GDPR / DSGVO
Privacy policy
Plain-English first, formal version below. Last updated 2026-06-02.
The short version
- We collect: your account name + password (hashed), your IP at login, your in-game actions (logs), and if you donate, the payment metadata Tebex sends us.
- We don't sell or share your data with marketers.
- We don't use tracking cookies. The site has zero third-party trackers.
- Payments go through Tebex — they handle your card data, we never see it.
- You can delete your account and all associated data by emailing support@brevison.org. We'll do it within 30 days.
1. Who we are
Brevison is operated by [DEIN NAME], [ADRESSE], Deutschland. See Impressum for full details. Contact for data protection: privacy@brevison.org.
2. What we collect
| Category | Examples | Why | How long |
|---|---|---|---|
| Account data | Username, hashed password, email (optional) | Login, support, password recovery | Until you delete your account |
| Technical data | IP address at login, user-agent, session ID | Anti-abuse (ban evasion, fraud), required by §13 TMG | 90 days, then hashed |
| Game logs | Actions you take, chat messages, trades | Support, anti-cheat, restoring lost progress | 180 days |
| Donation metadata | Transaction ID, amount, package, billing country (no card number) | Granting perks, tax compliance | 10 years (German tax law, AO §147) |
| Vote records | Voting site name, timestamp, IP hash | Prevent vote abuse, grant reward | 30 days |
3. Legal bases (GDPR Art. 6)
- Contract performance (Art. 6 (1) (b)) — to provide the game to you and process donations.
- Legitimate interest (Art. 6 (1) (f)) — anti-abuse, security, debugging.
- Legal obligation (Art. 6 (1) (c)) — tax records, ban records.
- Consent (Art. 6 (1) (a)) — if you opt in to appear on the Hall of Donators page.
4. Payment processing (Tebex)
Donations go through Tebex Limited, a UK-based payment processor for game communities. Tebex acts as a data processor on our behalf under a Data Processing Agreement. They receive your card or PayPal data; we receive only the transaction ID, your chosen billing country, the package, and the amount. We never store payment credentials.
5. Third-party services
- Voting toplists — when you click a "Vote Now" button you leave our site. Each toplist has its own privacy policy. Read theirs before voting.
- GitHub — our source code lives at github.com. Visiting our GitHub link is subject to GitHub's policy.
- Tebex — see Section 4.
6. Cookies
Brevison's public site sets no cookies and embeds no third-party trackers. The game client uses local storage for cache (not transmitted). The Tebex storefront uses Tebex's own cookies — opening it leaves our domain.
7. Your rights (GDPR Art. 15–22)
- Access — request a copy of your data.
- Rectification — correct anything we have wrong.
- Erasure — request deletion. Some data (donation records) we must keep for German tax law, but we'll delete everything we lawfully can.
- Restriction — ask us to pause processing while a dispute is resolved.
- Portability — request a machine-readable export.
- Objection — to legitimate-interest processing (e.g., game-log retention) where your case overrides our interest.
Send any of these requests to privacy@brevison.org. We respond within 30 days.
8. Complaint
You can lodge a complaint with the German data protection supervisor: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI), or the supervisory authority of your state.
9. Changes
If we change this policy materially (new data category, new processor) we'll post a notice on the front page for 14 days.
This is template wording with placeholders. Before going live, replace [DEIN NAME] / [ADRESSE], confirm the retention periods match your operational reality, and have it reviewed by a data-protection lawyer if you are taking real donations. The template is informative, not legal advice.