Privacy Policy

1. Data Controller

The person responsible for data processing on this website is:
Ioannis Toptsis
Email: [email protected]

2. Data Collected

The following data is processed when visiting and using Janni.fun:

2.1 Server Log Data

Each page request automatically collects technical data, including the IP address, the requested path, date and time of access, and the browser used (user agent). This data is processed to ensure the operation and troubleshooting of the website.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest). The legitimate interest lies in ensuring the technical operational security, detecting and preventing attacks, and performing error analysis.

Server log data including IP addresses is automatically deleted after 30 days.

2.2 GeoIP Data

For statistical analysis of visitor origin, the IP address is matched to an approximate location (country, city, coordinates) using a local GeoIP database (MaxMind GeoLite2). No data is shared with third parties.

2.3 Discord OAuth2 Login

When you log in via Discord, the following data is transmitted from Discord and stored:

• Discord user ID
• Username and display name
• Avatar hash
• Discriminator
• Membership roles in the associated Discord server

Legal basis: Your consent through the login process (Art. 6(1)(a) GDPR). The data is used for authentication, role management, and providing personalized features (Control Panel, ToDo lists).

2.4 Session Data

To maintain your login, a session cookie is set. Session data is stored server-side in a MySQL database and automatically deleted after 7 days. The cookie is HTTP-only and contains no personal data.

2.5 ToDo Data

If you use the ToDo feature, the tasks you create are stored in the database and associated with your account. This data is only visible to you.

3. Purpose of Data Processing

• Providing and operating the website and related services
• Authentication and user management
• Role-based access control (Control Panel)
• Statistical analysis of visitor numbers (no sharing with third parties)
• Error analysis and security monitoring

4. Storage and Deletion

Personal data is only stored for as long as necessary for the stated purposes:

• Server log data (incl. IP addresses): 30 days
• GeoIP visitor data: 90 days
• Session data: 7 days
• Account data: Until deletion upon request
• ToDo data: Until deletion by the user or upon request

You can request the deletion of your account and all associated data at any time by emailing [email protected].

5. Sharing with Third Parties

Personal data is generally not shared with third parties unless there is a legal obligation to do so. Authentication is handled via the Discord OAuth2 interface; the Discord Privacy Policy also applies.

6. External Services

6.1 Google Fonts

This website uses Google Fonts to display the "Inter" typeface. When loading the font, a connection to Google servers is established, during which your IP address is transmitted. For more information, see the Google Privacy Policy.

6.2 Discord API

The Discord API is used for login and role management. Data as described in section 2.3 is transmitted. The Discord Privacy Policy applies.

6.3 Hosting

This website is hosted by Strato AG (Pascalstraße 10, 10587 Berlin, Germany). When using the website, connection data is automatically transmitted to the server. For more information, see the Strato Privacy Policy.

7. Cookies

This website only uses technically necessary cookies:

• Session cookie: Contains a random session ID to maintain login. Expires after 7 days. HTTP-only, SameSite=Lax.
• Language preference: Stored in the browser's localStorage (not a cookie) to remember the chosen language (English/German).

No tracking, advertising, or analytics cookies are used.

8. Your Rights

Under the GDPR, you have the following rights:

• Right of access (Art. 15 GDPR) – What data is stored about you
• Right to rectification (Art. 16 GDPR) – Correction of inaccurate data
• Right to erasure (Art. 17 GDPR) – Deletion of your data
• Right to restriction (Art. 18 GDPR) – Restriction of processing
• Right to object (Art. 21 GDPR) – Objection to processing
• Right to data portability (Art. 20 GDPR) – Receive your data in a machine-readable format

To exercise your rights, contact: [email protected]

9. Right to Complain

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates the GDPR. The competent supervisory authority is the Hessian Commissioner for Data Protection and Freedom of Information (HBDI).