Privacy Policy - FastStats

1. Controller Information

Data Controller
TheNextLvl Productions
Sole proprietorship

Location
Germany, Baden-Württemberg

Contact
Email: [email protected]

Imprint
Further legal and contact information is available via the Imprint.

2. Scope of This Policy

This Privacy Policy applies to:

The faststats.dev website
The logged-in application and dashboard
Publicly accessible views of unrestricted applications

It does not apply to third-party websites or services linked from faststats.dev.

3. Data We Collect

3.1 Account Data

When you create an account, we collect:

Email address
Username
Password (stored only in encrypted/hashed form)

3.2 Usage and Analytics Data

We use PostHog Cloud (EU region) to analyze usage of the Service. Through PostHog, we process:

Device and browser information
Usage events (e.g. page views, feature usage)
Session recordings
Identified user behavior linked to an account

Important clarifications:

We do not store or access IP addresses
We do not collect advertising identifiers
We do not sell or share data for advertising purposes

3.3 User-Submitted Service Data

Users submit application data to faststats.dev server-to-server, not via client-side user input. This data is processed solely to provide the Service.

Developer-submitted content is managed and controlled by the developers themselves. While our Terms of Service remain fully applicable, the legal obligation for ensuring compliance with applicable data protection laws rests with the developer. FastStats will take action if it becomes aware of any violations.

4. Cookies and Tracking Technologies

We use cookies and similar technologies for:

Essential service functionality
Analytics and product improvement (via PostHog)

Cookie Consent

For unauthenticated users, analytics cookies are optional
For authenticated users, certain cookies are required for the Service to function
A cookie consent banner is provided where required by law

5. Purposes and Legal Bases of Processing

We process personal data for the following purposes:

Purpose	Legal Basis (GDPR)
Account creation and authentication	Art. 6(1)(b) GDPR (contract)
Providing and operating the Service	Art. 6(1)(b) GDPR
Analytics and product improvement	Art. 6(1)(a) GDPR (consent) and/or Art. 6(1)(f) GDPR (legitimate interest)
Security and abuse prevention	Art. 6(1)(f) GDPR
Legal compliance	Art. 6(1)(c) GDPR

6. Data Sharing and Sub-Processors

We do not sell personal data and do not share it for advertising purposes.

We use the following sub-processors to operate the Service:

Railway – application hosting
Fly.io (EU) – application hosting
Tinybird (Frankfurt) – managed Clickhouse database hosting
PlanetScale (Frankfurt) – managed PostgreSQL database hosting
Cloudflare – content delivery network and security, storing profile pictures
Resend – transactional email delivery
PostHog Cloud (EU) – Product Analytics
Polar – subscription and billing management (receives username, email address, and aggregated usage counts such as number of events, errors, replays, or vitals; no actual analytics data is shared)

Most processing takes place within the European Union (Amsterdam region).

7. International Data Transfers

Data never leaves the European Union. Data is stored in Frankfurt and partially processed in Amsterdam.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, including legal, accounting, or technical requirements.

You may delete your account at any time, which will result in the deletion of associated personal data unless retention is legally required.

9. User Rights

Under the GDPR, you have the right to:

Access your personal data
Request deletion of your personal data
Restrict or object to processing
Data portability

How to Exercise Your Rights

Account data access and deletion can be managed directly in the account settings
Username and email address can be corrected in the settings
Additional requests may be submitted via [email protected]

You also have the right to lodge a complaint with a supervisory authority.

10. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

Encrypted password storage
Access controls
Secure infrastructure and hosting providers

No system can guarantee absolute security, but we take data protection seriously.

11. Children's Privacy

The Service is not specifically intended for children. We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date will be revised accordingly.

If changes are significant, we will notify users via:

The website
Email
Our Discord server

13. Contact

If you have any questions or concerns about this Privacy Policy or data processing, please contact:

[email protected]