Back

Privacy Policy

Last updated: January 12, 2026

1. Data Controller

Conner Berthun
Botenfeldstrasse 2
84088 Neufahrn i. NB.
Email: conner.berthun@aol.com

2. Data Collection and Storage

When visiting and using our dashboard, the following data is collected:

  • Discord User ID
  • Discord Username
  • Discord Avatar
  • Email Address (from Discord)
  • IP Address
  • Browser Information (User-Agent)
  • Access Timestamps
  • Organization Memberships

3. Discord OAuth

We use Discord OAuth for authentication. Your Discord data is retrieved via the Discord API. We only store the information necessary to grant you access to our services. Authentication is done exclusively through Discord. We do not store passwords.

4. Purpose of Data Processing

Data is used for the following purposes:

  • Providing dashboard functionality
  • Identification and authentication
  • Organization
  • Task management and collaboration
  • Security and abuse prevention
  • System activity logging (Audit Logs)

5. Legal Basis for Processing

Processing of your personal data is based on:

  • Art. 6(1)(b) GDPR - Contract Performance: Providing our services
  • Art. 6(1)(f) GDPR - Legitimate Interest: Security, abuse prevention, technical administration
  • Art. 6(1)(a) GDPR - Consent: Optional notifications (can be revoked at any time)

6. Data Retention

Your data is stored as long as you have an active account with us. Upon deletion of your account, all personal data will be irreversibly deleted, except for data that must be retained longer due to legal retention periods. Audit logs are retained for a maximum of 12 months for security reasons.

7. Your Rights

You have the following rights under GDPR:

  • Right of Access (Art. 15 GDPR) - Request information about your stored data
  • Right to Rectification (Art. 16 GDPR) - Request correction of inaccurate data
  • Right to Erasure (Art. 17 GDPR) - Request deletion of your data
  • Right to Restriction (Art. 18 GDPR) - Request restriction of processing
  • Right to Data Portability (Art. 20 GDPR) - Receive your data in a structured format
  • Right to Object (Art. 21 GDPR) - Object to processing
  • Right to Withdraw Consent (Art. 7(3) GDPR) - Withdraw consent at any time

8. Account Deletion

You can delete your account at any time in the settings. This will irreversibly delete all your personal data, including:

  • Discord profile data
  • Organization memberships
  • Projects and tasks you created
  • Audit log entries (after retention period)

9. Cookies and Session Management

We use only technically necessary session cookies for authentication. These are required for the operation of the portal and are automatically deleted after the end of your session or after 24 hours. No tracking or marketing cookies are used.

10. Data Sharing

Your data will not be shared with third parties, except:

  • This is required by law (e.g., court order)
  • Discord OAuth authentication (Discord receives no additional data from us)

11. Security

We implement comprehensive technical and organizational measures to protect your data:

  • SSL/TLS encryption for all data transfers
  • Encrypted database connections
  • CSRF token protection
  • Rate limiting to protect against brute-force attacks
  • Regular security updates
  • Audit logging of all security-relevant actions
  • Access restrictions and permission management

12. Right to Complain

You have the right to file a complaint with a data protection supervisory authority about the processing of your personal data. The competent authority for us is:

Bavarian State Commissioner for Data Protection
Wagmuellerstrasse 18
80538 Munich, Germany
Phone: +49 89 2126 72 0
Email: poststelle@datenschutz-bayern.de

13. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy as needed to comply with current legal requirements or to implement changes to our services. The new privacy policy will apply to your next visit. We will notify you of significant changes by email.

14. Contact for Privacy Questions

If you have questions about the processing of your personal data, your rights, or exercising these rights, you can contact us at any time:

Email: conner.berthun@aol.com

Note: This privacy policy applies exclusively to the EchoManaging Dashboard.