KIRVX Logo

Privacy Policy

Information according to the EU General Data Protection Regulation (GDPR)

1. Controller

The controller within the meaning of the GDPR is:

Justin Schneider
Marktstraße 1
99444 Blankenhain
Germany
Email: kirvxdesign@gmail.com

2. General Information on Data Processing

We only process personal data to the extent necessary to provide, operate and secure this website and the related community features. The processing is based on:

  • Art. 6 (1) lit. b GDPR (performance of a contract / user account)
  • Art. 6 (1) lit. f GDPR (legitimate interest in a secure and functional online service)

Our servers (web + database) are hosted in data centres of Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany (server location: Germany).

3. Collected Data

a) Server Log Files

When you access our website, the following data is automatically collected and temporarily stored in server log files:

  • anonymised IP address of the requesting device
  • date and time of access
  • requested page or file (URL)
  • amount of data transferred
  • browser type and version
  • operating system
  • referrer URL (previously visited page)

These data are processed exclusively for the purpose of technical provision, system security and error analysis. No personal profiling takes place. Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in stability and security of the website).

b) Login via Discord (OAuth 2.0)

We use “Login with Discord” (OAuth 2.0) for authentication, provided by Discord Inc., 444 De Haro Street, Suite 200, San Francisco, CA 94107, USA.

After your explicit approval, Discord transmits the following data to us:

  • Discord user ID
  • username and discriminator (e.g. User#1234)
  • avatar image
  • optionally language setting

We store these data in our local database to uniquely map your KIRVX account and enable login. We do not receive any passwords, private messages, friends lists or server memberships. Legal basis: Art. 6 (1) lit. b GDPR (user account / performance of contract).
More information: https://discord.com/privacy

c) Login via Google (OAuth 2.0)

In addition, we offer login via Google (OAuth 2.0). Provider for users in the EU: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

After your explicit approval in the Google login dialog, Google may transmit the following data to us, depending on the scope of the permissions (scopes):

  • Google account ID
  • name
  • email address (verified)
  • profile picture

We use this data exclusively to create and manage your KIRVX account and to enable login. We do not get access to your emails, contacts or other Google services. Legal basis: Art. 6 (1) lit. b GDPR (user account / performance of contract).

In some cases, data may be processed in third countries (e.g. USA). Google states that it uses standard contractual clauses as safeguards. Further information can be found in Google’s privacy policy: https://policies.google.com/privacy

d) User-Generated Content

When you create or manage content on the platform (e.g. profile details, images, banners), we process the information you provide voluntarily. Uploaded files (e.g. images, banners) are stored locally on our servers in Germany.

Legal basis: Art. 6 (1) lit. b GDPR (use of platform features / user account).

e) Cookies

Our website uses only cookies that are technically necessary for operation, such as:

  • session cookie (session ID)
  • language preference
  • cookie-consent status (where applicable)

These cookies do not contain personal content and are deleted after the session ends or after a defined period (typically max. 30 days). Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in a functional website).

We do not use tracking, analytics or marketing cookies (no Google Analytics, no Meta pixels, no external ad tracking).

f) Contact via Email

If you contact us via email, the data you provide will be processed solely for the purpose of handling your request. This data will not be passed on to third parties.

4. Data Recipients

Personal data may be processed by the following recipients:

  • Strato AG (hosting provider, server & database in Germany)
  • Discord Inc. (OAuth authentication for login)
  • Google Ireland Limited / Google LLC (OAuth authentication for login)

Beyond that, we do not transmit data to third parties. We do not use Google services such as Analytics or Ads, no Meta tracking, no Cloudflare and no external analytics tools.

5. Storage Duration

We store personal data only as long as necessary for the respective purpose or as required by statutory retention periods.

Users may request the deletion of their KIRVX account at any time. In this case, the associated personal data will be removed from our systems unless legal obligations require further storage.

6. Data Security

We take appropriate technical and organisational measures to protect personal data, including:

  • exclusive use of HTTPS (SSL/TLS encryption)
  • server location in Germany
  • strict session handling and secure cookies
  • configuration of security headers (e.g. CSP, HSTS, X-Content-Type-Options, Referrer-Policy)
  • blocking script execution in upload directories
  • regular updates of server software and backend components

7. Your Rights under GDPR

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)

To exercise these rights, you can contact us at: kirvxdesign@gmail.com

8. Withdrawal of Consent

If data processing is based on your consent (e.g. certain cookie settings), you may withdraw this consent at any time with effect for the future. The lawfulness of processing prior to withdrawal remains unaffected.

9. Right to Lodge a Complaint

If you believe that the processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with a data protection supervisory authority.

The competent authority for us is:

Thuringian State Commissioner for Data Protection and Freedom of Information
Häßlerstraße 8
99096 Erfurt
Germany
Email: poststelle@datenschutz.thueringen.de

10. Changes to this Privacy Policy

We may update this privacy policy when technical or legal changes occur. The current version is always available at: https://kirvx.com/privacy

Status: November 2025
© KIRVX — Design, Community & Creativity