Privacy Policy | Piltover Archive

1. Introduction and Data Controller Information

Welcome to Piltover Archive.

This Privacy Policy explains how Piltover Archive (a project of STGMNN Labs UG (haftungsbeschränkt), "we," "us," or "our") collects, uses, processes, and protects your personal data when you use our website, located at https://piltoverarchive.com (the "Service"). We are committed to protecting your privacy and handling your data in accordance with the General Data Protection Regulation (GDPR) and German data protection laws.

Data Controller:

STGMNN Labs UG (haftungsbeschränkt)
Maria-Goeppert-Straße 1, 23562 Lübeck, Germany
Managing Director: Jan Stegemann
Registered with the Local Court (Amtsgericht) Lübeck, Commercial Register HRB 27403 HL
E-mail: [email protected]

For our full legal contact details, please see our Imprint.

Data Protection Officer (DPO):

We are not legally required to appoint a Data Protection Officer at this time. Should this become legally required in the future, we will update this Policy accordingly and publish the DPO's contact details.

2. Data Collection and Processing

We only collect and process personal data that is necessary for providing our services and for purposes explicitly stated in this policy, based on a valid legal basis.

a) Account Registration and Login (Authentication)

Data Collected: Username, e-mail address, password (handled by our authentication provider Clerk; we never store plain-text passwords), profile data from social sign-in providers you choose to use, IP address upon registration/login, session data, and user preferences.

Purpose: To create and manage user accounts, enable secure login, provide access to deck building tools, remember user sessions, and personalize your experience.

Legal Basis: Performance of a contract (Art. 6(1) lit. b GDPR). This data is essential for us to provide you with the core functionalities of our service. Without this data, we cannot provide you with a user account or access to the deck building features.

b) Deck Building and Content Creation

Data Collected: Deck data (e.g., card lists, names, descriptions), user-generated content, associated metadata (e.g., creation date, last modified date).

Purpose: To enable you to create, store, manage, and optionally share your decks on our platform.

Legal Basis: Performance of a contract (Art. 6(1) lit. b GDPR). This data is integral to the service you sign up for.

c) Communication with Us (Contact Form/E-mail)

Data Collected: Your name, e-mail address, and the content of your message.

Purpose: To respond to your inquiries, support requests, and feedback.

Legal Basis: Legitimate interest (Art. 6(1) lit. f GDPR) in effectively communicating with our users and providing support. Where your inquiry relates to an existing account or contractual relationship, the primary legal basis is Art. 6(1) lit. b GDPR.

d) Website Analytics (Google Analytics 4)

Data Collected: Usage data, such as pages visited, time spent on pages, referral sources, device information (e.g., browser type, operating system), approximate location (derived from IP address before storage), and pseudonymous user identifiers stored in cookies. We have configured Google Analytics 4 with IP anonymization enabled and Google Consent Mode v2.

Purpose: To understand how our website is used, identify popular content, and improve our website's performance and user experience.

Legal Basis: Your explicit consent (Art. 6(1) lit. a GDPR). Google Analytics is loaded with consent denied by default and only activated after you opt in via our cookie banner.

e) Server Log Files and Operational Telemetry

Data Collected: IP address, browser type and version, operating system, referrer URL, hostname of the accessing computer, time of the server request, and aggregated performance metrics collected through our self-hosted observability stack (Grafana / OpenTelemetry).

Purpose: For technical security purposes, such as identifying and mitigating cyber-attacks, ensuring the stability and operational integrity of our systems, and diagnosing errors.

Legal Basis: Legitimate interest (Art. 6(1) lit. f GDPR) in maintaining the security and functionality of our website.

f) Embedded Third-Party Content (YouTube, Social Media)

Data Collected: When you interact with embedded content (e.g., YouTube videos in articles, Twitter/X, Bluesky, Instagram or Discord embeds), the respective providers may receive your IP address, browser identifiers, and information about the page you are viewing.

Purpose: To enrich editorial content with relevant videos and social posts.

