Zum Inhalt springen
SR6Chargen

Privacy Policy

Last updated: April 2026

1. Controller

The controller for data processing in this application is the person/entity named in the legal notice.

2. Purpose and scope of processing

We process personal data only as required to operate this application.

  • Providing user accounts (registration and login)
  • Handling recovery requests for lost login credentials
  • Storing and managing character data created in the app
  • Secure operation of the app (e.g. session handling, abuse prevention)

3. Processed data categories

  • Account data: username, login token hash, code hash, technical placeholder email
  • In-app usage data: character and profile data stored by you
  • Session and security data: session ID, user ID (if applicable), IP address, user agent, activity timestamps
  • Recovery request data: username, contact channel, optional message, request IP/user-agent, and privacy consent timestamp plus consent IP
  • Technical browser preference data: theme setting (light/dark) via localStorage

4. Legal bases (Art. 6 GDPR)

  • Art. 6(1)(b) GDPR: processing to perform a contract or pre-contractual measures (using app features, account handling)
  • Art. 6(1)(f) GDPR: legitimate interest in secure, stable and abuse-resistant operation (e.g. session handling, rate limiting, IT security)
  • Art. 6(1)(c) GDPR: where legal retention obligations apply

5. Cookies, sessions and browser storage

This application uses technically required cookies for login, session handling and security. Core functionality is not possible without these cookies.

In addition, the theme preference (light/dark) is stored in the browser using localStorage. This is a local UI preference setting.

6. File uploads (PDF import)

If you use the import feature, the uploaded PDF file is processed server-side to extract character data. Imported values are assigned to your account and stored in the application.

7. Email communication

We do not send mandatory verification or password-reset emails in the passwordless login flow. If you contact us via recovery channel, communication may occur via the contact option you provided.

8. External services and recipients

To display fonts, a connection to fonts.bunny.net is established when loading pages. Technically required connection data (e.g. IP address) may be transmitted to that service.

There is currently no active integration of tracking/analytics services (e.g. Google Analytics, Plausible, PostHog).

9. Storage duration

  • Account and app-related data: generally until account deletion unless legal obligations require retention
  • Session data: according to technical session lifetime and automatic cleanup
  • Security/log data: only as long as required for security and abuse detection

10. Your rights

Subject to legal requirements, you have in particular the following rights:

  • Access to processed personal data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing based on legitimate interests (Art. 21 GDPR)
  • Complaint to a data protection supervisory authority (Art. 77 GDPR)

To exercise your rights, please use the contact details listed in the legal notice.

11. Updates to this notice

We update this privacy notice when technical or legal conditions change. The current version published here applies.