Last updated: December 04, 2025 1. Introduction We take the protection of your personal data very seriously. This privacy policy explains what data we collect, how we use it, and what rights you have regarding your data. Our services are operated in accordance with the European General Data Protection Regulation (GDPR) and other applicable data protection laws. 2. Data Controller The data controller responsible for the processing of your personal data is: Norman Huth
Bahnhofstraße 15
29413 Diesdorf
Germany If you have any questions about data protection or wish to exercise your rights, please contact us at the above address. 3. Hosting and Server Infrastructure 3.1 Hosting Provider Our website is hosted on servers located in Germany, operated by: Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany We have entered into a Data Processing Agreement (DPA) with Hetzner in accordance with Article 28 GDPR to ensure that your data is processed securely and in compliance with applicable data protection regulations. 3.2 Server Log Files When you visit our website, our web server automatically collects and stores the following information in server log files:

• Browser type and version
• Operating system
• Referrer URL (the previously visited page)
• Hostname of the accessing computer (IP address)
• Date and time of the request
• HTTP status code

This data is processed on the legal basis of Article 6(1)(f) GDPR (legitimate interest) for the purpose of ensuring system security, technical administration, and optimizing our website. The data is stored for a maximum of 7 days and then automatically deleted. 4. User Accounts and Authentication 4.1 GitHub Authentication We offer the option to create an account and log in using your GitHub account. When you choose to authenticate via GitHub, we receive the following information from GitHub:

• GitHub username
• GitHub user ID
• Email address (if public in your GitHub profile)
• Profile picture (if available)

The legal basis for this processing is Article 6(1)(b) GDPR (performance of a contract). By using the GitHub login, you agree to GitHub's own privacy policy and terms of service. We recommend reviewing GitHub's privacy policy at: https://docs.github.com/en/site-policy/privacy-policies We only process the data received from GitHub to create and manage your account on our platform. We do not have access to your GitHub password or other GitHub account credentials. 4.2 Account Data When you create an account, we store:

• Username
• Email address
• Authentication provider information (GitHub)
• Date and time of account creation
• Date and time of last login

This data is necessary to provide our services and is processed based on Article 6(1)(b) GDPR. Your account data will be retained for the duration of your account's existence and will be deleted upon your request or after a period of inactivity, unless we are legally required to retain it for longer periods. 5. Payment Processing 5.1 PayPal We use PayPal as our payment service provider. When you make a payment through our platform, you will be redirected to PayPal to complete the transaction. PayPal processes the following data:

• Name
• Email address
• Billing address
• Payment amount
• Transaction details

The processing of payment data is necessary for the fulfillment of the contract and is based on Article 6(1)(b) GDPR. PayPal acts as an independent data controller for the payment process. We recommend reviewing PayPal's privacy policy at: https://www.paypal.com/privacy We do not store complete payment card information on our servers. We only receive confirmation of successful or failed transactions from PayPal, along with a transaction reference number. 5.2 Transaction Records For billing and accounting purposes, we store:

• Transaction date and time
• Transaction amount
• Transaction status
• PayPal transaction ID
• Associated user account

This data is retained for the period required by German tax and commercial law (typically 10 years) based on Article 6(1)(c) GDPR (legal obligation). 6. Data Processing Purposes and Legal Basis We process your personal data for the following purposes: PurposeLegal BasisData Processed Account creation and managementArt. 6(1)(b) GDPRUsername, email, authentication data Service provisionArt. 6(1)(b) GDPRAccount data, usage data Payment processingArt. 6(1)(b) GDPRTransaction data Legal complianceArt. 6(1)(c) GDPRTransaction records, invoices System security and optimizationArt. 6(1)(f) GDPRServer logs, technical data 7. Data Sharing and Third Parties We do not sell your personal data to third parties. We do not share your data with third parties except in the following cases: 7.1 Service Providers

• Hetzner Online GmbH (Hosting): Processes data on our behalf under a Data Processing Agreement
• GitHub (Authentication): Acts as independent controller for authentication services
• PayPal (Payments): Acts as independent controller for payment processing

7.2 Legal Requirements We may disclose your personal data if required by law, court order, or governmental authority, or if necessary to protect our legal rights or the safety of others. 8. No Analytics or Tracking We do not use any analytics tools, tracking cookies, or similar technologies to monitor your behavior on our website. We respect your privacy and do not create user profiles for marketing purposes. 9. Data Retention We retain your personal data only for as long as necessary to fulfill the purposes outlined in this privacy policy or as required by law:

• Account data: Until account deletion or after 24 months of inactivity
• Server logs: 7 days
• Transaction records: 10 years (legal requirement)
• General correspondence: Until the matter is resolved, plus 3 years

After the retention period expires, your data will be securely deleted or anonymized. 10. Your Rights Under the GDPR, you have the following rights regarding your personal data: 10.1 Right of Access (Article 15 GDPR) You have the right to obtain confirmation as to whether we process your personal data and, if so, to receive information about this data and a copy of it. 10.2 Right to Rectification (Article 16 GDPR) You have the right to request the correction of inaccurate personal data and the completion of incomplete personal data. 10.3 Right to Erasure (Article 17 GDPR) You have the right to request the deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected. 10.4 Right to Restriction of Processing (Article 18 GDPR) You have the right to request the restriction of processing under certain circumstances, such as when you contest the accuracy of the data. 10.5 Right to Data Portability (Article 20 GDPR) You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit this data to another controller. 10.6 Right to Object (Article 21 GDPR) You have the right to object to the processing of your personal data based on legitimate interests (Article 6(1)(f) GDPR). 10.7 Right to Withdraw Consent Where processing is based on consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. 10.8 Right to Lodge a Complaint You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement. The competent supervisory authority in Germany for data protection matters is determined by the federal state. For general inquiries, you may contact: Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Graurheindorfer Str. 153
53117 Bonn
Germany
Website: https://www.bfdi.bund.de/ 11. Data Security We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• SSL/TLS encryption for data transmission
• Secure server infrastructure in German data centers
• Regular security updates and patches
• Access controls and authentication mechanisms
• Data Processing Agreement with hosting provider
• Regular backups with encrypted storage

Despite these measures, please be aware that no method of transmission over the internet or electronic storage is 100% secure. 12. International Data Transfers Your data is processed exclusively on servers located in Germany and is subject to GDPR protection. We do not transfer your personal data to countries outside the European Economic Area (EEA), except when using third-party services (GitHub, PayPal) where such transfers may occur under appropriate safeguards. 13. Children's Privacy Our services are not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us, and we will delete such information. 14. Changes to This Privacy Policy We reserve the right to update this privacy policy to reflect changes in our practices or for legal, operational, or regulatory reasons. The updated privacy policy will be posted on this page with a new "Last updated" date. We encourage you to review this privacy policy periodically. Significant changes will be communicated through our website or, if you have an account, via email. 15. Contact If you have any questions about this privacy policy or our data processing practices, please contact: Norman Huth
Bahnhofstraße 15
29413 Diesdorf
Germany This privacy policy is effective as of the date stated at the top of this document.