Privacy Policy (Datenschutzerklärung)

Last updated: [Insert Date]

This privacy policy explains how personal data is collected, used, and protected when using jellly.gg. It is written in accordance with the General Data Protection Regulation (GDPR) and other applicable laws in Germany and the EU.

1. Controller and Contact

Dominic von Zielinski
c/o CODE University of Applied Sciences
Donaustraße 44
12043 Berlin
Email: hey@030.design

2. What Data We Collect

a) Account & Authentication
We collect your email address when you sign up or log in via a one-time password (OTP). This is required for creating and accessing your profile.

b) Profile Information
You may optionally submit a username, profile picture, tags, and social links. These are stored in our database and shown publicly as part of your profile.

c) Technical Information
When you visit jellly.gg, we automatically collect your IP address, browser type, operating system, referrer, and page visits for security and analytics purposes.

d) Cookies / Local Storage
We use only essential local storage for session and login persistence. No marketing or tracking cookies are used.

e) Contact & Communication
If you contact us via email, we process your email address and the content of your inquiry.

3. Legal Basis

We process your data under Art. 6(1)(a), (b), and (f) GDPR depending on the context (e.g., consent, performance of a contract, legitimate interest).

4. Data Storage

Data is stored securely with Supabase (authentication and database) and Vercel (hosting). Both are GDPR-compliant services with appropriate data processing agreements.

5. Data Security

Your data is protected through:

  • Row-level security (RLS) in the database
  • Rate limiting on login attempts
  • Input sanitization using DOMPurify
  • Strict content security headers
  • HTTPS encryption

6. Data Access

Your data is only accessible to the site operator (Dominic von Zielinski) and necessary third-party services used to operate jellly.gg. We do not sell your data to any third parties.

7. Your Rights

You have the right to:

  • Access your data (Art. 15 GDPR)
  • Rectify incorrect data (Art. 16 GDPR)
  • Delete your data (Art. 17 GDPR)
  • Restrict processing (Art. 18 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Withdraw consent at any time (Art. 7(3) GDPR)

To exercise your rights, email us at: hey@030.design

8. Data Retention

  • Account and profile data: until deleted by the user
  • Login logs: up to 12 months
  • Support emails: up to 3 years
  • Profile pictures: deleted when the account is deleted

9. International Data Transfers

Data may be transferred to countries outside the EU with adequate safeguards, such as standard contractual clauses (SCCs).

10. Changes to This Policy

We may update this privacy policy. Changes will be posted on this page. Substantial updates will be communicated to users via email.

11. Supervisory Authority

You have the right to lodge a complaint with the supervisory authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
www.datenschutz-berlin.de