Privacy Policy

1. Controller

[Full name]
[Street and house number]
[Postcode] [City], Germany
Email: privacy@website-feedback.org

2. General information

We process personal data only to the extent necessary to provide a functioning website and our review service. Processing is based on your consent or on a legal basis under the GDPR (Art. 6 GDPR). website-feedback.org is a non-commercial service; we do not sell or share your data with third parties for advertising or profiling purposes.

3. Server logs

When you visit this website, our system briefly records the following information:

• IP address (stored in pseudonymised, hashed form)
• Date and time of access
• The URL requested
• User-agent string (browser, operating system)

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in keeping the site secure and operational. Logs are kept for a maximum of 14 days.

4. Account registration

When you create an account we process the following data: name, email address, hashed password. If you sign in with Google we also process your Google account ID (so we can recognise you on the next login). Legal basis: Art. 6(1)(b) GDPR — performance of the service contract you accept by registering.

5. Project submissions

When you submit a website for review we process the URL you give us, your description and notes, and the result of our automated complexity evaluation. We may fetch your homepage and a small verification file from your server in order to confirm that you control the site you submitted. Legal basis: Art. 6(1)(b) GDPR.

6. Cookies

We use only strictly necessary cookies:

• A session cookie to keep you logged in (HttpOnly, SameSite=Lax, Secure when over HTTPS)
• A CSRF token stored in the session to protect form submissions

We do not use tracking, analytics, or marketing cookies. Your cookie banner choice is stored in the browser's localStorage and recorded once (pseudonymised, with a hashed IP) in our consent log for audit purposes. Legal basis: § 25(2) TTDSG (strictly necessary cookies) and Art. 6(1)(f) GDPR.

7. Email notifications

We use your email address to send you transactional notifications: account verification, password resets, submission confirmations, ownership-verification confirmations, and notifications when your feedback is ready. We do not send marketing emails.

8. Recipients of data

Your data is stored on our hosting provider's servers within the European Union. We do not pass your data on to third parties beyond what is technically necessary to operate the service. There is no payment processor or analytics provider involved because we do not charge for the service and do not run analytics.

9. Retention

Personal data is kept only as long as is necessary for the purposes described above. You can delete your account at any time from your account page; when you do, your profile and all of your project data and feedback are removed permanently.

10. Your rights

You have the right to:

• access (Art. 15 GDPR)
• rectification (Art. 16 GDPR)
• erasure (Art. 17 GDPR)
• restriction of processing (Art. 18 GDPR)
• data portability (Art. 20 GDPR)
• object to processing (Art. 21 GDPR)
• lodge a complaint with a supervisory authority (Art. 77 GDPR)

Please send any requests to privacy@website-feedback.org.

11. Security

We use HTTPS in transit, bcrypt for password hashing, CSRF tokens on every form, prepared statements for all database queries, output escaping to prevent XSS, and strict SSRF protections on the URL fetcher we use to evaluate and verify submitted sites.