Privacy Policy

1. Privacy at a glance

General information: When you use this Website, various types of personal data are processed depending on your use and your consent choices. Some data is technically necessary (e.g., to deliver the Website), while other data is processed only with your consent (e.g., for advertising/marketing/tracking).

Data collection on this Website: Some data is collected when you provide it to us (e.g., registration/account, chat posts, contacting us). Other data is processed automatically by our IT systems when you visit the Website, or after your consent (e.g., technical connection data, consent signals, and, where applicable, advertising IDs).

What do we use your data for? We use data to ensure the secure and error-free provision of the Website, to prevent misuse (rate limiting/spam protection), to provide optional account features and—if you consent—to deliver and measure advertising via Ezoic.

What rights do you have? In particular, you have the right to access, rectification, erasure, restriction of processing, data portability, objection, and withdrawal of consent. Details can be found below under “Your rights”.

• Technically necessary processing is carried out on the basis of legitimate interests and/or to perform a contract.
• Processing requiring consent (e.g., advertising/marketing/tracking) is carried out only after you have given consent via the consent banner.

2. General information and mandatory disclosures

Data protection: We treat your personal data confidentially and in accordance with applicable data protection laws and this Privacy Policy.

Please note that data transmission over the Internet (e.g., communication by email) may have security vulnerabilities. Complete protection of data against access by third parties cannot be guaranteed.

Information about the controller: The controller responsible for processing personal data within the meaning of the GDPR is:

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

We have not appointed a Data Protection Officer unless legally required.

F. Jakob Grzesiak
Höppnerstr. 101, WE 35
47809 Krefeld, Deutschland
Email: [email protected]

3. Overview: What data we process

Depending on how you use the Website and your settings/consent choices, we process in particular the following categories of personal data:

• Technical data (e.g., IP address, timestamps, user agent, referrer, requested URL, status codes) to deliver and secure the Website.
• Account data (e.g., email address) if you register/sign in and use account features.
• Chat data (message content) and, for anonymous users, additionally the IP address for abuse prevention.
• Consent and preference data from the consent banner (e.g., whether you consented to cookies/tracking/personalization; where applicable, consent signals/strings).
• Advertising/measurement data in connection with ad delivery via Ezoic (potentially personalized depending on consent).

4. Legal bases for processing

We process personal data only where a legal basis applies. Depending on the purpose, this includes in particular:

• Art. 6(1)(b) GDPR (contract/steps prior), e.g., for login/account features.

• Art. 6(1)(f) GDPR (legitimate interests), e.g., IT security, abuse prevention, stable provision of the Website.

• Art. 6(1)(a) GDPR (consent), e.g., for consent-required advertising/marketing technologies.

For storing/reading information on your device (cookies/similar technologies), § 25 TDDDG also applies: consent (§ 25(1)), unless strictly necessary for the service (§ 25(2)).

Where an explicit consent to transfer data to third countries is required, processing may additionally be based on Art. 49(1)(a) GDPR (e.g., in exceptional cases).

5. Hosting (Hetzner)

We host content and systems of this Website with Hetzner. In doing so, technical data necessary for delivery and security is processed (e.g., IP address in server logs, time of access, requested resource).

The use of Hetzner is based on Art. 6(1)(f) GDPR. We have a legitimate interest in providing a reliable and secure Website.

Where applicable consent is obtained (e.g., for consent-required technologies), processing is additionally based on Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be withdrawn at any time.

• Hetzner Privacy Policy

6. Content delivery & security (Cloudflare proxy/CDN)

We use Cloudflare as a reverse proxy/CDN and security service (e.g., DDoS protection/WAF). Traffic to the Website is routed via Cloudflare. Cloudflare processes technical connection data (in particular IP address and request metadata) to deliver content and mitigate attacks.

Depending on configuration, Cloudflare security features may set strictly necessary cookies/tokens (e.g., to prevent automated access or to perform security challenges). Such technologies are used only to the extent required for security and functionality or, where required, after consent.

Depending on routing/product, processing in third countries (e.g., the U.S.) may occur. Cloudflare relies on recognized safeguards (e.g., Standard Contractual Clauses and/or certifications).

• Cloudflare Privacy Policy
• Cloudflare (Germany) imprint/address

7. Cookies, consent banner (Ezoic CMP) and withdrawal

Our Website uses cookies and similar technologies. Cookies are small data files and do not harm your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies).

We use a consent banner provided by Ezoic (Consent Management Platform/CMP) to manage your consent choices for cookies and similar technologies—particularly in connection with advertising. Consent/preference information is stored (e.g., whether you accepted or rejected categories; where applicable, consent signals/strings).

You can withdraw or change your consent at any time with effect for the future by opening the cookie/privacy settings.

• Strictly necessary cookies/technologies may be used without consent if required for the service you explicitly requested (§ 25(2) TDDDG) and processing can be based on Art. 6(1)(f) GDPR.
• Non-essential cookies/technologies (e.g., personalization/marketing/tracking in connection with advertising) are used only after consent (Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG).
• You can also delete or block cookies at any time via your browser settings. If cookies are disabled, the functionality of the Website may be limited.

• Open cookie/privacy settings

8. Advertising via Ezoic (incl. measurement/personalization)

We use Ezoic to deliver and optimize advertising and to optimize page content. Ezoic may use cookies and similar technologies and process data to deliver, measure and—depending on your consent—personalize advertising.

