Privacy Policy

As of February 2026

This privacy policy applies to:

the Real Live Achievements app
the associated website: https://farin25.github.io/real-live-achievement (hosted as GitHub Page / Docusaurus)

1. Responsible parties

Responsible for the processing of personal data:

Farin Langner
Liam Selent
Email: achievements@holzideen.org

(As this is a school project, the full address will be added if necessary.)

2. General information

The protection of personal data is our top priority.
Processing is carried out exclusively in accordance with legal regulations (GDPR, BDSG).

Personal data is any information that can be used to identify you.

3. Use of the app

A user account is required to use the app.
The following data is collected:

First and last name (internal only)
User name (public)
Email address (private)
Date of birth (for achievement logic)
Password (stored in encrypted form)
Time of account creation
Time of last update

Purpose: Provision of app functions, achievements, statistics.

Legal basis: Art. 6 (1) (b) GDPR (contract fulfillment)

4. Profile information

Users can define a short profile text, links to websites, or social media themselves.
Note: Users are responsible for their own information.
Content must not infringe on the rights of third parties or be illegal.

5. Achievements & visibility

Users can choose the visibility of their achievements:

Private → only the user can see them
Friends → only users who are friends
Public → all users

The app supports login via GitHub.
Only the data necessary for authentication is transferred.
Legal basis: Art. 6 (1) lit. b GDPR

Further information: https://docs.github.com/de/site-policy/privacy-policies/github-general-privacy-statement

7. Use of the website

Our website is hosted via GitHub Pages / Docusaurus.
Personal data is only processed here if you:

use the contact form (if implemented)
log in with your account (e.g., for the web interface for achievements)

7.1 Embedding of third-party content

Content from Vimeo may be embedded on the website and, if applicable, in the app.
When you access Vimeo content, data is transferred to Vimeo (IP address, device, browser).
Vimeo's privacy policy applies: https://vimeo.com/privacy

8. Hosting / Backend

The app uses Supabase, server location: Frankfurt am Main, Germany.
Supabase processes data within the framework of a data processing agreement in accordance with Art. 28 GDPR.

Further information: https://supabase.com/privacy

9. No profile picture uploads

Currently, no profile pictures are uploaded.
Future avatar systems (e.g., modular emojis) will also not require uploads.

10. Data transfer

Personal data will only be transferred:

to provide the app or website functionality
if required by law
with express consent

11. Storage period

Data is stored for as long as the account exists.
After the account is deleted, all personal data will be deleted, unless there are legal retention obligations.

12. Your rights

You have the right to:

information about stored data (Art. 15 GDPR)
correction (Art. 16 GDPR)
deletion (Art. 17 GDPR)
restriction of processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Objection to processing (Art. 21 GDPR)

To exercise these rights, simply send an informal email to achievements@holzideen.org.

13. Data security

Appropriate technical and organizational measures are used to protect data from unauthorized access, loss, or manipulation.
Passwords are stored in encrypted form.

14. Changes

We reserve the right to amend this privacy policy in the event of changes to functions or legal requirements.
The current version is available on our website.

1. Responsible parties​

2. General information​

3. Use of the app​

4. Profile information​

5. Achievements & visibility​

6. Login via GitHub (OAuth)​

7. Use of the website​

7.1 Embedding of third-party content​

8. Hosting / Backend​

9. No profile picture uploads​

10. Data transfer​

11. Storage period​

12. Your rights​

13. Data security​

14. Changes​