Legal Basis: Legitimate interest (Art. 6(1) lit. f GDPR). Where embeds set non-essential cookies, they are loaded only after you grant analytics consent via our cookie banner.

g) Real User Monitoring (Grafana Faro)

Data Collected: Anonymous performance metrics such as Core Web Vitals (LCP, INP, CLS), navigation timing, JavaScript errors, browser type and version, screen size, and a session identifier stored in your browser's sessionStorage / localStorage under the key com.grafana.faro.session. Data is sent to our self-hosted Grafana stack — we do not share it with Grafana Labs.

Purpose: To measure real-world performance of our site (page load times, layout stability, interactivity) and detect production errors so we can fix regressions before they affect more users.

Legal Basis: Your explicit consent (Art. 6(1) lit. a GDPR). Faro is loaded only after you opt in via our cookie banner. When you withdraw analytics consent, Faro stops collecting and the session identifier is removed from your browser.

h) Consent Records (Audit Log)

Data Collected: When you accept, reject, or change your cookie preferences, we record the event in our consent audit log: a hashed identifier of your IP address, your country (from the Cloudflare cf-ipcountry header), a hashed user-agent, the consent version, the categories you selected, and a timestamp. For signed-in users we also store the current preference state in your account profile (Clerk privateMetadata).

Purpose: To demonstrate that valid consent was obtained, as required by Art. 7(1) GDPR, in case of complaints or supervisory authority audits.

Legal Basis: Compliance with a legal obligation (Art. 6(1) lit. c GDPR) and our legitimate interest (Art. 6(1) lit. f GDPR) in being able to defend our compliance posture.

Retention: Consent log entries are retained for three (3) years after the event, after which they are deleted. The hashing salt is never recoverable, so the IP and user-agent values cannot be reversed even before deletion.

3. Cookies and Other Technologies

Our website uses cookies and similar technologies. Cookies are small text files that are stored on your device (computer, tablet, smartphone) when you visit our website. They help us to provide you with a functional and user-friendly experience.

a) Strictly Necessary Cookies

Examples:

Authentication (Clerk): __client_uat, __session, __clerk_db_jwt — keep you logged in, valid for the session.
Cookie consent record: piltover_cookie_consent — stores your consent choices for 12 months.
Bot management (Cloudflare): __cf_bm — set by our edge provider Cloudflare to distinguish humans from bots, valid for 30 minutes after each request. This cookie is set automatically by Cloudflare on every request and cannot be disabled without breaking site security.

Purpose: These cookies are essential for the basic functionality and security of our website. Without them, core features like logging in, creating decks, maintaining a user session, or protecting the site against attacks would not work.

Legal Basis: Performance of a contract (Art. 6(1) lit. b GDPR) and our legitimate interest (Art. 6(1) lit. f GDPR) in providing a functional and secure website. These cookies are necessary for the service to operate and do not require your explicit consent prior to being set.

b) Analytics Cookies and Storage (Google Analytics 4 + Grafana Faro)

Examples:

Google Analytics 4: _ga (13 months), _ga_* (13 months), _gid (24 hours), _gat (1 minute), _dc_gtm_* (1 minute) — measure aggregated website usage.
Grafana Faro: com.grafana.faro.session stored in your browser's sessionStorage / localStorage — anonymous session ID for performance monitoring (Real User Monitoring).

Purpose: As described in Sections 2d and 2g, to understand website usage patterns, monitor real-world performance, and improve our services.

Legal Basis: Your explicit consent (Art. 6(1) lit. a GDPR). These cookies and storage entries are only placed if you opt in via our cookie banner. When you withdraw consent we delete the existing values (Art. 17 GDPR).

c) Functional Cookies

Examples:

piltover_gallery_settings, piltover_library_sort, piltover_deck_panel_settings, piltover_image_export_settings, piltover_image_export_bg_image, piltover_binder_filter, piltover_external_link_warning_dismissed — each stores a single UI preference (gallery layout, sort order, dismissal of the external-play warning, etc.) for up to 12 months.

Purpose: Remember the UI preferences you have explicitly set so you don't have to reconfigure them on every visit.

Legal Basis: Your explicit consent (Art. 6(1) lit. a GDPR), opted in via our cookie banner under the "Functional" category. When you withdraw consent, we delete the existing values (Art. 17 GDPR).

Managing Cookies:

You can manage your cookie preferences at any time by clicking on the "Cookie Settings" link in the footer of our website. You can also configure your browser to refuse all cookies or to indicate when a cookie is being sent. If you block strictly necessary cookies, core features of the Service may not function properly.

