Draft version: v0.3
Last updated: May 7, 2026
The controller responsible for the processing of personal data in connection with LudoLog is:
André Kleinhaus
Germany
Email: support.ludolog@proton.me
We have not appointed a Data Protection Officer because, based on the current scope and nature of LudoLog, the legal requirements for appointing a Data Protection Officer are currently not met. If the scope of processing changes, we will reassess this.
| Data category | Examples | Purpose | Legal basis |
|---|---|---|---|
| Account data | Email address, username, password hash | Account creation, login, password resets, account administration | Art. 6(1)(b) GDPR |
| Optional profile data | Bio, BGG username, avatar color, theme/date settings | Profile customization, account settings, and optional BGG-related features | Art. 6(1)(b) GDPR |
| App activity and content | Game library, achievements, shelves, favorites, progression data, votes, published achievements, showcase-related status, imported collection references | Core app functionality, optional collection import, and community features | Art. 6(1)(b) GDPR |
| Feedback data | Feedback category, free-text message, page URL, browser/platform details | Handling bug reports, product feedback, and beta quality improvements | Art. 6(1)(f) GDPR |
| Moderation and admin data | Reports, moderation records, edit history, role assignments, admin/support communication | Community moderation, abuse prevention, support, and service integrity | Art. 6(1)(f) GDPR and, where applicable, Art. 6(1)(b) GDPR |
| Security data | IP address, request metadata, rate-limit records, security logs | Preventing abuse, brute-force attacks, fraud, and security incidents | Art. 6(1)(f) GDPR |
| Password reset data | Reset token hash, expiry timestamp | Secure password recovery | Art. 6(1)(b) GDPR |
| Error and performance data | Technical error reports, stack traces, browser/device data, user ID where necessary | Diagnosing bugs, ensuring stability, and improving performance | Art. 6(1)(f) GDPR |
| Aggregated analytics data | Cookie-less usage and performance metrics | Understanding aggregate product usage and performance | Art. 6(1)(f) GDPR |
| Session data | Authentication/session cookies and related security values | Keeping you logged in and protecting the login flow | Art. 6(1)(b) GDPR |
To create and use a LudoLog account, you must provide:
* your email address;
* a username;
* a password.
Without this information, we cannot create or operate your account.
You may additionally provide or configure:
* a bio;
* your BoardGameGeek username;
* avatar color;
* theme preferences;
* date format preferences;
* other optional profile or app settings made available in the Service.
You are not required to provide this information to use the basic account features.
If you choose to provide your BoardGameGeek username and use BGG-related features, such as collection import, we process that information in order to retrieve and associate the requested BoardGameGeek collection data with your LudoLog account.
Please do not enter sensitive personal data such as health data, political opinions, religious beliefs, or other special categories of personal data into free-text fields unless this is strictly necessary. LudoLog is not intended for processing such data.
If you make your profile public, the following information may be visible to other users:
* your username;
* your bio;
* your public game library;
* the number of showcase achievements associated with your account;
* the number of achievements you have published;
* your meta progression levels.
Other information is shown publicly only where the Service explicitly indicates this.
Individual voting behavior and downvote reasons are not publicly displayed as part of your profile unless the Service expressly states otherwise. Vote data may, however, be used internally for moderation, ranking, quality control, and aggregate statistics.
When you create an account, we process your email address, username, and password hash in order to create and manage your account, authenticate you, allow you to log in, and provide essential account-related functionality.
Legal basis: Art. 6(1)(b) GDPR.
If you choose to add profile information or configure account settings, we process that information to provide profile and customization features.
Legal basis: Art. 6(1)(b) GDPR.
We process the content and activity data you create in order to operate the main functions of LudoLog, including:
* game library management;
* achievement suggestion, publication, editing, and tracking;
* shelves, favorites, and progression systems;
* public and community catalog features;
* showcase and meta progression features;
* voting and quality signals;
* role-based community curation features;
* optional import of BoardGameGeek collection data where requested by you.
If you choose to use collection import, we process your BoardGameGeek username and retrieve the relevant collection information from the BoardGameGeek API in order to provide that feature within LudoLog.
