username, GitHub URL, list of maintained hardware, areas of expertise, payment email (PayPal), phone number and postal address.

Legal basis: Article 6(1)(b) GDPR (steps prior to a contract / contractual performance) for business inquiries; Article 6(1)(f) GDPR (legitimate interest in maintaining a contributor directory) for the maintainer form.

2.2 Server logs

Our reverse proxy (Caddy) and API (Fastify) log the requesting IP address, user agent, requested URL, HTTP status and response time to standard output, captured by the container runtime. We do not deliberately persist these logs beyond what is operationally needed for debugging and abuse mitigation; effective retention is determined by the host operating system and the lifetime of the container.

Legal basis: Article 6(1)(f) GDPR (legitimate interest in operating a secure service).

2.3 Cookies and local storage

We use a small number of strictly necessary cookies and browser-storage entries to operate the site:

  • locale (HTTP cookie, 1 year): remembers your preferred language.
  • armbian-theme (localStorage): remembers your light/dark theme preference.
  • armbian-consent (localStorage): records your cookie-banner choices.
  • Payload session cookie (HTTP-only, /admin only): authenticates editorial users.

Functional resources (third-party flag icons served from a public CDN, see section 3) are loaded only after you grant explicit consent through our cookie banner.

3. Third-party processors and recipients

We share the minimum amount of personal data needed. The following third parties process or receive personal data through services we use or link to:

  • Zoho Corporation (Zoho Bigin CRM, EU region) β€” receives the data you submit through /contact and /update-data so we can manage business inquiries and maintainer records. Stored on Zoho EU infrastructure.
  • Google Ireland Ltd. (reCAPTCHA v2) β€” anti-spam protection on the /contact and /update-data form pages. Processes interaction signals to score whether you are human; the script is loaded only on those pages.
  • Calendly LLC (United States) β€” handles scheduling for our Office Hours and paid Business Consultation slots when you click "Schedule a Meeting" or "Book Consultation" on /contact. You are redirected to calendly.com/armbian; data you enter there is processed by Calendly under their own privacy policy.
  • Payment platforms β€” when you donate via /donate you are redirected to one of: PayPal (PayPal Holdings, Inc.), Liberapay (open-source platform), or GitHub Sponsors (GitHub, Inc.). Each transaction is processed by the chosen platform under its own terms. Armbian receives the resulting funds and any information the platform passes on (typically your name and email if you opt to share it).
  • jsDelivr (Prospect One sp. z o.o.) β€” public CDN that serves the country-flag icons used by the language switcher. Loaded only after you grant functional cookie consent.
  • GitHub, Inc. β€” when you view pages that list contributors or maintainers (/authors, individual board pages), your browser may load avatar images directly from avatars.githubusercontent.com.
  • Automattic, Inc. (Gravatar) β€” those same pages may also load avatar images directly from www.gravatar.com.
  • Authentik (single sign-on, optional) β€” if this Armbian deployment is configured with OIDC single sign-on, authentication for the editorial admin (/admin) is delegated to an Authentik server we operate. Only Armbian editorial users interact with this system.
  • Hosting provider β€” operates the servers where the site, API and database run, under contractual confidentiality.

Where any of these recipients transfer data outside the EU/EEA, transfers rely on the EU-U.S. Data Privacy Framework or Standard Contractual Clauses as appropriate. The Site additionally links out to community platforms (forum, Discord, Mastodon, X, IRC, LinkedIn, GitHub) which operate under their own terms and privacy policies and are not controlled by Armbian.

4. Retention

  • Form submissions: kept in our CRM for as long as the relationship is active and up to 24 months thereafter, unless a longer retention period is required by law.
  • Server logs: see section 2.2 β€” not deliberately persisted; retention is governed by the host operating system and container lifecycle.
  • Maintainer profile data: kept while you are listed as an active contributor; removed on request.

5. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • request rectification of inaccurate data;
  • request erasure ("right to be forgotten");
  • restrict or object to processing;
  • data portability for data you provided directly;
  • withdraw consent at any time, where processing is based on consent;
  • lodge a complaint with the Slovenian Information Commissioner (Informacijski pooblaőčenec, www.ip-rs.si) or the supervisory authority of your habitual residence.

To exercise any of these rights, write to info@armbian.com.

6. Security

We apply reasonable technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction, including encryption in transit (HTTPS), least-privilege access controls, and regular software updates.

7. Children

The site is not directed to children under 16. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us so we can delete it.

8. Changes to this policy

We may update this policy to reflect changes to our practices or legal obligations. Material changes will be highlighted on this page with a new effective date.

9. Contact

Armbian d.o.o. β€” Slovenia, EU β€” info@armbian.com