We do not sell your personal data to third parties. We only share data with trusted service providers and partners who assist us in operating our website and providing our services, based on appropriate legal bases and data processing agreements.

Categories of Recipients:

Hosting Provider — Railway Corp. (USA): Hosts our application, backend API, Redis cache and observability stack in the europe-west4 region (Netherlands).
Database Provider — Supabase Inc. (USA): Hosts our PostgreSQL database in an EU region.
Authentication Provider — Clerk Inc. (USA): Provides user authentication, account management and session handling. Sign-in via Google, Discord, Metafy, or e-mail magic link is enabled and routes data through Clerk to the respective identity provider you choose.
Edge Network & DNS — Cloudflare, Inc. (USA): Provides DNS, caching, DDoS protection and TLS termination for all incoming traffic. Cloudflare processes connection data including IP addresses and request metadata.
Content Delivery Network — BunnyWay d.o.o. (Slovenia, EU): Delivers static images and assets via Bunny CDN.
Analytics Provider — Google Ireland Limited (Ireland) / Google LLC (USA): Provides Google Analytics 4 (only after consent).
Embedded Media Providers: When editorial content includes embeds, the respective platforms may receive technical request data: Google LLC / YouTube (USA), X Corp. / Twitter (USA), Bluesky Social PBC (USA), Meta Platforms Ireland Ltd. / Instagram (Ireland), Discord Inc. (USA).
Identity Providers (only if you choose them): Google LLC (USA), Discord Inc. (USA), Metafy Inc. (USA). For users who sign in via Metafy, we may also query Metafy to verify subscription entitlements in order to unlock premium features on our platform. Payment for those subscriptions is handled exclusively by Metafy on their own platform; we do not process any payment data.
Outbound Notifications — Discord Inc. (USA): Server-to-server webhook used by us to publish announcements (e.g., new cards, new articles) into our Discord channels. No personal user data is transmitted in these notifications.
External Play Platforms (only when you explicitly initiate): S. Goerlitz UG (haftungsbeschränkt), Werner-Bock-Straße 31, 33602 Bielefeld, Germany — operator of RiftAtlas. When you click "Play on RiftAtlas" from a deck view, your browser opens play.riftatlas.com with the public deck code (an anonymous, non-personal string representing the card list). No account information, username, or IP address is transmitted by Piltover Archive in this action; your browser itself will connect to RiftAtlas, which is governed by their own privacy policy. The Play menu also offers TCG Arena (tcg-arena.fr; contact [email protected]; operated under French law, hosted in the EU by OVHcloud). When you click "Play on TCG Arena," your browser opens tcg-arena.fr/import with the deck's name, its Piltover Archive deck ID, and the decklist (card names and quantities). No account information, password, or IP address is transmitted by Piltover Archive; your browser connects to TCG Arena directly, governed by their own privacy policy.

We have entered into Data Processing Agreements (DPAs) with all relevant service providers to ensure they comply with GDPR standards and process your data only according to our instructions and applicable data protection laws.

5. Data Transfer to Third Countries

Personal data may be transferred to countries outside the European Union (EU) or European Economic Area (EEA) where some of our service providers (in particular Cloudflare, Clerk, Railway, Google and Discord) are located.

Where data is transferred to such third countries, we ensure appropriate safeguards are in place to guarantee a level of data protection equivalent to that in the EU. This includes the use of the EU Standard Contractual Clauses (SCCs) in their current version, supplemented where necessary by additional technical and organizational measures, and — where applicable — reliance on the EU-US Data Privacy Framework (DPF) for providers certified under that framework.

You can request a copy of the specific safeguards by contacting us using the details provided above.

6. Data Retention

We store your personal data only as long as necessary for the purposes for which it was collected or as required by law.

Account Data: Your account data and associated deck data will be retained for as long as your account is active. If you delete your account, your personal data will be erased, subject to statutory retention obligations (e.g., tax or commercial law).
Analytics Data (Google Analytics 4): 14 months, then automatically deleted.
Real User Monitoring Data (Grafana Faro): Aggregate performance metrics retained for 90 days; individual session traces for 30 days.
Consent Records (Audit Log): Three (3) years from the consent event, then deleted. The IP and user-agent values are stored as one-way hashes and cannot be reversed.
Communication Data: Correspondence (e.g., e-mails from contact forms) is retained for the duration of the communication and a reasonable period thereafter for reference or legal defense purposes.
Server Log Files: Typically retained for 7–14 days for security and technical purposes. In case of a security incident, logs may be retained longer for investigation and evidence purposes.

