Privacy notice (GDPR)

This notice describes the current processing setup for pfalz.dev. It is structured to support GDPR Art. 13 transparency and should be kept in sync with feature releases.

Controller contact

David Blunk
Friedrich-Fröbel-Straße 17 67691 Hochspeyer Germany
david@blunk.cc

Data-protection contact: david@blunk.cc

No separate statutory data-protection officer is currently named; privacy and data-rights requests go to the contact above unless a future notice states otherwise.

Processing purposes and legal bases

• Art. 6(1)(b) GDPR: Account registration, terms acceptance, login sessions, RSVP state, event reminders, venue claims, and profile settings needed to provide requested services; messaging, crew/friend features, matching, and live location sharing only where the legally reviewed community-social feature gate is enabled.
• Art. 6(1)(c) GDPR: Storage of legal-request records, DSA notices, moderation decisions, and statutory accountability records required for legal obligations and legal defense.
• Art. 6(1)(f) GDPR: Platform security logs, abuse prevention, rate limiting, source-quality review, anonymous daily visit measurement, and aggregated product diagnostics to protect users and maintain service integrity.
• Art. 6(1)(a) GDPR: Newsletter double opt-in, optional profile links, OAuth account linking, voluntary photo submissions, opt-in location sharing, browser notification subscriptions, and persistent first-party visitor analytics where explicit user action is required.
• Art. 6(1)(b) / 6(1)(f) GDPR: Commercial partner, widget, sponsorship, venue-claim, organizer-verification, and API-beta requests submitted by organizers or businesses, processed for requested follow-up, abuse prevention, and operator review.

Storage and retention

• Account and profile records: Stored while the account remains active and removed or anonymized after verified deletion requests, unless legal retention applies.
• Session/authentication records: Session cookies are short-lived and rotated on login/logout; server-side auth metadata is retained only as needed for security and troubleshooting.
• Account legal acceptance records: Terms/privacy and age-or-guardian acknowledgements are retained with the account record and removed or anonymized after verified deletion requests unless legal-defense retention applies.
• First-party analytics records: Anonymous daily pageview, engagement, visitor, referrer-host, sanitized referrer/landing URL, viewport, and language estimates; opt-in persistent visitor continuity; and signed-in operational activity are pruned after 90 days or 50,000 records, whichever comes first.
• Photo moderation/removal requests: Retained until moderation is complete plus a legal-defense window, then deleted or anonymized according to operational policy.
• Newsletter opt-in records: Pending signups are retained until confirmation expiry or cleanup; confirmed subscription consent records are retained while the subscription remains active plus a legal-defense window after unsubscribe.
• Commercial lead and partner requests: Retained while the request is being reviewed and during reasonable follow-up/accountability windows, then deleted or anonymized when no longer needed.
• Data-subject rights requests: Retained for compliance accountability (up to 3 years unless a longer statutory period applies).
• Source-ingestion caches: Public event-source payloads are cached only for operational refresh windows; the public feed stores normalized event facts and source URLs rather than copied source pages.

Recipient categories and transfers

• Hosting and storage: The production host, database, upload storage, and email infrastructure process data as service providers where configured.
• Newsletter providers: If configured, confirmed newsletter subscribers may be synced to Brevo or MailerLite after double opt-in for mailing-list delivery.
• OAuth providers: Google, Facebook, and Instagram receive only the OAuth requests a user initiates and return account-linking data according to their own notices.
• External event and map links: Opening source sites, ticket sites, Google Maps routes, social shares, or external venue links sends the browser to those third-party services.
• AI tooling: AI-assisted event extraction and presentation runs as an operator-controlled enrichment workflow; AI output is secondary to source data and moderation.
• No sale of personal data: pfalz.dev does not sell account, analytics, photo, message, or rights-request data. External sites receive data only when a visitor opens their links or uses their services.

Where third-country providers are used, transfers require lawful safeguards such as an adequacy decision, SCCs, and transfer-risk review before production rollout.

Community social features

Direct messages, friend requests, crews, meetup matching, and live location sharing are disabled in production until legal review, DPIA review, retention rules, and user-safety operations are confirmed.

AI-assisted processing

• AI-assisted event text: Some event summaries, translations, and flyer-derived fields may be generated or normalized with AI and are labeled in the event UI when AI assistance is part of the record.
• Human control: AI output does not make legal, account, payment, or moderation decisions by itself; admins remain responsible for public corrections and moderation actions.
• Uncertain facts: Estimated or missing event times stay labeled as estimates or TBA and should not be treated as confirmed source facts.

There is no solely automated decision-making with legal or similarly significant effect.

Your rights under GDPR

You can request access, rectification, erasure, restriction, objection, and portability (Arts. 15-21 GDPR), and can withdraw consent at any time for consent-based processing.

Submit requests via /data-rights or email david@blunk.cc. Standard response time is one month after verification.

Complaint authority

Supervisory authority (Rheinland-Pfalz): Der Landesbeauftragte fuer den Datenschutz und die Informationsfreiheit Rheinland-Pfalz

Photo handling

Every published photo should have prior explicit permission and a documented moderation trail before it is shown.

Manual uploads stay pending until reviewed. Fast removal requests remain available at all times.

Essential storage is active by default. Anonymous daily visit measurement runs without local analytics storage; persistent first-party analytics storage only starts after explicit opt-in. Marketing storage is not enabled.

Official GDPR text · GDPR Art. 13 · EU AI Act · Official KunstUrhG text · Rheinland-Pfalz supervisory authority