Privacy Policy

Last updated: February 26, 2026

1. Controller

Felix Moschkau
Am Torfberg 40
52372 Kreuzau
Germany
Email: felix.moschkau@kst-moschkau.eu

2. Scope of Processing

This policy explains how personal data is processed when you use Battlemaster, including account registration, sign-in, profile management, and application usage.

3. Categories of Personal Data

  • Account data (email address, username, profile metadata)
  • Authentication and session data
  • Content data you create in the app
  • Technical data (IP address, timestamps, request and error logs)

4. Purposes and Legal Bases

  • Providing and operating the service (Art. 6(1)(b) GDPR)
  • Securing the platform and preventing abuse (Art. 6(1)(f) GDPR)
  • Account and identity management, password reset, session control (Art. 6(1)(b) GDPR)
  • Compliance with legal obligations (Art. 6(1)(c) GDPR)

5. Processors and Third-Party Services

  • Supabase (authentication, database, storage)
  • Render (API hosting)
  • Vercel (web hosting and deployment)
  • Discord OAuth (optional social sign-in)
  • hCaptcha by Intuition Machines, Inc. (bot protection in auth flows)

These providers may process data as processors or independent controllers depending on the specific function.

6. International Data Transfers

If personal data is processed outside the EU/EEA, transfers are based on applicable GDPR transfer mechanisms (for example, adequacy decisions or standard contractual clauses), as provided by the respective service provider.

7. Storage Duration

Personal data is stored only as long as required for the purposes listed above, unless statutory retention periods require longer storage.

8. Cookies and Similar Technologies

Battlemaster currently uses technically necessary storage and security-related technologies for login, session handling, and abuse prevention. No optional analytics or marketing cookies are intentionally enabled at this stage.

9. Your Rights under GDPR

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

10. Supervisory Authority (North Rhine-Westphalia)

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW)
Kavalleriestr. 2-4
40213 Duesseldorf
Website: https://www.ldi.nrw.de/

11. Contact

For privacy-related requests, contact: felix.moschkau@kst-moschkau.eu

Legal Notice: Legal Notice
Disclaimer: Disclaimer