Imported collection data becomes part of your LudoLog account data. If you later change or remove your BoardGameGeek username or stop using the BGG-related feature, previously imported collection data may remain stored within LudoLog unless you separately remove that data within the Service or delete your account.
Legal basis: Art. 6(1)(b) GDPR.
If you submit feedback or bug reports, we process the submitted information in order to improve the Service, diagnose issues, prioritize improvements, and respond where appropriate.
This may include:
* your user ID;
* the feedback category;
* structured feedback fields;
* optional free-text content;
* the page URL from which the feedback was sent;
* browser and platform details where needed to reproduce an issue.
Legal basis: Art. 6(1)(f) GDPR.
Our legitimate interest is to maintain and improve the functionality, usability, and reliability of LudoLog, especially during beta operation.
LudoLog includes moderation and community curation features. To operate these features, we process data relating to:
* reports and complaints;
* moderation decisions and review records;
* achievement edit histories;
* trusted user, curator, and admin role assignments;
* support and moderation-related communication;
* abuse prevention and community integrity.
Trusted users have extended editing rights for achievements within the community catalog. Curators may additionally manage showcase titles and progression track content. Only admins may change user roles or access email addresses and comparable account administration data.
Legal basis: Art. 6(1)(f) GDPR and, where moderation is directly necessary to provide the Service to you, Art. 6(1)(b) GDPR.
Our legitimate interest is to operate a safe, functional, and high-quality community platform and to enforce the rules of the Service.
If you request a password reset, we generate a one-time reset token and send it to your email address. The token is stored only in hashed form together with an expiry timestamp.
Legal basis: Art. 6(1)(b) GDPR.
To protect the Service and its users, we process technical security data such as IP addresses, request metadata, and temporary rate-limit information.
This processing is used, for example, for login protection, password reset protection, report abuse prevention, and protection against brute-force attacks and other misuse.
Where possible, such data is stored only temporarily and with limited retention.
Legal basis: Art. 6(1)(f) GDPR.
Our legitimate interest is to ensure the security, integrity, and availability of the Service.
We use technical error and performance monitoring tools in order to detect bugs, diagnose failures, and improve the stability and performance of the Service.
Depending on the event, this may include:
* stack traces and error messages;
* request and response metadata;
* page URLs;
* browser, operating system, and device information;
* internal user identifiers where necessary to reproduce account-specific issues.
We do not use session replay.
Legal basis: Art. 6(1)(f) GDPR.
Our legitimate interest is to maintain a stable, secure, and functional Service.
We use privacy-friendly analytics and performance tools configured without advertising or marketing purposes and, where possible, without cookies.
These tools are used only to understand aggregate product usage, technical performance, and stability trends. We do not use them to build advertising profiles or for cross-context behavioral tracking.
Legal basis: Art. 6(1)(f) GDPR.
Our legitimate interest is to understand how the Service performs and is used at an aggregate level so that we can improve it.
LudoLog retrieves game-related metadata from the BoardGameGeek XML API, such as game names, identifiers, rankings, and related reference information.
Where you choose to use BGG-related account features, such as collection import, LudoLog may also use the BoardGameGeek username you provide in order to retrieve the relevant collection data from BoardGameGeek and associate it with your LudoLog account.
Imported collection data may remain part of your LudoLog account even if you later remove your BoardGameGeek username or discontinue the related feature, unless you separately delete the imported data or delete your account.
BoardGameGeek metadata requests are generally made server-side by LudoLog. In the normal operation of these metadata requests, we do not intentionally transmit your LudoLog account email address or password data to BoardGameGeek.
LudoLog may store BoardGameGeek metadata and related image URLs in its own systems for a limited period in order to reduce repeated lookups, improve performance, and keep imported or referenced game information available within the Service.
Legal basis: Art. 6(1)(b) GDPR where this is necessary to provide requested BGG-related features, and otherwise Art. 6(1)(f) GDPR.
Our legitimate interest is to provide game reference data efficiently and maintain the technical performance of the Service.
