Privacy Policy

General information

The following information provides a simple overview of what happens to your personal data when you use FounderDuel. Personal data is any data with which you can be personally identified. For detailed information on data protection, please refer to the rest of this privacy policy.

Who is responsible for data collection on this platform?

Data processing on this platform is carried out by the operator. You can find the operator's contact details in the “Information on the controller” section of this privacy policy.

How do we collect your data?

Some of your data is collected when you provide it to us — for example when you create an account, edit your profile, or submit proof for a duel. Other data is collected automatically or with your consent by our IT systems when you use the platform. This is primarily technical data (e.g. internet browser, operating system, or time of the request).

What do we use your data for?

We use your data to provide the FounderDuel service: to authenticate you, to run your duels, to maintain your profile, leaderboard standing, XP, badges and activity history, and to operate the platform securely and reliably. We do not use analytics, tracking, or advertising cookies, and we do not sell your data.

What rights do you have regarding your data?

You have the right at any time to receive information free of charge about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

Hetzner

The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (hereinafter “Hetzner”). The personal data collected on this platform — including account data, content you submit, and server log data — is stored on Hetzner's servers, which are located in the European Union.

Hosting is carried out for the purpose of fulfilling our contract with our users (Art. 6 (1) (b) GDPR) and in the interest of secure, fast, and efficient provision of our service by a professional provider (Art. 6 (1) (f) GDPR). We have concluded a data processing agreement (Auftragsverarbeitungsvertrag) with Hetzner in accordance with Art. 28 GDPR. Further information can be found in Hetzner's privacy policy: https://www.hetzner.com/legal/privacy-policy.

Data protection

The operator of this platform takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. We point out that data transmission over the internet (e.g. communication by email) can have security gaps. Complete protection of data against access by third parties is not possible.

Information on the controller

The controller responsible for data processing on this platform is:

SlimSec IT GmbH
Rabinstr. 1
53111 Bonn, Germany
Phone: 0228 – 94803230
Email: info@slimsec.de

The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Storage duration

Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us until the purpose for processing it no longer applies. Your account and profile data is stored for as long as you maintain a FounderDuel account; if you request deletion of your account (by emailing us at the address above), your account data is deleted, unless we have other legally permissible grounds for retaining it (e.g. tax or commercial retention periods). Files you upload as proof are automatically deleted once they are no longer referenced by any submission.

Legal bases for processing

Where you have given consent, we process your personal data on the basis of Art. 6 (1) (a) GDPR. Where your data is required to perform our contract with you or to carry out pre-contractual measures, we process it on the basis of Art. 6 (1) (b) GDPR. Where processing is necessary to comply with a legal obligation, we rely on Art. 6 (1) (c) GDPR. Processing may also be based on our legitimate interest under Art. 6 (1) (f) GDPR. Where consent for the storage of cookies or access to information on your device is required, processing is additionally based on § 25 (1) TDDDG (formerly TTDSG). Consent can be revoked at any time.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected.

Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)

If data processing is based on Art. 6 (1) (e) or (f) GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims (objection under Art. 21 (1) GDPR).

Right to lodge a complaint with the supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work, or the place of the alleged violation. This right exists without prejudice to any other administrative or judicial remedy.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Access, rectification, and erasure

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of the data processing and, if applicable, a right to rectification or deletion of this data. For this and for further questions on the subject of personal data, you can contact us at any time.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time. The right to restriction of processing exists in the cases set out in Art. 18 GDPR.

SSL/TLS encryption

For security reasons and to protect the transmission of confidential content, this platform uses SSL/TLS encryption. You can recognize an encrypted connection by the “https://” in your browser's address bar. When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Cookies

FounderDuel uses a strictly necessary session cookie to keep you signed in after you authenticate. This cookie is essential for the login functionality and does not track you across other websites. We do not use analytics, advertising, or other non-essential cookies. The storage of strictly necessary cookies is based on Art. 6 (1) (f) GDPR and § 25 (2) TDDDG, as we have a legitimate interest in providing a technically functional, secure login. You can configure your browser to inform you about the setting of cookies and to delete them; disabling the session cookie will prevent you from signing in.

Server log files

Our infrastructure (including the reverse proxy used to serve the platform) automatically collects and stores information in server log files that your browser transmits to us. This includes browser type and version, operating system, referrer URL, host name of the accessing device, time of the server request, and the IP address. This data is not merged with other data sources. It is collected on the basis of Art. 6 (1) (f) GDPR — we have a legitimate interest in the technically error-free presentation and optimization of the platform and in detecting and preventing abuse and attacks.

Sign-in via third-party providers (Google, GitHub, GitLab)

You sign in to FounderDuel using a third-party identity provider of your choice — Google, GitHub, or GitLab — via the OAuth procedure. When you do so, you are first redirected to the chosen provider, where you authenticate. After successful authentication, the provider transmits certain account information to us, namely your name, email address, and (if available) profile picture, which we use to create and identify your account. We do not receive your password.

The providers are: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; GitHub, Inc., 88 Colin P. Kelly Jr. Street, San Francisco, CA 94107, USA; and GitLab Inc., 268 Bush Street #350, San Francisco, CA 94104, USA. Choosing a provider also transmits data to that provider; please refer to their respective privacy policies. Insofar as data is transferred to the USA, this is based on the EU Commission's standard contractual clauses and/or the EU-US Data Privacy Framework where the provider is certified. The processing is based on Art. 6 (1) (b) GDPR (provision of the service you requested) and your consent given by selecting the provider, Art. 6 (1) (a) GDPR.

Account, profile, and gameplay data

To provide the service, we store the data associated with your account: your name, email address, and profile picture (from your sign-in provider), an optional display name and bio that you can edit, and the gameplay data generated as you use the platform — duels you create or join, proof submissions, XP, level, wins, losses, streaks, badges, and your activity history. This data is processed to operate the service on the basis of Art. 6 (1) (b) GDPR. Your profile, including your name, level, badges, and win/loss record, is visible to other users (for example on the public leaderboard and profile pages).

Duels and proof submissions (file uploads)

When you submit proof for a duel, the text, links, and any files you upload (such as screenshots or PDF documents) are stored on our server and associated with that duel. Uploaded files are served only to the participants and the creator of the relevant duel; they are not publicly accessible. Files that are no longer referenced by any submission are automatically removed. This processing is based on Art. 6 (1) (b) GDPR. Please do not upload files containing personal data of third parties or confidential information that is not necessary for the duel.

Contacting us by email

If you contact us by email (for example to request deletion of your account), your message including all personal data resulting from it (name, email address, the content of your request) is stored and processed by us for the purpose of handling your request. We do not pass on this data without your consent. The processing is based on Art. 6 (1) (b) GDPR where your request relates to the performance of a contract, and otherwise on our legitimate interest in effectively handling the requests addressed to us (Art. 6 (1) (f) GDPR) or your consent (Art. 6 (1) (a) GDPR). This data remains with us until you request its deletion or the purpose for storing it no longer applies; mandatory statutory provisions — in particular retention periods — remain unaffected.