Privacy Policy

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

We process personal data only to the extent necessary to provide the platform. Specifically:

a) Registration and Authentication

An account is required to use Devfluent. Your email address is processed for this purpose. Authentication is provided via magic link (email OTP), password, or GitHub OAuth (via Supabase Auth).

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

b) Usage Data and Learning Progress

To provide core features (learning tracking, XP system, streaks, achievements), we store:

• Learning block progress and completions
• Quiz results
• XP points, level, and streak counter
• Unlocked achievements
• Course and project entries
• Last login timestamp (for streak calculation)

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

c) Server Logs

When the web application is accessed, the hosting provider automatically stores server log files (IP address, timestamp, URL accessed, HTTP status, data volume transferred). These data are not personally accessible to us and are automatically deleted after 7 days.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operational security).

Supabase

We use Supabase (Supabase Inc., 970 Trestle Glen Rd, Oakland, CA 94610, USA) as our database and authentication service provider. Supabase processes personal data on our behalf based on a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR. The database is located in the eu-west-1 (Ireland) region, so no transfer of data to third countries takes place.

Further information: supabase.com/privacy

Netcup (Hosting)

Our server is operated by netcup GmbH (Daimlerstraße 25, 76185 Karlsruhe, Germany). As hosting provider, Netcup processes technical connection data (including IP addresses) on our behalf based on a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR. Server log files are deleted within 7 days.

Further information: netcup.de/kontakt/datenschutzerklaerung.php

GitHub OAuth (optional)

If you sign in with GitHub, your GitHub account data (email address, username) will be used to create your account. The privacy policy of GitHub applies.

The application uses functional cookies to maintain the login session (session token from Supabase Auth) and to store your language preference (NEXT_LOCALE). These cookies are technically necessary or serve a functional preference purpose and do not require separate consent under § 25(2) TTDSG.

No tracking cookies, advertising cookies, or third-party analytics cookies are set.

Personal data is stored for as long as your account is active. After deletion of your account, all associated data will be deleted from our systems within 30 days, provided no statutory retention obligations apply.

You have the right at any time to:

• Access the data stored about you (Art. 15)
• Rectification of inaccurate data (Art. 16)
• Erasure of your data (“right to be forgotten”) (Art. 17)
• Restriction of processing (Art. 18)
• Data portability in a machine-readable format (Art. 20)

To exercise your rights, please contact us by email: kontakt@devfluent.de

You also have the right to lodge a complaint with a data protection supervisory authority. The competent authority depends on your place of residence or the location of our company.

We do not use automated decision-making processes including profiling within the meaning of Art. 22 GDPR. No decisions are made that are based solely on automated processing and that have legal effects or similarly significantly affect you.

Data transmission between your browser and our servers is exclusively via HTTPS (TLS encryption). Passwords are never stored in plain text. Database connections are authenticated and encrypted.

We reserve the right to update this privacy policy if the legal situation or data processing practices change. The current version is always available at /datenschutz. Registered users will be notified by email of any material changes.