This translation is for understanding only. The legally binding version is the German Datenschutzerklärung.

Privacy Policy

00 — At a glance

What is collected? On public pages (home, privacy, imprint) only technical access data via our hosting provider IONOS, together with aggregated statistics via IONOS WebAnalytics — fully server-side and cookieless. No client-side tracking.

In the password-protected members area (/members/) account data is stored for authentication and to provide the features (username, optional email, password hash, optional passkey credentials, session and security log data). Details under sections 09–20.

Who is responsible? Lukas Moser, c/o Block Services, Stuttgarter Str. 106, 70736 Fellbach. Contact:

How can you object to processing? In writing to the address above — see sections 04 and 05.

01 — Controller

Lukas Moser
c/o Block Services
Stuttgarter Str. 106
70736 Fellbach
Germany

Email:

A Data Protection Officer is not required by law and has not been appointed.

02 — Hosting

This website is hosted by:

IONOS SE · Elgendorfer Str. 57 · 56410 Montabaur

When you visit the website, IONOS records server log files including IP addresses. IP addresses are anonymised for statistical evaluation (see section 06). Details at: ionos.de/datenschutzerklaerung

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the reliable operation of the website).

Data processing agreement: A data processing agreement (Auftragsverarbeitungsvertrag, AVV) with IONOS exists pursuant to Art. 28 GDPR. Under that agreement, processing takes place as a rule within the EU/EEA. Should a transfer to a third country exceptionally be necessary, IONOS ensures an adequate level of protection in accordance with Art. 44 et seq. GDPR. IONOS is certified to ISO 27001.

03 — General notes

Storage period: Unless a more specific storage period is stated, your personal data will remain with us until the purpose of processing no longer applies. If you assert a legitimate request for deletion or revoke a consent, your data will be deleted, provided no other legally permissible grounds (e.g. retention periods under tax or commercial law) apply.

Legal bases: Where you have consented to processing, we process your personal data on the basis of Art. 6(1)(a) GDPR. In the case of consent to a transfer to third countries, additionally on the basis of Art. 49(1)(a) GDPR. Where you have consented to the storage of cookies or to access to information on your end device, additionally on the basis of § 25(1) TDDDG (German Telecommunications and Digital Services Data Protection Act). Consent can be revoked at any time. Processing for compliance with legal obligations takes place on the basis of Art. 6(1)(c) GDPR. In addition, Art. 6(1)(f) GDPR (legitimate interest) may be used as a legal basis.

Recipients: We only transfer personal data to external parties where this is necessary for the performance of a contract, where there is a legal obligation, or where there is a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Where processors are used, transfer only takes place on the basis of a valid data processing agreement (AVV).

SSL/TLS encryption: This site uses SSL or TLS encryption. You can recognise an encrypted connection by the "https://" in the address bar and the lock symbol in your browser.

04 — Your rights

You have the following rights with regard to your personal data (Art. 15–21 GDPR):

Access (Art. 15) — free information about stored data, its origin, recipients and the purpose of processing.

Rectification (Art. 16) — correction of inaccurate data or completion of incomplete data.

Erasure (Art. 17) — deletion of your data, provided no statutory retention obligations preclude this.

Restriction (Art. 18) — under certain conditions you can request restriction of processing instead of deletion, e.g. if you contest the accuracy of the data, if processing was unlawful, or if you need the data to assert legal claims.

Data portability (Art. 20) — data that we process on the basis of your consent will be provided to you in a common, machine-readable format.

Withdrawal of consent — where processing is based on your consent, you can revoke it at any time with effect for the future. The lawfulness of processing carried out up to the point of withdrawal remains unaffected.

Right to lodge a complaint — you can lodge a complaint with the competent data protection supervisory authority at any time (see section 08).

For any questions regarding data protection, please contact the controller at any time.

05 — Right to object (Art. 21 GDPR)

IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME, ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION, TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSES OF DIRECT MARKETING (OBJECTION UNDER ART. 21(2) GDPR).

06 — Web analytics (IONOS WebAnalytics)

This website does not use cookies or any client-side tracking. For statistical evaluation of site usage we use IONOS WebAnalytics — a fully server-side analytics method provided by our hosting provider IONOS SE.