7. Your Data Protection Rights (GDPR Rights)

Under the GDPR, you have the following rights regarding your personal data:

Right to Access (Art. 15 GDPR)
Right to Rectification (Art. 16 GDPR)
Right to Erasure ("Right to be Forgotten") (Art. 17 GDPR)
Right to Restriction of Processing (Art. 18 GDPR)
Right to Data Portability (Art. 20 GDPR)
Right to Object (Art. 21 GDPR)
Right to Withdraw Consent (Art. 7(3) GDPR): Where the processing of your personal data is based on your consent, you have the right to withdraw this consent at any time. You can withdraw or modify your consent for analytics cookies via our cookie banner at any time.
Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement if you believe that the processing of personal data relating to you infringes the GDPR. The competent authority for our company is the Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD).

To exercise any of these rights, please contact us using the details provided in Section 1 of this Privacy Policy.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include, but are not limited to:

Using SSL/TLS encryption for all data transmission.
Implementing access controls to limit who can access personal data.
Regular data backups and disaster recovery plans.
Pseudonymization or anonymization where appropriate.
Regular security audits and updates.

We review and update these measures on a regular basis to reflect current technical standards.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. If legally required, we will also notify registered users by e-mail of material changes affecting their rights.

1. Introduction and Data Controller Information

Welcome to Piltover Archive.

Data Controller:

STGMNN Labs UG (haftungsbeschränkt)
Maria-Goeppert-Straße 1, 23562 Lübeck, Germany
Managing Director: Jan Stegemann
Registered with the Local Court (Amtsgericht) Lübeck, Commercial Register HRB 27403 HL
E-mail: [email protected]

For our full legal contact details, please see our Imprint.

Data Protection Officer (DPO):

2. Data Collection and Processing

We only collect and process personal data that is necessary for providing our services and for purposes explicitly stated in this policy, based on a valid legal basis.

a) Account Registration and Login (Authentication)

Purpose: To create and manage user accounts, enable secure login, provide access to deck building tools, remember user sessions, and personalize your experience.

b) Deck Building and Content Creation

Data Collected: Deck data (e.g., card lists, names, descriptions), user-generated content, associated metadata (e.g., creation date, last modified date).

Purpose: To enable you to create, store, manage, and optionally share your decks on our platform.

Legal Basis: Performance of a contract (Art. 6(1) lit. b GDPR). This data is integral to the service you sign up for.

c) Communication with Us (Contact Form/E-mail)

Data Collected: Your name, e-mail address, and the content of your message.

Purpose: To respond to your inquiries, support requests, and feedback.

d) Website Analytics (Google Analytics 4)

Purpose: To understand how our website is used, identify popular content, and improve our website's performance and user experience.

Legal Basis: Your explicit consent (Art. 6(1) lit. a GDPR). Google Analytics is loaded with consent denied by default and only activated after you opt in via our cookie banner.

e) Server Log Files and Operational Telemetry

Purpose: For technical security purposes, such as identifying and mitigating cyber-attacks, ensuring the stability and operational integrity of our systems, and diagnosing errors.

Legal Basis: Legitimate interest (Art. 6(1) lit. f GDPR) in maintaining the security and functionality of our website.

f) Embedded Third-Party Content (YouTube, Social Media)

Purpose: To enrich editorial content with relevant videos and social posts.

Legal Basis: Legitimate interest (Art. 6(1) lit. f GDPR). Where embeds set non-essential cookies, they are loaded only after you grant analytics consent via our cookie banner.

g) Real User Monitoring (Grafana Faro)

Purpose: To measure real-world performance of our site (page load times, layout stability, interactivity) and detect production errors so we can fix regressions before they affect more users.

h) Consent Records (Audit Log)

Purpose: To demonstrate that valid consent was obtained, as required by Art. 7(1) GDPR, in case of complaints or supervisory authority audits.

