Privacy Policy

Information according to Art. 13 GDPR — Last updated: 2026-05-09

1. Controller

Karl Tiller
Wilhelm-Liebknecht-Str. 30, 35396 Gießen, Germany
Phone: +256 779 100 993
Email: info@karl-tiller.de

2. Data Protection Officer

A formal data protection officer is not required (private project, no large-scale data processing). Inquiries are handled directly by the controller.

3. Personal data we process

DataPurposeLegal basis
Name, Email, Password (hashed)User authentication, account managementArt. 6 (1) b GDPR
Google account ID (sub), Name, EmailSign in via Google OAuthArt. 6 (1) a + b GDPR
Registration reason (optional)Admin review for account approvalArt. 6 (1) b GDPR
IP address, User-Agent, Login timestampsIT security, abuse prevention, audit logArt. 6 (1) f GDPR (legitimate interest)
Session IDKeep user logged inArt. 6 (1) b GDPR

4. Cookies

We only use technically necessary cookies. No consent is required under § 25 Abs. 2 TDDDG.

CookiePurposeLifetime
ug_sessionLogin session30 days
flask_sessionOAuth state during Google sign-inBrowser session
ug_langSelected interface language1 year

5. Third-party services and recipients

We use the following processors under Art. 28 GDPR:

6. International data transfer

When you sign in with Google, your data may be transferred to the USA. Google LLC is certified under the EU-US Data Privacy Framework. All other processors are based in the EU.

7. Storage period

8. Your rights as a data subject

Under the GDPR, you have the right to:

9. Server logs (nginx)

When you visit this site, our web server temporarily stores the following data in log files: IP, User-Agent, Referer, URL, Status-Code. Logs are rotated and deleted after 14 days. Legal basis: Art. 6 (1) f GDPR (IT security).

10. Changes to this policy

This policy may be updated to reflect changes in the service or legal requirements. Significant changes will be communicated by email.

← Back to start