How it works: IONOS WebAnalytics operates pixel- or logfile-based directly on the IONOS servers. No cookies are set, and no comparable storage technologies (e.g. localStorage) are used on your end device.

Data collected: referrer (previously visited web page) · requested web page or file · browser type and version · operating system · device type · time of access · IP address in anonymised form (used exclusively to approximate the location of access).

The IP address is transmitted when a page request is made, anonymised immediately after transmission, and processed without any personal reference. According to IONOS, no personal data of website visitors is stored; individual visitors are not identified.

Purpose: solely the statistical evaluation and technical optimisation of the website.

Recipients: IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (processor, AVV pursuant to Art. 28 GDPR). Processing takes place within the EU/EEA. No transfer to third parties outside the processor relationship takes place.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a statistical evaluation of website use for the continuous improvement of the offering and to ensure IT security). Because no cookies are set and no information is read from end devices, § 25 TDDDG (German Telecommunications and Digital Services Data Protection Act) does not apply — consent is therefore not required.

You can object to processing at any time pursuant to Art. 21(1) GDPR on grounds arising from your particular situation — in writing to the address given in section 01.

More information: ionos.de/hilfe — WebAnalytics privacy information

07 — Fonts

The font used (Space Mono) is stored locally on the server. No connections to external servers are made when the page loads.

08 — Supervisory authority

You have the right to lodge a complaint with the competent data protection supervisory authority at any time:

LfDI Baden-Württemberg (State Commissioner for Data Protection and Freedom of Information, Baden-Württemberg) · Lautenschlagerstraße 20 · 70173 Stuttgart
www.baden-wuerttemberg.datenschutz.de

09 — Members area (`/members/`)

The members area is invite-only and only accessible after registration with a username and password. As soon as you log in, we process the data described below in order to provide the features, to ensure the security of the service and to perform the contract within the meaning of the rules of the pack.

Legal bases: Art. 6(1)(b) GDPR (performance of the user relationship) and Art. 6(1)(f) GDPR (legitimate interest in secure and functional operation). Consent to the data protection terms is given actively during registration (mandatory checkbox); the time is documented in the audit log (Art. 7(1) GDPR).

Within /members/ we do not embed any client-side tracking scripts, third-party resources or web fonts. Fonts, images and JavaScript are loaded exclusively from our own server. Only a strictly necessary session cookie is set (see section 11).

Please note, however: since this area runs on the same server (IONOS), the hosting logging described in section 02 and the server-side web analytics by IONOS described in section 06 (logfile-based, no cookies, anonymised IP) also apply here. While IONOS therefore sees the time and URL of your requests within /members/, it cannot link these to your account due to the anonymisation — and we ourselves do not combine these IONOS statistics with the user IDs stored in the audit log (section 13).

10 — Account data

The following data is stored in our database during registration and within your profile:

Mandatory: username, display name, password hash (Argon2id, the plaintext password is never stored), time of creation.

Optional, provided by the user: email address, profile picture (see section 14).

Status and feature flags: admin role, lock status, approval status, permission to comment / post, "password must be changed" flag, "passkey setup recommended" flag.

Automatically recorded: time of last login, counter of failed login attempts, account lockout time if applicable, time of the last feed view (for the "new since" marker in the feed).

Storage period: until the account is deleted by the user (see section 19) or by the controller.

Entries for the personal member pass / luggage tag (first/last name, address, phone number) are deliberately not stored in our database — see section 17 for details.

11 — Sessions & cookies

To maintain the login we set a strictly necessary session cookie:

Name: sk_sid
Content: random session ID (no personal data directly in the cookie)
Properties: HttpOnly, Secure, SameSite=Strict; only for the duration of the session (idle timeout 30 minutes, hard timeout 12 hours)
Purpose: maintain the logged-in session, protection against CSRF attacks

Session data is kept exclusively server-side in standard PHP session files (typically in the server's temp directory). We no longer maintain a session database table with IP addresses, user-agent strings or device identifiers. On logout, on session expiry or on account deletion, the session file is discarded.

Legal basis: Art. 6(1)(b) GDPR and § 25(2) no. 2 TDDDG (German Telecommunications and Digital Services Data Protection Act) (strictly necessary for providing the logged-in service — no consent required).