If you reject advertising/tracking consent, ads may still be displayed; in that case they are generally less personalized (e.g., contextual).

As part of ad delivery, processing may take place by Ezoic and its advertising/technology partners. Depending on their role, they may act as independent controllers. Details (including categories, purposes and partners) can be found in Ezoic’s privacy policy for our domain.

• Depending on consent/setup, processed data may include IP address, device/browser information, language settings, cookie IDs, interactions with ads, and technical identifiers.
• Ezoic may use consent signals from the CMP to determine whether and which advertising/tracking technologies are used.
• Ezoic may work with additional advertising and technology partners (e.g., for ad delivery, fraud prevention, measurement).

• Ezoic Privacy Policy (domain-specific)
• Ezoic general privacy policy
• Ezoic advertising/technology partners

9. Account/sign-in & database (self-hosted)

For registration, sign-in and account features, we operate our authentication and database ourselves (e.g., based on Supabase/open-source components) on our own server infrastructure.

In doing so, we process in particular your email address (for login/account) and technical data required for authentication, session management, diagnostics and security.

To provide login sessions, strictly necessary cookies or comparable technologies may be used (e.g., session tokens). These are required to use account features.

• Purpose: Provide account features (login, account management) and store data as part of the app features.
• Legal basis: Art. 6(1)(b) GDPR (contract/steps prior) and Art. 6(1)(f) GDPR (security/diagnostics/abuse prevention).

10. Chat and IP addresses (spam protection / rate limiting)

The chat is available to all users (with and without login). We process IP addresses for spam protection and rate limiting to prevent abuse (e.g., automated requests, spam messages, attack attempts).

For authenticated users, the IP address is not stored persistently in the chat database. For anonymous users, the IP address is linked to their chat messages so that abuse can be traced and blocked.

The chat database stores only the most recent 50 messages; older messages are deleted automatically.

• Purpose: Abuse prevention, IT security, service stability.
• Legal basis: Art. 6(1)(f) GDPR (legitimate interests).

11. Contact (email/links to third-party platforms)

If you contact us by email, we process your inquiry including all personal data resulting from it (e.g., email address, message content) to handle your request.

Depending on content, processing is based on Art. 6(1)(b) GDPR (if the inquiry relates to contract performance or pre-contractual steps) or on Art. 6(1)(f) GDPR (legitimate interest in efficient handling).

If we provide links to third-party platforms (e.g., a profile link to Reddit), clicking the link will redirect you. From that point on, processing by the third party is governed by their privacy policies.

• Email

12. Server logs

Whenever the Website is accessed, technical information may be processed in server log files (e.g., IP address, date/time, accessed page/file, status code, user agent).

The purpose is secure operation (e.g., troubleshooting, attack mitigation) and ensuring technical functionality.

• Legal basis: Art. 6(1)(f) GDPR.
• Retention: typically 7–14 days (or longer if required to investigate security incidents).

13. Recipients of personal data / processing on our behalf

In the course of our activities, we work with external parties (service providers). This may require transferring personal data to these parties.

We use service providers (processors) that process personal data on our behalf, in particular for hosting/infrastructure, proxy/CDN and advertising/CMP. Where required, we conclude data processing agreements with them.

Our backend (authentication/database) is operated by us; there is no separate external recipient “Supabase”.

• Hetzner (hosting/infrastructure)
• Cloudflare (proxy/CDN/security)
• Ezoic (advertising, CMP/consent management, optimization)

14. Transfers to third countries

Some service providers—especially within the advertising ecosystem—may process data in countries outside the EU/EEA (e.g., the U.S.). In such cases, transfers rely on appropriate safeguards (e.g., Standard Contractual Clauses and/or adequacy decisions/certifications), where required.

Please refer to the linked privacy notices of the respective providers for further details.

15. Retention

Unless a more specific retention period is stated in this Privacy Policy, we store personal data only as long as necessary for the purposes described or as required by law.

If you assert a legitimate request for erasure or withdraw consent, your data will be erased unless other legally permissible grounds for storage apply (e.g., statutory retention obligations).

• Account data: until the account is deleted (or as long as the account exists).
• Chat messages: only the most recent 50 messages (automatic deletion of older content).
• Server logs: typically 7–14.

16. Your rights

Under the GDPR you have the following rights, in particular (subject to legal requirements):

Right to object (Art. 21 GDPR): Where processing is based on Art. 6(1)(f) GDPR, you may object at any time on grounds relating to your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms.

Withdrawal of consent: Many processing operations are possible only with your explicit consent. You can withdraw consent at any time. The lawfulness of processing carried out before the withdrawal remains unaffected.

To exercise your rights, you can contact us at [email protected].

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection to processing based on legitimate interests (Art. 21 GDPR)
• Withdrawal of consent (Art. 7(3) GDPR)

17. Right to lodge a complaint with a supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place of the alleged infringement. This right exists without prejudice to other administrative or judicial remedies.

18. SSL/TLS encryption and security

This Website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the address bar changing from “http://” to “https://” and the lock symbol in your browser.

Please note that a completely risk-free security architecture on the Internet can never be guaranteed.

19. Changes to this Privacy Policy

We may update this Privacy Policy if our Website, services used, or legal requirements change. The version published on this page applies.