About

As an integration consulting company, this tool was created to support our activities. More and more customers wanted to perform transports in SAP CPI in a simpler and easier way. Now we have released this tool for the general public. We wish you a lot of fun!

Learn here more about us and our company
Contiva Logo

Contact

CPI Transporter Free
English Deutsch

Privacy Policy

Last updated: June 7, 2025

1. Name and Address of the Controller

The controller in the sense of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

Contiva GmbH
Yokohamastr. 2
20457 Hamburg Germany
Represented by: Robert John Fels
Email: [email protected]
Website: contiva.com

2. Principle: We Don't Store Your Data!

Privacy by Design

The CPI Transporter fundamentally does not store any of your personal data or system credentials on our servers!

To facilitate the core transport functionality, the artifacts being transported are held temporarily on our servers for a very brief period (typically a few seconds) solely for the purpose of transferring them to your designated target system. These artifacts are not processed by us in any other way, and upon completion of the transport, they are immediately deleted. You will receive a transport protocol confirming this process, including the deletion of the temporarily stored artifacts.

3. Cookies and Local Data Storage

The CPI Transporter uses cookies and similar technologies to ensure the functionality of the application and to save your settings. Cookies are small text files that are stored on your terminal device. All your system data and login information are stored exclusively locally on your computer in encrypted form.

3.1 Types of Cookies Used and Their Purpose
  • Necessary Cookies: These cookies are essential for the operation of the web application. They enable core functionalities such as managing your connected systems and maintaining your session. The application cannot function correctly without these cookies.
    • SecData: Stores your encrypted system data (SAP CPI URLs, usernames, passwords, OAuth2 token URLs, system groupings). Storage is exclusively in your browser. Encryption is performed using AES-256 and integrity is ensured by SHA3-512.
    • license: Stores your license key if you have purchased a PLUS+ license. This cookie is necessary to unlock the extended functionalities.
    • Session Cookies (e.g., PHPSESSID): These cookies are required for basic functionality during your use (e.g., for language selection or temporary storage of entries). They are usually deleted after you close your browser.
3.2 Legal Basis for Data Processing

The processing of data collected by technically necessary cookies is based on Art. 6 (1) (f) GDPR to protect our legitimate interests in a user-friendly design of our web application and to fulfill the user contract (provision of the core functions of the CPI Transporter) pursuant to Art. 6 (1) (b) GDPR.

3.3 Storage Duration and Control
  • Encryption: AES-256 for confidentiality and SHA3-512 for data integrity.
  • Storage Location: Exclusively encrypted in cookies in your browser. We do not have access to this data.
  • Your Control: You have full control over your data stored in cookies at all times. You can view, manage, and delete cookies via your browser settings. Please note that disabling necessary cookies may limit the functionality of the CPI Transporter.
  • Automatic Deletion:
    • SecData (Free Version): The system data stored here is automatically deleted after 24 hours of inactivity to protect your data.
    • SecData (Plus Version): You can configure the storage duration of the system data yourself.
    • license: Remains stored as long as your PLUS+ license is valid or until you manually delete the cookie.
    • Session Cookies: Are usually deleted after closing the browser.

We do not use tracking cookies, advertising cookies, or third-party analytics tools that track your browsing behavior beyond our application.

4. What Data is Processed?

4.1 Collection and Use of Access Data (Server Log Files) and Technical Data

For technical reasons, certain data is temporarily processed each time you use our web application. This data is necessary for the provision of the service, to ensure the security and stability of the systems, and to optimize user-friendliness.

  • IP Address: The IP address is required to deliver the content of our web application to your browser. It is anonymized or deleted after the end of use, provided there are no legal retention obligations to the contrary. Further storage for user identification does not occur unless there is a concrete suspicion of unlawful use (e.g., attempted attacks).
  • Browser Information: Type and version of your browser, operating system used, referrer URL (the previously visited page), hostname of the accessing computer (IP address), and time of the server request. This data is used for the correct display of content and to ensure compatibility.
  • Session IDs: Temporary identifiers necessary for the duration of your session to assign your actions and settings (e.g., language selection) across different page views. These are usually deleted when you close your browser.

The legal basis for the temporary storage of this data is Art. 6 (1) (f) GDPR. Our legitimate interest lies in ensuring the functionality, security, and optimization of our web application.

4.2 System Credentials (locally encrypted)
  • SAP CPI URLs
  • Usernames and passwords
  • OAuth2 token URLs
  • System groupings

5. External Services and Data Transfer to Third Parties

We partially use external service providers to provide our services and improve our offerings. If personal data is processed or transmitted in this context, this is done on the basis of corresponding legal regulations and, where necessary, data processing agreements (DPA) in accordance with Art. 28 GDPR.

