Privacy Policy & Legal Notice

TL;DR

Your data is safe, if you do not trust me check out the source code and host the system by yourself.

1. Controller and Responsible Person

Name: Linus Moser
Email: linus.moser@megakuul.ch
Public profile: github.com/Megakuul

This website and the “zen” web application are operated by the controller named above. The controller is responsible for all data processing described below under the Swiss Federal Data Protection Act (revDSG) and the EU General Data Protection Regulation (GDPR).

2. Scope

This policy applies to the “zen” web application. It is intended to comply with Swiss revDSG and the EU GDPR.

3. Data we Process

  • Account data: Email (required), username (optional, may be pseudonymous).
  • Calendar data: Content you enter (events, timings).
  • Technical data: Session cookie for authentication (strictly necessary, exempt from consent under Art. 5(3) ePrivacy Directive).

4. Purposes of Processing

  • Provide login and account functionality.
  • Store and display your calendar data to you. If you explicitly enable the leaderboard feature, your activity data (such as aggregated counts and timestamps, never event content) is used to generate publicly visible leaderboard statistics.
  • Maintain security and service reliability.

5. Legal Bases (GDPR)

  • Art. 6(1)(b) GDPR — performance of a contract (account and calendar features).
  • Art. 6(1)(f) GDPR — legitimate interests (security, fraud prevention).

6. Cookies and Tracking

We use only one session cookie that is technically necessary for authentication. No analytics, advertising, or third-party tracking cookies are used.

7. Recipients and Processors

  • Hosting: Amazon Web Services (AWS), acting as data processor under a data processing agreement (DPA).

No data is sold or shared for marketing purposes.

8. Storage Location and Data Transfers

Data is hosted in AWS data centers located within the European Union. If transfers outside Switzerland or the EEA become necessary, appropriate safeguards such as adequacy decisions or Standard Contractual Clauses will be applied and this policy updated.

9. Data Retention and Deletion

  • Data is retained while your account is active.
  • You can request account deletion at any time by contacting the controller. After confirmation, your account and calendar data are deleted.

10. Security Measures

Appropriate technical and organizational measures are implemented, including encrypted transport (HTTPS) and access control.

11. Your Rights

You have rights of access, rectification, deletion, portability (where applicable), restriction of processing, and—under GDPR—objection to processing based on legitimate interests. You may also lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or with your EU data protection authority.

To exercise your rights, contact: linus.moser@megakuul.ch.