Privacy & Data Transfer
Transparency is important to us. On this page, you will learn exactly what data merchantCENTRAL sends to the license server, why it is needed, and how it is protected.
Core Principles
- Encrypted transfer β All data is transmitted exclusively via HTTPS (TLS-encrypted)
- Minimal data β Only data necessary for licensing is sent
- No business data β Order contents, item prices, customer data from your BC are never transmitted
- Secure key storage β License Keys and API keys are stored in Business Central's encrypted IsolatedStorage β not in the database
1. License Validation (every 24 hours)
The automatic license check sends the following data:
| Field | Example | Purpose |
|---|---|---|
| License Key | (transmitted encrypted) | Identification of your license |
| Tenant ID | 47a2ed66-0ce7-... |
Assignment to the BC tenant |
| Environment Name | Production |
Distinguishing environments |
| Is Production | true / false |
Sandbox detection (sandboxes are always free) |
| Is Sandbox | true / false |
Sandbox detection |
What comes back:
- License status (Active, Demo, Expired, Suspended)
- License type (Demo or Production)
- Demo expiry date (if applicable)
- List of licensed modules with respective status
- Interval until the next check (normally 24 hours)
No License Key in plain text
The License Key is written encrypted into the request body via a special method (WriteWithSecretsTo). It is never visible as plain text in memory or logs.
2. Heartbeat (daily)
The daily heartbeat reports anonymized usage data:
| Field | Example | Purpose |
|---|---|---|
| License Key | (transmitted encrypted) | Assignment to the license |
| Tenant ID | 47a2ed66-0ce7-... |
Assignment to the tenant |
| Environment Name | Production |
Environment identification |
| Is Production | true / false |
Sandbox detection |
| Timestamp | 2026-04-02T08:30:00Z |
Heartbeat timestamp |
What is not sent
- β No order contents, customer names, or order numbers
- β No item prices, stock levels, or supplier data
- β No personal user data (usernames, email addresses of BC users)
- β No financial data (revenues, invoices, accounts)
3. Demo Registration (one-time)
During Demo Registration, company data is transferred once to create your trial license:
Required Data
| Field | Purpose |
|---|---|
| Company Name | License assignment |
| Contact Person | Contact person for support |
| Confirmation email and support contact | |
| Country Code | Regional assignment |
Optional Data
| Field | Purpose |
|---|---|
| Phone | Phone support |
| Street, Post Code, City | Full address for later invoicing |
| VAT Registration No. | Tax assignment |
| Website | Company identification |
Technical Data (automatically determined)
| Field | Purpose |
|---|---|
| Tenant ID | Assignment to the BC tenant |
| Environment Name | Environment identification |
| Is Production / Is Sandbox | Sandbox detection |
| Installed Modules | Which connector apps are installed, to activate them |
| GDPR Consent | Proof of your consent |
GDPR consent required
Demo registration requires your explicit consent to data processing. Without consent, no license can be created.
Data Usage
Your data is used exclusively for the following purposes:
| Purpose | Description |
|---|---|
| License management | Creation, validation, and management of your merchantCENTRAL license |
| Billing | Creation of invoices for production licenses (monthly, day-accurate) |
| Support | Contact in case of technical questions or issues |
| Product improvement | Anonymized, aggregated usage statistics (no individual analysis) |
Where Is the Data Stored?
| Location | What | Protection |
|---|---|---|
| Your Business Central | License Key, cached license status, module list | IsolatedStorage (encrypted), DataScope = Company |
| Azure Table Storage (EU) | License data, heartbeats, usage statistics | Managed Identity, RBAC, encrypted at rest |
| Our Business Central | Billing data, contact data | Standard BC security, DataClassification = CustomerContent |
Your Rights
As a customer, you have the following rights under GDPR:
- Information β What data is stored about you
- Rectification β Correction of incorrect data
- Erasure β Deletion of your data (after the end of the contractual relationship)
- Withdrawal β Revocation of consent for the demo registration
Contact: datenschutz@altenbrand.de
Full privacy policy: https://www.merchantcentral.de/privacy
Related Pages
- License Setup β Manage License Key
- Start Free Demo β Demo registration with GDPR consent
- Troubleshooting β Connection issues and offline tolerance