Legal Basis: Compliance with a legal obligation (Art. 6(1) lit. c GDPR) and our legitimate interest (Art. 6(1) lit. f GDPR) in being able to defend our compliance posture.

3. Cookies and Other Technologies

a) Strictly Necessary Cookies

Examples:

Authentication (Clerk): __client_uat, __session, __clerk_db_jwt — keep you logged in, valid for the session.
Cookie consent record: piltover_cookie_consent — stores your consent choices for 12 months.
Bot management (Cloudflare): __cf_bm — set by our edge provider Cloudflare to distinguish humans from bots, valid for 30 minutes after each request. This cookie is set automatically by Cloudflare on every request and cannot be disabled without breaking site security.

b) Analytics Cookies and Storage (Google Analytics 4 + Grafana Faro)

Examples:

Google Analytics 4: _ga (13 months), _ga_* (13 months), _gid (24 hours), _gat (1 minute), _dc_gtm_* (1 minute) — measure aggregated website usage.
Grafana Faro: com.grafana.faro.session stored in your browser's sessionStorage / localStorage — anonymous session ID for performance monitoring (Real User Monitoring).

Purpose: As described in Sections 2d and 2g, to understand website usage patterns, monitor real-world performance, and improve our services.

c) Functional Cookies

Examples:

piltover_gallery_settings, piltover_library_sort, piltover_deck_panel_settings, piltover_image_export_settings, piltover_image_export_bg_image, piltover_binder_filter, piltover_external_link_warning_dismissed — each stores a single UI preference (gallery layout, sort order, dismissal of the external-play warning, etc.) for up to 12 months.

Purpose: Remember the UI preferences you have explicitly set so you don't have to reconfigure them on every visit.

Managing Cookies:

Categories of Recipients:

Hosting Provider — Railway Corp. (USA): Hosts our application, backend API, Redis cache and observability stack in the europe-west4 region (Netherlands).
Database Provider — Supabase Inc. (USA): Hosts our PostgreSQL database in an EU region.
Authentication Provider — Clerk Inc. (USA): Provides user authentication, account management and session handling. Sign-in via Google, Discord, Metafy, or e-mail magic link is enabled and routes data through Clerk to the respective identity provider you choose.
Edge Network & DNS — Cloudflare, Inc. (USA): Provides DNS, caching, DDoS protection and TLS termination for all incoming traffic. Cloudflare processes connection data including IP addresses and request metadata.
Content Delivery Network — BunnyWay d.o.o. (Slovenia, EU): Delivers static images and assets via Bunny CDN.
Analytics Provider — Google Ireland Limited (Ireland) / Google LLC (USA): Provides Google Analytics 4 (only after consent).
Embedded Media Providers: When editorial content includes embeds, the respective platforms may receive technical request data: Google LLC / YouTube (USA), X Corp. / Twitter (USA), Bluesky Social PBC (USA), Meta Platforms Ireland Ltd. / Instagram (Ireland), Discord Inc. (USA).
Identity Providers (only if you choose them): Google LLC (USA), Discord Inc. (USA), Metafy Inc. (USA). For users who sign in via Metafy, we may also query Metafy to verify subscription entitlements in order to unlock premium features on our platform. Payment for those subscriptions is handled exclusively by Metafy on their own platform; we do not process any payment data.
Outbound Notifications — Discord Inc. (USA): Server-to-server webhook used by us to publish announcements (e.g., new cards, new articles) into our Discord channels. No personal user data is transmitted in these notifications.
External Play Platforms (only when you explicitly initiate): S. Goerlitz UG (haftungsbeschränkt), Werner-Bock-Straße 31, 33602 Bielefeld, Germany — operator of RiftAtlas. When you click "Play on RiftAtlas" from a deck view, your browser opens play.riftatlas.com with the public deck code (an anonymous, non-personal string representing the card list). No account information, username, or IP address is transmitted by Piltover Archive in this action; your browser itself will connect to RiftAtlas, which is governed by their own privacy policy. The Play menu also offers TCG Arena (tcg-arena.fr; contact [email protected]; operated under French law, hosted in the EU by OVHcloud). When you click "Play on TCG Arena," your browser opens tcg-arena.fr/import with the deck's name, its Piltover Archive deck ID, and the decklist (card names and quantities). No account information, password, or IP address is transmitted by Piltover Archive; your browser connects to TCG Arena directly, governed by their own privacy policy.

