TRINKHALLEN.APP
de/en
Login

Privacy policy

We store as little as possible. No trackers, no analytics, no advertising. What we process and why is set out in full here.

This is a courtesy translation. The German version is the legally binding one.

Controller

Jonas Strassel
Am Kappelgarten 24
60389 Frankfurt am Main
Email: feedback@trinkhallen.app

Anonymous use of the map

You can use the map completely anonymously — no account, no login. When the page is loaded, technically unavoidable data (IP address, user agent, requested URL) is logged in the server logs of our host, Cloudflare. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the operation and security of the site). Storage period: a maximum of 30 days.

Login by email (magic link)

When you log in by magic link, we store your email address, a hashed version of the one-time token, and your IP address and user agent (for abuse protection). The token becomes invalid once redeemed, or after 15 minutes at the latest. Legal basis: Art. 6(1)(b) GDPR (performance of the usage relationship).

Login via Google

If you log in via Google, we store only your email address and a stable internal ID from your Google profile. We store neither your name nor your profile picture — should Google transmit them, we discard them. When you are redirected to Google, your browser shares your IP address with Google. We process the data solely to recognise you and attribute your content (ratings, corrections, check-ins) to you. Legal basis: Art. 6(1)(b) GDPR; data is only transmitted to Google if you actively start the login.

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy: policies.google.com/privacy.

Login via Apple

If you log in via “Sign in with Apple”, we receive your email address and a stable internal ID from Apple. If you choose Apple's “Hide My Email”, that is an anonymous relay address — we can only reach you by email through it, without knowing your real address. We don't ask for a name, and Apple doesn't provide a profile picture. We process the data solely to recognise you and attribute your content to you. Legal basis: Art. 6(1)(b) GDPR; data is only transmitted to Apple if you actively start the login.

Provider: Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. Privacy: apple.com/legal/privacy.

Session cookie

When you're logged in, we set a single session cookie (__Host-tk_sess) containing a random, cryptographically signed ID. It is HttpOnly, Secure and expires after 30 days of inactivity. We use no tracking or marketing cookies. Legal basis: Art. 6(1)(b) GDPR (technically necessary for operation).

Your own contributions

Ratings, data corrections, Späti suggestions and check-ins are stored linked to your user account. Approved corrections and suggestions are additionally folded into the public, openly licensed dataset trinkhallen-data and become a permanent part of the open history there. A random UUID with no personal reference for outsiders is stored with the entry. The only thing publicly visible next to your ratings is your automatically generated, pseudonymous handle (e.g. @pfand_pirat) — never your name. Legal basis: Art. 6(1)(b) GDPR.

Third parties & data transfers

  • Cloudflare (Workers, D1 database, edge cache): hosting of the application. Location: worldwide. A data processing agreement (DPA) and standard contractual clauses are in place.
  • Google: only if you use the Google login (see above).
  • OpenFreeMap: provides the map tiles. When the map is displayed, your browser shares your IP address with OpenFreeMap to deliver the tiles. Provider: openfreemap.org.
  • Photon (Komoot): pre-fills the address on /add from your chosen map position. Your browser sends the coordinates to Photon (based on OpenStreetMap data); the IP address is technically unavoidable. Provider: Komoot GmbH; photon.komoot.io.

Storage period

Account and contribution data remain stored as long as your account exists. Delete your account by sending a short email to the address above — we delete it within 14 days. Server logs are automatically discarded after a maximum of 30 days. Magic-link tokens are invalid once redeemed or after 15 minutes.

Your rights

You have the right at any time to access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection (Art. 21). A short email to feedback@trinkhallen.app is enough.

You also have the right to lodge a complaint with a data protection supervisory authority — the one responsible for us: The Hessian Commissioner for Data Protection and Freedom of Information.

Android app (Trusted Web Activity)

The Android app on the Google Play Store (app.trinkhallen.twa) is a Trusted Web Activity — technically, it loads only this website in a full-screen Chrome browser container. There is no separate app data path, no additional trackers, and no processing beyond the data flows described above. All the rules stated here on logging, login, cookies and contributions apply identically to the app.

Independently of this, Google Play collects technical telemetry when the app is installed, updated or uninstalled (device and Android version, country, optional crash reports). We have no direct access to this data; it is subject to the Google privacy policy. Push notifications are currently not enabled.

Changes

This statement may change as we develop the service further. The current version is always shown here. We will announce material changes before they take effect.