12 — Passkeys & recovery codes (two-factor authentication)

For strong two-factor authentication you can voluntarily register passkeys (WebAuthn / FIDO2). In doing so we process and store exclusively:

Credential ID (assigned by the device), public key (PEM-encoded), authenticator identifier (AAGUID), a signature counter, and a self-chosen label ("iPhone", "YubiKey" etc.).

We never receive biometric data (fingerprint, face). These remain exclusively on your end device; only a cryptographic proof is transmitted to our server.

Optionally you can generate recovery codes — 10 one-time codes that allow a login if a passkey is lost. We only store the SHA-256 hash, not the code itself. The plaintext is shown once in the browser and is afterwards known only to you. When a recovery code is redeemed, we record the time of redemption — no IP address.

Password reset: When a password reset is requested, we only store the SHA-256 hash of the one-time token sent to you by email, its expiry date and, after successful use, the time of redemption — no IP address. The plaintext token only exists in the email. Unused tokens are invalidated after expiry.

Storage period: until revocation or deletion by the user or until the account is deleted. Legal basis: Art. 6(1)(b) and (f) GDPR.

13 — Security log (audit log & login attempts)

To defend against brute-force attacks and to investigate security incidents we log security-relevant events:

Login attempts: timestamp, username (if provided), truncated IP address (for IPv4 the last octet is zeroed → /24 subnet; for IPv6 the prefix /48), success/failure. Truncation takes place directly on insertion — we never know the full IP. With the subnet, brute-force bots can be blocked without identifying individuals. The records are automatically deleted after 14 days.

Audit log: security- and account-relevant actions (e.g. successful login, password change, passkey registration/deletion, account deletion, invitation creation, privacy consent). Recorded are: event type, user ID/name (if known), truncated IP address (same procedure as above — /24 or /48), timestamp. No user-agent string is stored. Storage period: 180 days, after which entries are deleted automatically. On account deletion the link to the user is removed (audit entries remain anonymised for security and evidentiary purposes).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in protecting the service against misuse). Truncating the IP follows the principle of data minimisation (Art. 5(1)(c) GDPR).

14 — Profile pictures (avatars)

You can voluntarily upload a profile picture. The image is fully re-decoded by the server and stored in a standardised format (WebP, 256 × 256 pixels); metadata (EXIF) is removed in the process. Storage location: outside the public web root; delivery exclusively via an authenticated endpoint.

Within the members area, the profile picture is visible to other logged-in members (e.g. in comments). Outside the members area it is only visible if you have explicitly released it on your public contact page (see section 18).

Storage period: until removal by the user or until the account is deleted. Legal basis: Art. 6(1)(a) GDPR (consent through active upload).

15 — Content (news, comments, reactions, notifications)

In the members area — depending on your permissions — news posts can be created, illustrated with images, commented on and rated. The following are stored: post content, uploaded images (file + caption + dimensions, also re-encoded by the server to remove metadata), author ID, timestamp, comment content with thread reference (parent ID), reactions (vote +/−1 per post).

If other members are mentioned via @username or if someone replies to a post, we create a notification entry in the recipient's inbox referencing the trigger (post/comment), with a short preview excerpt and a read status.

The visibility of your content is limited to the members area; it is not public. When you delete your account, your reactions, comments and notifications are removed; your own news posts may — if still referenced by others — remain in anonymised form.

Legal basis: Art. 6(1)(b) GDPR (provision of the agreed feature).

16 — Email dispatch

We send emails only on an event-related basis. The individual mail types can each be enabled/disabled separately (table mail_templates); the following are currently provided:

Invitation (token link for registration), password reset (token link), reply to comment, mention via @username, registration confirmation for new users, admin notification about new applicants, approval/rejection notification, account was deleted by the admin, data export notice, and messages forwarded to you via the public contact page (section 18).

Dispatch takes place via the mail infrastructure of our hosting provider IONOS SE, Elgendorfer Str. 57, 56410 Montabaur — the same processor that also provides hosting and web analytics (cf. section 02). Processing takes place on the basis of the existing AVV pursuant to Art. 28 GDPR within the EU/EEA. Only data necessary for delivery is transmitted: recipient address, sender address, subject and content of the message. Mail content is not stored permanently in our database — retention takes place only on the recipient or mailbox side.

Templates can be deactivated individually by the controller; in that case dispatch of the corresponding mail category is suspended.