5. Data Transfer to Third Countries

You can request a copy of the specific safeguards by contacting us using the details provided above.

6. Data Retention

We store your personal data only as long as necessary for the purposes for which it was collected or as required by law.

Account Data: Your account data and associated deck data will be retained for as long as your account is active. If you delete your account, your personal data will be erased, subject to statutory retention obligations (e.g., tax or commercial law).
Analytics Data (Google Analytics 4): 14 months, then automatically deleted.
Real User Monitoring Data (Grafana Faro): Aggregate performance metrics retained for 90 days; individual session traces for 30 days.
Consent Records (Audit Log): Three (3) years from the consent event, then deleted. The IP and user-agent values are stored as one-way hashes and cannot be reversed.
Communication Data: Correspondence (e.g., e-mails from contact forms) is retained for the duration of the communication and a reasonable period thereafter for reference or legal defense purposes.
Server Log Files: Typically retained for 7–14 days for security and technical purposes. In case of a security incident, logs may be retained longer for investigation and evidence purposes.

7. Your Data Protection Rights (GDPR Rights)

Under the GDPR, you have the following rights regarding your personal data:

Right to Access (Art. 15 GDPR)
Right to Rectification (Art. 16 GDPR)
Right to Erasure ("Right to be Forgotten") (Art. 17 GDPR)
Right to Restriction of Processing (Art. 18 GDPR)
Right to Data Portability (Art. 20 GDPR)
Right to Object (Art. 21 GDPR)
Right to Withdraw Consent (Art. 7(3) GDPR): Where the processing of your personal data is based on your consent, you have the right to withdraw this consent at any time. You can withdraw or modify your consent for analytics cookies via our cookie banner at any time.
Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement if you believe that the processing of personal data relating to you infringes the GDPR. The competent authority for our company is the Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD).

To exercise any of these rights, please contact us using the details provided in Section 1 of this Privacy Policy.

8. Data Security

Using SSL/TLS encryption for all data transmission.
Implementing access controls to limit who can access personal data.
Regular data backups and disaster recovery plans.
Pseudonymization or anonymization where appropriate.
Regular security audits and updates.

We review and update these measures on a regular basis to reflect current technical standards.

1. Introduction and Data Controller Information

Data Controller:

Data Protection Officer (DPO):

2. Data Collection and Processing

a) Account Registration and Login (Authentication)

b) Deck Building and Content Creation

c) Communication with Us (Contact Form/E-mail)

d) Website Analytics (Google Analytics 4)

e) Server Log Files and Operational Telemetry

f) Embedded Third-Party Content (YouTube, Social Media)

g) Real User Monitoring (Grafana Faro)

h) Consent Records (Audit Log)

3. Cookies and Other Technologies

a) Strictly Necessary Cookies

b) Analytics Cookies and Storage (Google Analytics 4 + Grafana Faro)

c) Functional Cookies

Managing Cookies:

4. Data Sharing and Recipients

Categories of Recipients:

5. Data Transfer to Third Countries

6. Data Retention

7. Your Data Protection Rights (GDPR Rights)

8. Data Security

9. Changes to this Privacy Policy

We use cookies to enhance your experience

1. Introduction and Data Controller Information

Data Controller:

Data Protection Officer (DPO):

2. Data Collection and Processing

a) Account Registration and Login (Authentication)

b) Deck Building and Content Creation

c) Communication with Us (Contact Form/E-mail)

d) Website Analytics (Google Analytics 4)

e) Server Log Files and Operational Telemetry

f) Embedded Third-Party Content (YouTube, Social Media)

g) Real User Monitoring (Grafana Faro)

h) Consent Records (Audit Log)

3. Cookies and Other Technologies

a) Strictly Necessary Cookies

b) Analytics Cookies and Storage (Google Analytics 4 + Grafana Faro)

c) Functional Cookies

Managing Cookies:

4. Data Sharing and Recipients

Categories of Recipients:

5. Data Transfer to Third Countries

6. Data Retention

7. Your Data Protection Rights (GDPR Rights)

8. Data Security

9. Changes to this Privacy Policy

We use cookies to enhance your experience