LudoLog stores BoardGameGeek image URLs, such as thumbnail URLs, in its database for a limited period in order to reduce repeated metadata lookups and improve application performance.
The image files themselves are not stored or cached by LudoLog. When a game cover is displayed, your browser loads the image directly from the BoardGameGeek or Geekdo image infrastructure. In this process, technical data such as your IP address, browser information, and request metadata may be transmitted directly to that external provider.
We do not control the data processing carried out by such third-party providers once your browser connects directly to them.
Legal basis: Art. 6(1)(f) GDPR.
Our legitimate interest is to display relevant game imagery efficiently while keeping our own infrastructure lightweight.
LudoLog uses cookies and similar technologies primarily for authentication, login security, and session management.
Based on the current configuration, LudoLog uses only technically necessary authentication and security cookies. We do not currently use advertising cookies or marketing cookies.
Examples of technically necessary cookies may include authentication session cookies, CSRF protection cookies, and callback/redirect helper cookies that are required for the login flow.
If we introduce non-essential cookies or similar technologies in the future, we will request consent where legally required.
Your personal data may be disclosed to the following categories of recipients where necessary:
If you choose to make your profile or content public, other users may see the information that is marked as publicly visible in the Service.
Depending on their assigned role, trusted users and curators may access:
* community submissions;
* achievement edit histories;
* reports and moderation queues;
* related internal identifiers where necessary for moderation or curation tasks.
Trusted users have extended editing rights for achievements within the community catalog. Curators may additionally manage showcase titles and progression track content.
They are not permitted to use this information for purposes outside LudoLog.
Administrators may access account-related and moderation-related data where necessary to operate the Service, handle abuse, review reports, provide support, or comply with legal obligations.
Only administrators may access email addresses and comparable account administration data. Feedback submitted through the feedback form is accessible only to administrators.
We use technical service providers for hosting, database services, authentication-related infrastructure, email delivery, error monitoring, analytics, security, and similar operational purposes.
These providers process personal data on our behalf under data processing agreements where required.
If you use BGG-related features, such as collection import, LudoLog may retrieve relevant data from BoardGameGeek based on the BoardGameGeek username you provide.
When cover images are loaded directly from BoardGameGeek or Geekdo image infrastructure, your browser connects directly to those external providers and may transmit technical request data such as your IP address.
BoardGameGeek is not our processor for these direct third-party requests.
We may disclose personal data to courts, authorities, law enforcement bodies, lawyers, or other recipients where legally required or where necessary for the establishment, exercise, or defence of legal claims.
We aim to use EU-based processing regions wherever available and have configured our current providers accordingly where technically offered.
However, some service providers may be established outside the European Economic Area, may use sub-processors outside the EEA, or may permit remote access from outside the EEA.
Where personal data is transferred to a country outside the EEA and no adequacy decision applies, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, together with any supplementary measures required under applicable law.
You may contact us if you would like more information about the safeguards used for specific transfers.
LudoLog currently uses the following service providers and external services:
| Provider | Role | Purpose |
|---|---|---|
| Vercel | Processor | Hosting, content delivery, deployment infrastructure, analytics, and performance insights |
| Turso | Processor | Database hosting |
| Upstash | Processor | Rate limiting and security-related Redis infrastructure |
| Sentry | Processor | Error monitoring and performance monitoring |
| Resend | Processor | Transactional email delivery, such as password reset emails |
| BoardGameGeek XML API | Independent third party | External game metadata source and optional collection import source |
| BoardGameGeek / Geekdo image infrastructure | Independent third party | External game-related image delivery |
Where required, we have entered into data processing agreements with our processors.
We aim to use EU-based processing regions wherever available and have configured our current providers accordingly where technically offered. However, some providers may still involve transfers outside the EEA, sub-processors outside the EEA, or remote access from outside the EEA. Where required, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses together with any supplementary measures required under applicable law.
For more information about a specific provider or transfer safeguard, you may contact us.
We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
Account login data, profile data, and non-public account data are retained for as long as your account exists.
