Privacy Policy

Last updated: June 2026

1. Controller

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

[OPERATOR NAME]
[ADDRESS]
Email: [CONTACT EMAIL]

2. Data We Collect

Account data

When you register, we collect your name and email address. This data is necessary to create and manage your account. The legal basis is the performance of a contract (GDPR Art. 6(1)(b)).

Profile image

You may optionally upload a profile image. Images are stored on Cloudflare R2 object storage. The legal basis is your consent (GDPR Art. 6(1)(a)), which you can withdraw at any time by removing the image from your profile.

Event participation

When you RSVP to or organize events, we store your participation status. Your name and profile image are shown to other users on event attendee lists. The legal basis is the performance of a contract (GDPR Art. 6(1)(b)).

Session and security data

When you log in, we create a session record that includes your IP address and browser user agent. This is used to maintain your login and to detect unauthorized access. The legal basis is our legitimate interest in securing the service (GDPR Art. 6(1)(f)). Sessions expire automatically and are deleted when you log out.

3. Cookies

This website uses only strictly necessary cookies for authentication (session token). These cookies are essential for the login functionality and are exempt from consent requirements under the ePrivacy Directive. We do not use analytics, tracking, or advertising cookies.

4. Third-Party Services

Hetzner (Hosting)

This website is hosted on servers operated by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. All data is stored within the European Union. Hetzner acts as a data processor under a Data Processing Agreement (GDPR Art. 28). See Hetzner's privacy policy at hetzner.com.

Cloudflare R2 (Image Storage)

Profile images and event photos are stored using Cloudflare R2 object storage, operated by Cloudflare, Inc. Images are stored in EU regions. See Cloudflare's privacy policy at cloudflare.com.

Komoot Photon (Geocoding)

When searching for event locations, we send your search query to the Komoot Photon API (photon.komoot.io) to suggest city and place names. No personal data beyond the search text is transmitted. See Komoot's privacy policy at komoot.com.

5. Data Retention

Account data is retained for as long as your account exists. Sessions are deleted on logout or when they expire. Password reset tokens expire automatically within a short period. You can delete your account at any time from your account settings, which permanently removes all personal data associated with your account.

6. Your Rights

Under GDPR, you have the right to:

  • Access your personal data (Art. 15)
  • Correct inaccurate data (Art. 16)
  • Request deletion of your data (Art. 17) — available directly via account settings
  • Restrict or object to processing (Art. 18, 21)
  • Data portability (Art. 20)
  • Withdraw consent at any time, where processing is based on consent

To exercise any of these rights, contact us at [CONTACT EMAIL].

7. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority in Germany is the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI).