← Back to home

Privacy Policy

Datenschutzerklärung

Last updated: November 2024

Alpha Version Notice: This service is currently in alpha development. Data handling practices may evolve as the service develops.

1. Introduction

We take the protection of your personal data very seriously. This Privacy Policy explains how we collect, use, and protect your personal data when you use Very Bad Chat ("Service").

This Privacy Policy complies with the General Data Protection Regulation (GDPR - Datenschutz-Grundverordnung) and the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG).

As this is an alpha project operated on a non-commercial basis, we process only the minimum data necessary for the Service to function.

2. Data Controller (Verantwortlicher)

The data controller responsible for data processing on this Service is:

[Name and contact information to be provided]

For questions regarding data protection, you can contact us at:

[Email address to be provided]

3. Data We Collect

3.1 Account Information

When you create an account, we collect:

  • Email address
  • Username (if provided)
  • Password (stored in encrypted form)

3.2 Usage Data

When you use the Service, we may collect:

  • Chat messages and content you create
  • Timestamps of your activities
  • Device and browser information
  • IP address

3.3 Technical Data

Our servers automatically collect:

  • Server log files (IP address, browser type, access times)
  • Error logs for debugging purposes
4. Legal Basis for Processing (Rechtsgrundlagen)

We process your personal data based on the following legal grounds under GDPR:

Art. 6(1)(a) GDPR - Consent

For optional features where you have given explicit consent.

Art. 6(1)(b) GDPR - Contract Performance

Processing necessary for the performance of the Service you requested (providing the chat application functionality).

Art. 6(1)(f) GDPR - Legitimate Interests

For security purposes, fraud prevention, and improving the Service. Our legitimate interest is to provide a secure and functional service.

5. Purpose of Data Processing

We use your data for the following purposes:

  • Providing and maintaining the Service
  • Creating and managing your user account
  • Enabling communication features
  • Ensuring the security of the Service
  • Identifying and fixing technical issues
  • Complying with legal obligations

As a non-commercial alpha project, we do not use your data for:

  • Advertising or marketing
  • Selling to third parties
  • Profiling for commercial purposes

Policy Changes: These data usage practices may change in the future as the project develops. If we decide to change how we use your data, we will:

  • Notify you at least 30 days in advance (minimum required notice period)
  • Provide you with a grace period of 30 days to request deletion of your data
  • Allow you to opt out before new data practices take effect

During the 30-day grace period, you may contact us to request complete deletion of your account and all associated data before any new data usage policies take effect.

6. Acceptance of Security Risks

BY USING THIS ALPHA SERVICE, YOU EXPRESSLY ACKNOWLEDGE AND ACCEPT ALL RISKS associated with using an experimental, unfinished service, including but not limited to:

  • Data breaches and unauthorized access to your data
  • Security vulnerabilities and exploits
  • Loss, corruption, or exposure of your personal information
  • Incomplete or inadequate security measures
  • Other security problems inherent to alpha software

You understand that as an alpha project, security measures are still being developed and may not be comprehensive. You agree to use this Service at your own risk and acknowledge that we cannot guarantee the security of your data.

Recommendation: Do not share highly sensitive, confidential, or critical information through this Service.

7. Data Sharing and Third Parties

We do not sell your personal data. We may share your data only in the following circumstances:

  • Service Providers: With technical service providers who assist in hosting and operating the Service, specifically Hetzner Online GmbH (Germany) for cloud hosting infrastructure
  • Analytics Provider: Google Analytics (Google Ireland Limited) for website usage statistics, only if you consent to analytics cookies. Data is anonymized (IP anonymization enabled).
  • Legal Requirements: When required by law or to respond to legal process
  • Protection: To protect the rights, property, or safety of users or others

Any third-party service providers are bound by data processing agreements (Auftragsverarbeitungsverträge) in accordance with Art. 28 GDPR.

8. International Data Transfers

If data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other legally recognized transfer mechanisms under GDPR
9. Data Retention (Speicherdauer)

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy:

  • Account data: Until you delete your account or request deletion
  • Chat content: Until you delete it or your account is deleted
  • Server logs: Maximum 30 days for security purposes
  • Legal obligations: As required by applicable law

After deletion, data may persist in backups for a limited time but will not be actively processed.

10. Your Rights (Betroffenenrechte)

Under GDPR, you have the following rights:

Right of Access (Art. 15 GDPR)

You can request information about your personal data we process.

Right to Rectification (Art. 16 GDPR)

You can request correction of inaccurate personal data.

Right to Erasure (Art. 17 GDPR)

You can request deletion of your personal data ("right to be forgotten").

Right to Restriction (Art. 18 GDPR)

You can request restriction of processing of your personal data.

Right to Data Portability (Art. 20 GDPR)

You can request your data in a structured, machine-readable format.

Right to Object (Art. 21 GDPR)

You can object to processing based on legitimate interests.

Right to Withdraw Consent (Art. 7(3) GDPR)

You can withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise these rights, please contact us using the contact information provided above. We will respond within one month as required by GDPR.

11. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority (Aufsichtsbehörde) if you believe that the processing of your personal data violates GDPR.

In Germany, you can contact the data protection authority of your federal state (Landesdatenschutzbeauftragter) or the Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragte für den Datenschutz und die Informationsfreiheit - BfDI).

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure password hashing
  • Access controls and authentication
  • Regular security reviews

Note: As an alpha service, security measures are still being developed and improved. Please do not share highly sensitive personal information through this Service.

13. Cookies and Local Storage

Essential Cookies (Always Active)

These cookies are necessary for the Service to function and cannot be disabled:

  • Authentication cookies: To keep you logged in
  • Session storage: To maintain your session state
  • Preferences: To remember your settings (including cookie consent)

Analytics Cookies (Opt-in)

We use Google Analytics to understand how visitors interact with our Service. These cookies are only set if you consent when the cookie banner appears:

  • _ga: Distinguishes users (expires after 2 years)
  • _gid: Distinguishes users (expires after 24 hours)
  • _gat: Throttles request rate (expires after 1 minute)

Google Analytics data is anonymized (IP anonymization is enabled). You can opt out of analytics cookies at any time by clearing your browser cookies and selecting "Essential Only" when the consent banner reappears.

We do not use advertising cookies or cookies for commercial profiling.

14. Children's Privacy

This Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information.

In accordance with German law and GDPR Art. 8, if you are under 16, please do not use this Service without parental consent.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

For significant changes affecting your rights, we will provide more prominent notice (such as an email notification or in-app notification).

16. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

[Contact information to be provided]

Note: As this is an alpha project, response times may vary.

← Back to homeTerms of Service →