Privacy Policy

Summary (TL;DR)

We are highly committed to protecting your privacy. We collect anonymized website usage analytics to improve our services and ensure compliance with the General Data Protection Regulation (GDPR). We do not use cookies or store any personally identifiable information (PII). Any data collected by us or third-party systems is scrubbed, encrypted, and anonymized. Detailed policies are provided below.
As an open-source project, we are transparent about our practices and welcome any questions or concerns. Please use our contact form to reach out. We are happy to provide further information.

Detailed Privacy Policy

We collect anonymized website usage analytics to enhance our services and user experience, ensuring our full compliance with the GDPR, without employing cookies or other continuous tracking technologies.
The data we accumulate includes generic device details (such as type, OS, browser), approximate geolocation (incorporating country, city, region), and a randomized unique session ID saved in your local storage. We use a professional IP address API service (ip-api.com) to procure this anonymized geolocation data. You may refer to ip-api.com privacy policy. This data acquisition service is entirely GDPR compliant, ensuring the encryption of data in transit. Neither us nor ip-api.com process or store any personally identifiable information or more specially your IP address.
The unique session ID enables us to monitor your page visits and certain activities on our site, such as your entering a room and final vote, helping us to understand user behaviors and preferences.This data collection operates under the 'legitimate interests' lawful basis as per GDPR Article 6(1)(f). As we only deal with anonymized data and perform no processing of personally identifiable information, there is no need for prior consent. We maintain our unwavering commitment to your privacy and strictly adhere to data protection principles.

Our service heavily relies on Ably, a WebSocket provider known for making data protection compliance its priority and adhering to EU GDPR while employing 256-bit AES encryption. Ably ensures that data in transit remains secure and confidential. You may refer to Ablys privacy policy. Within our service, Ably Websockets enable the transparent sharing of usernames and votes. However, this data does not persist after exiting the room or once the room remains inactive for a period. Therefore, data from previous sessions, including usernames and votes, cannot be accessed by later visitors unless actively present in the room.

We utilize Sentry for error tracking to improve our services. We configured Sentry to be fully GDPR compliant and ensuring the security and privacy of data. You can read more about their privacy practices here: Sentry's Privacy Policy. In our implementation, we ensure that no PII is sent to Sentry. Our configuration and implementation removes user details (request headers, user context and ip address) before sending an error event to Sentry to maintain our commitment to GDPR compliance.

Personal details offered through our contact form (name and email), in agreement with GDPR definitions, are managed with utmost confidentiality and used solely for responding to your inquiries. We will seek your consent prior to using this data for any unrelated purpose. Moreover, we do not use any third-party services for our contact form, which could access or store your data.

Our website runs on a proprietary database system hosted on a MariaDB in a Hetzner VPS located in Nuremberg, Germany. To preserve data integrity, all transfers are encrypted. But the use of the database is confined to storing the anonymized website usage analytics and has no connection to specific usernames or individual votes. Whatever information collected in no way contributes to individual profiles.

In our service, usernames are entirely fictional. They are neither stored nor connected to the website usage analytics. While these names and corresponding votes are accessible upon entry to the room, they are not identifiable. We insist on the avoidance of identifiable information as usernames to ensure GDPR compliance.

Data Retention

We ensure that all Ably channels are automatically closed and deleted after 5 minutes of inactivity or when the last user leaves. Our analytics are fully GDPR compliant and are anonymized in such away that they cannot be linked back to any individual's identity, IP address, email, or username. Therefore, we typically do not aim to delete the analytics data since it is already anonymized and poses no risk to user privacy.

User Rights Under GDPR

You have the right to access, rectify, or delete any data we hold about you. Since we do not store any personally identifiable information, we or third-party tools do not hold any data in this regard. However, we are open to deleting even the anonymized data if requested. Please reach out to us using our contact form for such requests.

Project License

The project is licensed under the GNU Affero General Public License v3.0 (AGPLv3). This license ensures that derivative work will be released under the same license terms, promoting open source sharing and improvements. Users can use, modify, and distribute this software and its source code, provided they adhere to the license terms. You can review the full license terms by clicking the link below.

AGPLv3 license

Donations

The PayPal link offered for contributions is solely an option for those who voluntarily choose to financially support the continued upkeep and development of this tool. Any funds received are acknowledged not as formal, tax-deductible donations, or as a commercial transaction involving an exchange of goods or services. They are considered as supportive contributions aiding in this tool's further development. As such, these arrangements are not governed by German Civil Code (BGB) or Consumer Rights Directive (2011/83/EU). The use of the term "donation" herein is a common terminology in online platforms, and it is important to note its context is not linked with the applicable laws and regulations of formal, registered charity donations.

Donate