Legal

Privacy Policy

Last updated: February 2026 · Applies to: https://stay-bright-wrc.vercel.app

1. Privacy at a Glance

This privacy policy explains what personal data we collect, how we use it, and what rights you have. Personal data is any information that relates to an identified or identifiable natural person.

Operator: Niklas Heist, Lenbachstraße 16, 10245 Berlin

Contact: nkls.hst@gmail.com

Legal basis: GDPR (EU) 2016/679, BDSG (neu), TMG

2. Data Controller

The controller responsible for data processing on this website is:

Niklas Heist
Lenbachstraße 16
10245 Berlin
Deutschland
Email: nkls.hst@gmail.com

3. Hosting

Vercel

This website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. When you visit our website, Vercel automatically processes connection data (IP address, date and time of the request, page accessed, browser type, and operating system). This data is stored in server log files.

Legal basis: Art. 6 Abs. 1 lit. f DSGVO (legitimate interest in secure operation of the website). Vercel processes data in the USA. The transfer is based on EU Standard Contractual Clauses (SCC).

Vercel Privacy Policy: vercel.com/legal/privacy-policy

4. Authentication & Database

Supabase

We use Supabase (Supabase Inc., 970 Trestle Glen Rd, Oakland, CA 94610, USA) for registration, login, and storage of your user data. During registration, we collect the following data:

  • Email address (required)
  • Self-chosen password (stored encrypted)
  • Optional: display name and profile picture
  • User-created content (essays, saved articles)
  • Timestamps of account creation and last login

Legal basis: Art. 6 Abs. 1 lit. b DSGVO (performance of contract). Data is stored as long as the account exists. After account deletion, all personal data is deleted within 30 days.

Supabase Privacy Policy: supabase.com/privacy

5. Cookies and Consent Management

This website uses cookies. Cookies are small text files that your browser stores on your device. We distinguish between technically necessary and optional cookies.

Technically Necessary Cookies

These cookies are required for the operation of the website and cannot be disabled. They are set when you log in and store your session information:

CookiePurposeRetention
sb-access-tokenSupabase Login-SessionSession
sb-refresh-tokenSession renewal1 week
cookie-consentStores your cookie preferences1 year

Optional Cookies (Analytics)

If analytics services are enabled, you will be asked for your consent on your first visit (cookie banner). You can withdraw your consent at any time. Legal basis for optional cookies: Art. 6 Abs. 1 lit. a DSGVO (consent). Without your consent, no tracking cookies will be set.

Browser Settings

You can disable or delete cookies in your browser. Please note that disabling necessary cookies may limit the functionality of the website (e.g., login will not be possible).

6. Your Rights under GDPR

You have the following rights regarding your personal data:

Access (Art. 15 DSGVO): You can request information about the personal data we process about you.
Rectification (Art. 16 DSGVO): You can request the correction of inaccurate data or the completion of incomplete data.
Erasure (Art. 17 DSGVO): You can request the deletion of your data ("right to be forgotten"), provided no retention obligations apply.
Restriction (Art. 18 DSGVO): You can request the restriction of processing, e.g., if the accuracy of the data is disputed.
Data Portability (Art. 20 DSGVO): You can request the transfer of your data in a structured, machine-readable format.
Objection (Art. 21 DSGVO): You can object to the processing of your data if it is based on a legitimate interest.
Withdrawal of Consent (Art. 7 Abs. 3 DSGVO): You can withdraw any consent given at any time with effect for the future.

To exercise your rights, please contact: nkls.hst@gmail.com

7. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your data (Art. 77 DSGVO). The competent authority is that of your habitual residence or our registered office:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
https://www.datenschutz-berlin.de

8. Data Security

We implement technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction, or unauthorized access. This website uses SSL/TLS encryption for security purposes and to protect the transmission of confidential content. Passwords are stored exclusively in encrypted (hashed) form.

9. Information for International Users

Users in the USA (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA): the right to know what personal data we have collected about you; the right to deletion of your data; the right to opt out of the sharing of your data. We do not sell personal data. To exercise these rights, contact: nkls.hst@gmail.com.

Users in the United Kingdom

This website complies with the UK GDPR (UK Data Protection Act 2018). Your rights under the UK GDPR are essentially the same as those under the EU GDPR (Section 6 of this policy). You may lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk.

Users Worldwide

This website is primarily aimed at users in the EU and Germany. The processing of your data is governed by the GDPR, which is widely regarded as a strict data protection standard. By using this website, you agree to the processing of your data in accordance with this privacy policy.

10. Minors

This service is not intended for persons under 16 years of age. We do not knowingly collect data from minors. If you are a parent or guardian and discover that your child has submitted data to us, please contact us at nkls.hst@gmail.com.

11. Changes to this Privacy Policy

We reserve the right to update this privacy policy as needed to comply with legal requirements or to reflect changes to our services. The current version is always available on this page. In the event of material changes, we will notify registered users by email.