Legal basis: Art. 6(1)(b) GDPR (performance of contract) or Art. 6(1)(f) GDPR (legitimate interest in functional notifications).

17 — Member pass / luggage tag

In the members area you can design a printable member pass ("luggage tag"). The following applies:

Stored server-side in the table member_cards: a random token (32 hexadecimal characters, contained in the QR code URL), your colour preference, a whitelist of the fields visible on the card, the status of the contact form (on/off) and the list of fields additionally released on the public contact page. This data serves solely to render your card.

Not stored in our database are the personal details that can appear on the card: first and last name, address ("territory") and phone number. These inputs remain exclusively in the browser storage (localStorage) of your end device, are not transmitted to our server, and are never shown on the public contact page. You can remove them at any time using the "Clear inputs" button in the configurator; they also disappear if you clear your browser storage or use a different end device.

When printing or saving as PDF, these local values are only inserted into the print layout; even then, they are not transmitted to the server.

Legal basis: Art. 6(1)(a) GDPR (consent through active configuration); for the personal details that remain local, there is no processing by the controller within the meaning of the GDPR, as no data is transmitted to us.

18 — Public QR landing page (`/m/<token>`) & contact form

The QR code on your member pass points to a public page that shows only your display name. Optionally, you can additionally release your profile picture and/or the note "member since MM/YYYY" on this page. Your email address, phone number, address or real name are never shown on this page.

Contact form (optional): If you have enabled the contact form, visitors can send you a text message. It is forwarded directly to your stored email address via a protected send path and is not stored in our database. We do not see the message content and cannot reconstruct it after dispatch.

Spam protection on this page: purely technical measures (honeypot field, a short time gate via a signed timestamp, IP-based throttling via the table login_attempts with 14-day storage (IP addresses are stored truncated to /24 (IPv4) or /48 (IPv6)), and a client-side "proof-of-work" puzzle to be solved). No external CAPTCHA services are embedded, and no personal data is transmitted to third parties.

Strictly necessary cookies: When the QR landing page is accessed, a session cookie (sk_sid, HttpOnly, Secure, SameSite=Strict, lifetime: browser session) is set. It serves solely to secure the contact form (CSRF token) and contains no personal data. Consent is not required for this pursuant to § 25(2) no. 2 TTDSG.

You can regenerate the token at any time in the configurator (previously printed cards then become invalid) or deactivate the contact form or the page.

Legal basis: Art. 6(1)(a) GDPR (consent through activation of the respective feature).

19 — Invitations & invitation codes

New members can only join by invitation. Two procedures exist:

Email-bound invitation: We store the email address, optionally a note, the inviting admin, the expiry date, and the SHA-256 hash of the one-time token (not the plaintext). After acceptance or expiry the entry is invalidated and recorded in the audit log.

Open invitation code: We store the code (as a readable 8-character combination), an optional internal label by the admin, a maximum number of registrations, the expiry date, and a usage counter. In addition we log which user ID used which code and when (table invite_code_uses), in order to be able to trace abuse.

Storage period: until expiry or revocation of the code, or until deletion of the account registered with it. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in controlled access provisioning).

20 — Data export & account deletion

Data export (Art. 15, 20 GDPR): Logged-in members can download a complete copy of all data stored for their account as a ZIP at any time under /members/datenexport (JSON data, profile picture, audit log as CSV, README). For security reasons, password hashes and the cryptographic passkey material are excluded.

Self-deletion (Art. 17 GDPR): In the account area ("Delete account") you can remove your account independently. With deletion, the account, passkeys, sessions, profile picture, reactions, comments and member pass data are irrevocably removed. In the audit log, anonymised entries remain for security and evidentiary purposes.

Alternatively, you can contact us in writing at any time at the address given in section 01.

21 — Technical and organisational measures

To protect your data we employ, among other things: TLS/HTTPS encryption for all data transfers, a strict Content Security Policy with nonce-based scripts, CSRF protection on all forms, SameSite-Strict cookies, Argon2id password hashing, brute-force throttling with exponential backoff, optional passkey 2FA, separate avatar storage outside the web root, regular security updates of the libraries used. An overview of security events (audit log) ensures the traceability of critical actions.

Last updated

May 2026 (revised)

Template: e-recht24.de

Back to the pack