Imported collection data retrieved through optional BoardGameGeek features becomes part of your LudoLog account data and may remain stored within your account even if you later remove your BoardGameGeek username or stop using the related import feature, unless you separately delete the imported data or delete your account.
When you delete your account through the Service, your account access is disabled automatically without undue delay. Account login data, profile data, and non-public account data will then be deleted or irreversibly anonymized without undue delay in our productive systems, unless retention is required by law or necessary for security, abuse prevention, or legal claims.
Public community contributions, such as published achievements and related public catalog records, may remain available after account deletion where and to the extent necessary to preserve the integrity, continuity, and usability of the Service.
In such cases, we may remove direct profile attribution and retain the contribution in anonymized or de-personalized form.
Votes, favorites, completion states, progression signals, and similar interaction data may be deleted, anonymized, aggregated, or detached from your account when your account is deleted.
Where aggregate counts, ranking signals, or community statistics are retained, they will no longer be linked to your identifiable account unless retention is legally required.
Personal game records and achievement completions are not published as part of your public profile. Only aggregate or count-based public indicators expressly shown by the Service may remain visible where applicable.
Reports, moderation records, abuse-prevention records, and legal documentation may be retained for up to 1 year and then reviewed for deletion, anonymization, or further retention where necessary to enforce the rules of the Service, protect users and the Service, or establish, exercise, or defend legal claims.
Feedback submissions may also be retained for up to 1 year and then reviewed for deletion, anonymization, or further retention where necessary for support, debugging history, abuse prevention, or legal reasons.
Temporary security-related records, such as rate-limit entries and comparable technical protection data, are retained only for a short period and deleted automatically according to the applicable security window.
Technical error and performance monitoring data is retained only for a limited period appropriate to debugging and service maintenance, based on the configured retention settings of the relevant provider.
Backup copies may remain in secure backup systems for a limited period until they are overwritten in the ordinary backup cycle.
For database backups and comparable infrastructure-level backups, the effective retention period may depend on the standard or configured retention settings of the relevant provider.
Subject to the applicable legal requirements, you have the following rights under data protection law:
* the right of access;
* the right to rectification;
* the right to erasure;
* the right to restriction of processing;
* the right to data portability;
* the right to object to processing based on legitimate interests;
* the right to withdraw consent at any time where processing is based on consent;
* the right to lodge a complaint with a supervisory authority.
To exercise your rights, please contact us at support.ludolog@proton.me.
You may lodge a complaint with the competent supervisory authority, including, for example:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59–61
10555 Berlin
Germany
You may also contact the supervisory authority in your place of residence or work.
LudoLog is currently operated as a non-commercial hobby project and does not sell personal data or share personal data for cross-context behavioral advertising.
If you are a California resident and wish to request access, correction, or deletion of your personal information, you may contact us at support.ludolog@proton.me. We will handle such requests in accordance with applicable law.
We do not currently use solely automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you within the meaning of applicable data protection law.
If this changes in the future, we will update this Privacy Policy and provide any legally required information.
LudoLog is not directed to children under the age of 16. We do not knowingly create accounts for users under 16.
If we become aware that personal data of a child under 16 has been processed in violation of this rule, we will take appropriate steps to delete the account and associated data in accordance with applicable law.
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, alteration, and misuse.
These measures may include, where appropriate:
* HTTPS/TLS encryption in transit;
* password hashing using industry-standard methods;
* hashed password reset tokens with expiry controls;
* session protection using secure cookie settings;
* rate limiting and abuse prevention mechanisms;
* role-based access controls for admins, trusted users, and curators;
* technical filtering to avoid transmitting sensitive token parameters to monitoring tools where possible.
No method of transmission or storage is completely secure. We therefore cannot guarantee absolute security.
We may update this Privacy Policy where necessary to reflect changes in the law, our processing activities, technical configuration, or the Service.
If we make material changes, we will notify users in an appropriate manner.
Where a change requires consent, we will request consent before the relevant processing begins.
If you have questions about this Privacy Policy or wish to exercise your rights, please contact:
André Kleinhaus
Germany
Email: support.ludolog@proton.me
LudoLog — Track your games. Earn your achievements.