Privacy Policy

2. Hosting and server logs

When you access the website, the hosting provider processes technical connection data such as IP address, time of access, requested page, browser, and device information. This is required to deliver the website securely and reliably. The legal basis is generally Art. 6(1)(f) GDPR. Add the specific hosting provider used for this project.

3. Technically necessary session cookie

For sign-in and account security, we only use the technically necessary session cookie better-auth.session_token. The legal basis for storing and reading the cookie is Section 25(2) TDDDG; the subsequent processing is generally based on Art. 6(1)(b) GDPR. The cookie is configured as HttpOnly with SameSite=Lax and expires after no more than 72 hours or is deleted when you sign out. We do not currently use non-essential analytics or marketing cookies.

4. Service providers

Where external service providers are used, they process data only on our instructions or on their own legal basis where required by law. Add the actual service providers used here, including any third-country transfers.

5. Retention periods

We store personal data only for as long as it is needed for the relevant purpose or for as long as statutory retention obligations apply. Concrete periods should be defined per processing activity and added here.

6. Your rights

Under the GDPR, you have in particular the following rights:

• Access to the personal data processed about them
• Rectification of inaccurate data or completion of incomplete data
• Erasure under the conditions of Art. 17 GDPR
• Restriction of processing
• Data portability
• Objection to processing based on legitimate interests
• The right to lodge a complaint with a supervisory authority