5.1 Stripe (Payment Processing)

For processing payments for our paid PLUS+ subscriptions, we use the service provider Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter "Stripe").

When you subscribe to a PLUS+ subscription, the payment data you enter (such as name, address, email address, payment method, credit card number or bank details, as well as the amount and date of the transaction) is transmitted directly to Stripe via an encrypted connection and processed by Stripe. We do not store any complete credit card data or bank details ourselves.

Additionally, we transmit your license key to Stripe to associate the payment with your subscription.

The processing of your data by Stripe is carried out for the execution of payment transactions and for the fulfillment of the contract concluded with you for the PLUS+ subscription (Art. 6 (1) (b) GDPR). Stripe is subject to European data protection laws. Further information on data protection at Stripe can be found in Stripe's privacy policy: https://stripe.com/privacy.

It is possible that data may also be transferred to servers in the USA as part of Stripe's service provision. An adequacy decision by the EU Commission exists for the USA (EU-U.S. Data Privacy Framework), which Stripe has joined, ensuring an adequate level of data protection.

5.2 Sentry (Error and Performance Monitoring)

To ensure the technical stability of our application and for the early detection and correction of errors (bug tracking), as well as for performance analysis, we use the Sentry service from Functional Software, Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA (hereinafter "Sentry").

In the event of an error, Sentry collects technical information about the error that occurred, such as information about your browser, operating system, the time of the error, and, if applicable, the steps that led to the error (breadcrumbs). This data is generally anonymized or pseudonymized and does not contain any directly personal data such as IP addresses or detailed user input, unless this is an immediate part of the cause of the error and absolutely necessary for error analysis. We have configured Sentry so that no sensitive data (such as content from form fields) is collected.

The use of Sentry is based on our legitimate interest in the technical error-freeness, stability, and optimization of our services (Art. 6 (1) (f) GDPR). We have concluded a data processing agreement (DPA) with Sentry. For the transfer of data to the USA, Sentry also relies on the EU-U.S. Data Privacy Framework.

Further information on data protection at Sentry can be found at: https://sentry.io/privacy/.

6. Your Rights as a Data Subject

As a data subject, you have various rights under the General Data Protection Regulation (GDPR). Since the CPI Transporter is designed to generally not store personal data on our servers, your rights primarily relate to data that is temporarily processed during use (see Section 4.1) or that you provide to us in the context of contacting us or a contractual relationship (e.g., PLUS+ subscription).

You have the right to:

  • Access (Art. 15 GDPR): You can request information about whether and what personal data we process about you. This particularly concerns temporarily processed technical data and data related to your PLUS+ subscription.
  • Rectification (Art. 16 GDPR): If your personal data is incorrect or incomplete, you have the right to have it rectified.
  • Erasure (Art. 17 GDPR): You can request the erasure of your personal data, especially if the purpose of processing has ceased, you withdraw your consent, or the data has been processed unlawfully. Regarding data stored in cookies on your device (see Section 3), you can perform the erasure yourself at any time by deleting the corresponding cookies in your browser.
  • Restriction of processing (Art. 18 GDPR): Under certain conditions, you can request the restriction of the processing of your personal data.
  • Data portability (Art. 20 GDPR): You have the right to receive data that we process automatically based on your consent or for the performance of a contract in a common, machine-readable format or to request its transfer to another controller, where technically feasible.
  • Object (Art. 21 GDPR): If data processing is based on our legitimate interests (Art. 6 (1) (f) GDPR), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
  • Withdrawal of consent (Art. 7 (3) GDPR): If data processing is based on your consent, you can withdraw this at any time with future effect. The lawfulness of the processing carried out until the withdrawal remains unaffected.
  • Lodge a complaint with a supervisory authority (Art. 77 GDPR): Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes the GDPR.

To assert your rights, please contact the controller named in Section 1 or email [email protected].

7. Data Security

We take technical and organizational security measures to protect your data as comprehensively as possible from unwanted access. In addition to securing the operating environment, we use encryption methods. The system data you store on your computer is encrypted using AES-256 and its integrity is ensured using SHA3-512. Data transmission between your browser and our servers (e.g., during license activation or error transmission to Sentry) is carried out via HTTPS (SSL/TLS encryption).

We point out that data transmission over the Internet (e.g., when communicating by email) can have security vulnerabilities. Complete protection of data from access by third parties is not possible.

8. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy occasionally so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g., when introducing new services. The new privacy policy will then apply to your return visit.

9. Contact and Data Protection Officer

For privacy questions, please contact:

Contiva GmbH
Email: [email protected]