Data Privacy

Last updated: 09.11.2024

1. Data Controller

LootSpectrum is operated by:

  • Name: Paul Münchhausen
  • Address: 66773 Schwalbach, Richard-Wagner-Str. 22, Germany
  • Email: paul@muenchhausen.dev
  • Discord: @patimue

2. Collection and Storage of Personal Data

When you visit our website, certain personal data is processed. This includes:

  • IP address
  • Date and time of the request
  • Browser type and version
  • Operating system used
  • Referrer URL

This data is used solely to ensure the smooth operation of the website and to improve our services.

3. Data Processing for Authentication Services

If you sign in via Google or Discord, we receive basic profile information from these providers:

  • Email address
  • Public profile information (e.g., display name)
  • Profile picture/avatar
  • Unique user identifier
  • For Discord: Discord username and Discord ID

This information is used solely for account management and service provision. We do not store passwords.

4. Payment Processing via Stripe

Users have the option to purchase a "Supporter" subscription via the payment provider Stripe. All payment processing, including credit card details and billing information, is handled directly by Stripe.

We do not store or process any payment-related information such as credit card numbers or billing addresses. The only data stored on our servers in connection with your subscription is:

  • last_subscribed_at (Timestamp indicating the last subscription date)
  • last_cancelled_at (Timestamp indicating the last cancellation date)

Your email address is stored for authentication purposes only and is not used for payment processing.

For more details on Stripe’s data processing policies, please refer to their privacy policy: https://stripe.com/privacy

5. Legal Basis for Processing

Your data is processed based on the following legal grounds:

  • Contract performance (Art. 6(1)(b) GDPR)
  • Legitimate interest (Art. 6(1)(f) GDPR)
  • Consent (Art. 6(1)(a) GDPR) for non-essential processing

6. Storage and Security

  • Your data is stored within the EU on Supabase servers.
  • Data is deleted within 30 days after account deletion.

7. Your Rights

Under the GDPR, you have the right to:

  • Access
  • Rectification
  • Erasure
  • Restriction of processing
  • Objection to processing
  • Data portability

Contact us via email or Discord to exercise these rights.

8. Cookies

We use only essential cookies for:

  • Authentication
  • Session management
  • Security purposes

You can manage cookies through your browser settings.

9. Hosting

Our website is hosted by Vercel Inc.

10. Changes to This Privacy Policy

We may update this privacy policy when necessary. You will be notified of significant changes.

11. Contact

For privacy-related inquiries, contact us at:

  • Email: paul@muenchhausen.dev
  • Discord: @patimue

You also have the right to file a complaint with the relevant data protection authority.