Privacy Policy

Last updated: April 25, 2026

Data Controller

Frank Sauerburger, Lameystr. 1, 79108 Freiburg, Germany; frank@sauerburger.com; +49 7668 3192560 is the data controller pursuant to Art. 4(7) GDPR.

1. Data Collected

Web server logs — all visitors

When you visit this website, the following data is automatically collected: IP address, request timestamp, URL, HTTP status code, response size, User-Agent, and referring URL.

Purpose: Security monitoring, abuse detection, performance monitoring.
Legal basis: Art. 6(1)(f) GDPR — legitimate interests.
Retention: Automatically deleted after 30 days.

Account data — registered users only

Upon registration, the following data is stored: email address, hashed password, account creation timestamp, email verification status, language preference, an activity log (event type, timestamp, IP address, User-Agent for each event), and other account related and user generated data.

Purpose: Account creation and operation, authentication, account security, account-related communication (email verification, password reset).
Legal basis: Art. 6(1)(b) GDPR — performance of a contract.
Retention: Retained for the lifetime of the account.

Data Retention After Account Closure

We may retain certain account data (such as your email address) even after your account has been closed. This retention is necessary to ensure security and to comply with applicable legal obligations.

Legal basis: Art. 6(1)(c) GDPR — compliance with a legal obligation; Art. 6(1)(f) GDPR — legitimate interests (security).

2. Data Sharing

Personal data is not shared with third parties and is not used for advertising or marketing.

3. Data Processors

Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany is used for server and network infrastructure. Hetzner acts as a data processor under a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR. Hetzner’s data centres are located in the EU; no personal data is transferred outside the EU/EEA.

4. Your Rights

You have the following rights under the GDPR: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21), and the right to lodge a complaint with a supervisory authority.

No automated decision-making or profiling (Art. 22) is performed.

5. Contact

For privacy inquiries, please contact: contact@lucy.com

Privacy Policy | Lucy