Imprint
Service Provider
Johannes KrummBased in Munich, Germany
Contact Information
For direct communication,please visit our contact page
and fill out the form provided.
Privacy Policy
Summary (TL;DR)
We are highly committed to protecting your privacy. We collect anonymized website usage analytics to improve our services and ensure compliance with the General Data Protection Regulation (GDPR). We do not use cookies or store any personally identifiable information (PII). Any data collected by us or third-party systems is scrubbed, encrypted, and anonymized. Detailed policies are provided below.As an open-source project, we are transparent about our practices and welcome any questions or concerns. Please use our contact form to reach out. We are happy to provide further information.
Detailed Privacy Policy
We collect anonymized website usage analytics to enhance our services and user experience, ensuring our full compliance with the GDPR, without employing cookies or other continuous tracking technologies.The data we accumulate includes generic device details (such as type, OS, browser), approximate geolocation (incorporating country, city, region), and a randomized unique session ID saved in your local storage. We use a professional IP address API service (ip-api.com) to procure this anonymized geolocation data. You may refer to ip-api.com privacy policy. This data acquisition service is entirely GDPR compliant, ensuring the encryption of data in transit. Neither us nor ip-api.com process or store any personally identifiable information or more specially your IP address.
The unique session ID enables us to monitor your page visits and certain activities on our site, such as your entering a room and final vote, helping us to understand user behaviors and preferences.This data collection operates under the 'legitimate interests' lawful basis as per GDPR Article 6(1)(f). As we only deal with anonymized data and perform no processing of personally identifiable information, there is no need for prior consent. We maintain our unwavering commitment to your privacy and strictly adhere to data protection principles.
Our service employs a custom-built, open-source WebSocket server implemented using Bun and ElysiaJS to enable real-time communication. This server, part of the free-planning-poker.com project, is completely stateless and does not track or store any user information. Its sole purpose is to share the current state of voting among connected users. You can view the code and contribute to its development on our GitHub repository. It is running on a Hetzner VPS located in Nuremberg, Germany.
We utilize Sentry for error tracking to improve our services. We configured Sentry to be fully GDPR compliant and ensuring the security and privacy of data. You can read more about their privacy practices here: Sentry Privacy Policy. In our implementation, we ensure that no PII is sent to Sentry. Our configuration and implementation removes user details (request headers, user context and ip address) before sending an error event to Sentry to maintain our commitment to GDPR compliance.
Personal details offered through our contact form (name and email), in agreement with GDPR definitions, are managed with utmost confidentiality and used solely for responding to your inquiries. We use resend.com as a third-party service to forward these emails securely to our inbox. Resend.com is fully GDPR compliant and does not store any personal data or the information you entered into the contact form fields. You can read more about their privacy practices here: Resend.com Privacy Policy. We will seek your consent prior to using this data for any unrelated purpose.
Our website runs on a proprietary database system hosted on a MariaDB in a Hetzner VPS located in Nuremberg, Germany. To preserve data integrity, all transfers are encrypted. But the use of the database is confined to storing the anonymized website usage analytics and has no connection to specific usernames or individual votes. Whatever information collected in no way contributes to individual profiles.
In our service, usernames are entirely fictional. They are neither stored nor connected to the website usage analytics. While these names and corresponding votes are accessible upon entry to the room, they are not identifiable. We insist on the avoidance of identifiable information as usernames to ensure GDPR compliance.