Privacy notice (GDPR)

This notice describes the current processing setup for Lautern Pulse. It is structured to support GDPR Art. 13 transparency and should be kept in sync with feature releases.

Controller contact

David Blunk
Pending verified legal postal address
david@blunk.cc

Data-protection contact: david@blunk.cc

Processing purposes and legal bases

• Art. 6(1)(b) GDPR: Account registration, login sessions, RSVP state, messaging, and profile settings needed to provide requested services.
• Art. 6(1)(c) GDPR: Storage of legal-request records and moderation records required for statutory obligations and legal defense.
• Art. 6(1)(f) GDPR: Platform security logs, abuse prevention, rate limiting, fraud checks, and anonymous daily visit measurement to protect users, understand operational usage, and maintain service integrity.
• Art. 6(1)(a) GDPR: Optional profile links, optional dating/location features, voluntary photo submissions, and persistent first-party visitor analytics where explicit user action is required.

Storage and retention

• Account and profile records: Stored while the account remains active and removed or anonymized after verified deletion requests, unless legal retention applies.
• Session/authentication records: Session cookies are short-lived and rotated on login/logout; server-side auth metadata is retained only as needed for security and troubleshooting.
• First-party analytics records: Anonymous daily pageview/visitor estimates, opt-in persistent visitor pageview records, and signed-in operational activity are aggregated for admin reporting and pruned after a short operational window.
• Photo moderation/removal requests: Retained until moderation is complete plus a legal-defense window, then deleted or anonymized according to operational policy.
• Data-subject rights requests: Retained for compliance accountability (up to 3 years unless a longer statutory period applies).

Recipient categories and transfers

Data may be processed by hosting and infrastructure providers acting as processors. Where third-country providers are used, transfers require lawful safeguards (for example SCCs and risk review) before production rollout.

Your rights under GDPR

You can request access, rectification, erasure, restriction, objection, and portability (Arts. 15-21 GDPR), and can withdraw consent at any time for consent-based processing.

Submit requests via /data-rights or email david@blunk.cc. Standard response time is one month after verification.

Complaint authority

Supervisory authority (Rheinland-Pfalz): Der Landesbeauftragte fuer den Datenschutz und die Informationsfreiheit Rheinland-Pfalz

Photo handling

Every published photo should have prior explicit permission and a documented moderation trail before it is shown.

Manual uploads stay pending until reviewed. Fast removal requests remain available at all times.

Essential storage is active by default. Anonymous daily visit measurement runs without local analytics storage; persistent first-party analytics storage only starts after explicit opt-in. Marketing storage is not enabled.

Official GDPR text · Official KunstUrhG text · Rheinland-Pfalz supervisory authority