See the imprint.
When this site is requested, the web server (Plesk) processes technical connection data (e.g. IP address, timestamp, requested URL, user agent) for the purpose of operating the service and preventing abuse. The legal basis is Art. 6(1)(f) GDPR (legitimate interest). There is no tracking, no analytics, and no inclusion of third-party scripts for user profiling.
A counter is stored per request to protect the sync endpoint
(/api/sync.php). The key is a SHA-256 hash of your
IP address combined with the request method; the IP address
itself is not persisted. These counters are automatically deleted
after at most 24 hours.
Suspicious requests (e.g. accessing a non-existent topic or using
an incorrect write token) are logged to a size-capped (1 MB)
rotating log file (var/log/abuse.log) to defend
against automated attacks. The entries contain a timestamp, a
shortened SHA-256 hash of the IP address, the HTTP method, an
event type, and the (already randomly generated) topic.
Plaintext IP addresses are not stored. Legal basis:
Art. 6(1)(f) GDPR.
The values you enter (usage percentage, reset day/time, timezone,
5-hour session values) are stored exclusively in your browser's
LocalStorage under the key usage-data so they are
pre-filled on your next visit. This data never leaves your
device.
If you set up the optional sync feature, topic, write token and
the password you chose are stored locally in your browser's
LocalStorage (keys sync_topic,
sync_write_token, sync_password).
Before transmission, your usage data is encrypted on the client
with AES-256-CBC and PBKDF2 (600,000 iterations, SHA-256). The
server stores only the encrypted record plus a SHA-256 hash of
your write token and cannot decrypt the content or identify you
without your password. Records that have not been updated for
30 days are automatically deleted.
This site does not embed any external scripts, fonts or other third-party resources. All assets are served directly from our own server.
Under the GDPR you have, in particular, the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection (Art. 21). Please direct requests to the email address listed in the imprint.
You can delete locally stored data at any time by clearing your browser's storage for this site. The encrypted sync record held on the server can be deleted by clicking "Disconnect" in the sync section (this removes the local credentials); the server-side record is automatically removed after 30 days of inactivity or on request via the address listed in the imprint.