Privacy Policy
How this service handles your data (GDPR / DSGVO).
1. Data controller
Thomas Eigner
Rehovotstr. 4
69115 Heidelberg
Germany
Email: flyingfinger[dot]te[at]gmail[dot]com
2. What data is processed
- OAuth access token issued by RESWUE after you sign in. Stored server-side only inside a signed session cookie on your browser. Used to call the RESWUE API on your behalf.
- Your RESWUE agent name, fetched once after login and stored in the same session cookie so we can greet you by name in the navigation bar.
- Operation data (portals, links, agents) is fetched from RESWUE on demand and held only in memory during a single request. Your plan selections (anchor GUIDs, scheme, agent labels) are kept in server memory for the lifetime of your browser session, keyed by a random session id stored in your cookie. Nothing of this is written to disk; a container restart or logout wipes it.
- No third-party analytics, no per-user tracking, no third-party cookies. A single anonymous aggregate counter is kept server-side to estimate overall usage — see section 5 below for details. It is not tied to any user, session or browser.
3. Third parties
- RESWUE (reswue.net) — OAuth provider and data source for your operations. Their privacy policy applies.
- OpenStreetMap — map tiles used on the anchor picker and plan preview. Your browser contacts OSM tile servers when those maps render.
- unpkg.com — CDN that serves the Leaflet map library. Your browser fetches these assets on the map pages.
4. Session cookies
A single cookie named session is set, HTTP-only, SameSite=Lax, Secure in
production. It contains the signed session payload (OAuth token + plan selections).
It is deleted when you sign out, clear browser data, or after 30 days of inactivity.
No cookie consent banner is shown because this cookie is strictly necessary to
provide the service you requested.
5. Retention
This service does not store any user-identifying data in a database. The OAuth token lives only in your own session cookie.
The server does persist one anonymous usage metric on disk: a HyperLogLog sketch (a fixed-size ~4 KB binary blob) that estimates how many distinct operations have had a plan computed, alongside an 8-byte integer counting the total number of plan computations. The sketch is a probabilistic data structure and cannot be reversed to recover an operation name, a user, a session or a browser. It is not associated with any identifier and is kept indefinitely; its sole purpose is to let the operator report overall service usage volume.
Server logs may retain the timestamp and URL of a request for up to 14 days for operational troubleshooting and are then rotated out.
6. Your rights (Art. 15–22 GDPR)
- Right of access, rectification, erasure, and restriction of processing.
- Right to data portability.
- Right to object to processing, and to withdraw consent at any time.
- Right to lodge a complaint with a supervisory authority.
Because the only personal data we process is held inside your own session cookie, the most effective way to exercise your erasure right is to click Logout (which clears the cookie) or to delete the cookie in your browser.
7. Contact
For any data protection inquiry:
flyingfinger[dot]te[at]gmail[dot]com
(replace [at] with @ and [dot] with .).