Privacy Policy

1. Controller

Özgür Taylan Umucu
Arnold-Schönberg-Weg 21, 80939 München, Germany
Email: oezguer.taylan@umucu.de

2. What data we process & why

• Account data (email, username, password hash) – to create and manage your account.
• Authentication tokens (JWT) – to keep you logged in and secure the API.
• Communication (activation & password reset emails) – to provide core account features.
• Usage & technical logs (IP, timestamps, user agent) – to ensure security, prevent abuse and fix bugs.
• Media uploads/metadata (if you upload or interact with content) – to deliver the service.

Legal bases (GDPR): Art. 6(1)(b) performance of contract (account, playback); Art. 6(1)(f) legitimate interests (security, logs); Art. 6(1)(c) where legal obligations apply; Art. 6(1)(a) consent for optional features, if used.

3. Hosting & processors

• Application/Server: Hetzner Online GmbH (Germany/EU)
• Web hosting / domain: ALL-INKL.COM – Neue Medien Münnich (Germany/EU)
• Infrastructure: PostgreSQL & Redis on our servers (EU)
• Email delivery: SMTP provider as configured (may be outside the EU depending on provider)

We have data processing agreements with our processors where required.

4. Transfers outside the EU/EEA

No routine transfers. If our email/provider stores data outside the EU/EEA, we ensure appropriate safeguards (e.g. SCCs) per Art. 46 GDPR.

5. Retention

• Account data: for the life of the account; deleted upon request unless legal retention applies.
• Logs: typically 30–90 days for security/troubleshooting, then deleted or anonymized.
• Emails/transaction records: as required by law or for legitimate interests (e.g. abuse prevention).

6. Cookies & tracking

We use essential cookies/technologies only as needed for security (e.g. CSRF) and session handling. Authentication primarily uses JSON Web Tokens (stored on your device). We do not use third-party advertising cookies. If we add analytics, we will ask for your consent and update this notice.

7. Your rights (GDPR)

You can request access, rectification, erasure, restriction, portability, and object to processing (Art. 15–21 GDPR). You can also lodge a complaint with a supervisory authority, in Germany e.g. the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).

8. Third-party content

Videos are sourced from Pixabay under the Pixabay License. We are not responsible for the content of external links.

9. Security

We use industry-standard measures (TLS, access controls, least privilege) to protect your data. No method is 100% secure, but we continuously improve our safeguards.

10. Contact

For privacy requests, contact: oezguer.taylan@umucu.de

11. Updates

We may update this notice to reflect changes in our service or law. Last updated: 29 August 2025.