Privacy Policy
Last updated: June 20, 2026
1. Controller / Verantwortlicher
The controller responsible for data processing under the General Data Protection Regulation (GDPR) is:
SchmuckBot
Germany
Email: contact@schmuckbot.carra.dev
2. General Information
We take the protection of your personal data seriously. This Privacy Policy explains what personal data we process, for what purpose, and what rights you have under the GDPR.
3. Data We Process
3.1 Account and Authentication Data
When you create or use an account, we process:
- Email address and/or username
- Authentication credentials (e.g. securely hashed passwords)
- Authorization and account status information
This processing is necessary to provide secure access to the web application.
3.2 Server Log Files and Security Logs
For technical security and operational stability, our servers automatically process:
- IP address
- Date and time of requests
- Requested URLs and API endpoints
- HTTP status codes
- User agent information (browser and operating system)
- Authentication events (successful and failed logins)
These logs are used exclusively for:
- Ensuring system security
- Detecting abuse and unauthorized access
- Troubleshooting and maintaining system stability
4. Legal Basis for Processing
| Purpose | Legal Basis (GDPR) |
|---|---|
| User authentication and account management | Art. 6(1)(b) GDPR |
| Security logging and abuse prevention | Art. 6(1)(f) GDPR |
| Operation and maintenance of the service | Art. 6(1)(f) GDPR |
Our legitimate interest under Art. 6(1)(f) GDPR is maintaining the security, integrity, and reliable operation of the service.
5. No Analytics or Tracking
We do not use:
- Analytics services
- Advertising trackers
- Behavioral profiling
- Cross-site tracking
- Marketing cookies
We do not analyze user behavior for advertising or marketing purposes.
6. Cookies and Local Storage
The application may use technically necessary cookies or local storage solely for:
- User authentication
- Session management
- Security functionality
These technologies are necessary for the operation of the service and do not track users across websites.
7. Hosting and Data Processing Location
The web application is hosted on servers located in Germany.
Personal data is processed within the European Union.
8. Data Retention
We retain personal data only as long as necessary for the purposes described in this Privacy Policy.
- Account data is retained while the account remains active.
- Security logs are retained only for a limited period necessary to ensure security and investigate incidents.
- Data may be retained longer where legally required.
9. Data Sharing
We do not sell personal data.
Personal data may only be shared:
- With processors acting on our behalf under GDPR-compliant agreements
- Where required by law
- Where necessary to protect the security and integrity of the service
10. Your Rights Under GDPR
Under the GDPR, you have the following rights:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to lodge a complaint with a supervisory authority
To exercise your rights, contact:
Email: contact@schmuckbot.carra.dev
11. Security Measures
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Updated versions will be published on this page with a revised date.
13. Contact
If you have questions regarding this Privacy Policy or data protection matters, please contact:
SchmuckBot
Email: hello@schmuckbot.carra.dev