Mistireon
Sign in

Privacy Policy

Last updated: [to be set at launch]

1. Who is responsible

Mistireon is operated by [name and contact details — see Impressum]. We are the data controller for personal data processed through this site. You can contact us using the details in our Impressum or through the contact form.

2. What we collect

We aim to collect as little personal data as possible. Depending on how you use the site, this may include your account data (your email address, used to create and secure your account, and your chosen username, which is public); content you submit (comments and messages you send us, including through the contact form); and technical data (like most websites, our hosting providers automatically process limited technical information such as IP addresses and request logs, as a normal part of delivering and securing the site).

We do not run advertising or third-party analytics, and we do not build profiles of our users.

3. Why we process it, and on what basis

We process your data to provide the service (create your account, let you log in, display your username and comments), to operate and secure the site (prevent abuse, moderate content, keep the site running), and to respond to messages you send us. We rely on the GDPR’s lawful bases of contract, legitimate interests, and — where it applies — your consent.

4. Cookies

We use only essential cookies needed to keep you logged in and to operate the site. We do not use advertising or tracking cookies, so no cookie-consent banner is required.

5. Who processes your data

We use a small number of trusted service providers to run the site. Supabase provides our database and account system, with data hosted in the EU (Frankfurt, Germany). Vercel provides website hosting and delivery. Ko-fi and Stripe are used only if you choose to make a donation — payments are handled entirely by them, and we never receive or store your card details. We also use an email provider to send account-related emails such as confirmation messages. These providers process data only as needed to provide their service to us.

6. How long we keep it

We keep your account data for as long as your account exists. Comments and messages are kept while they remain relevant to the site. Technical logs are kept only for a limited period by our hosting providers. You can ask us to delete your data (see below).

7. Your rights

Under the GDPR, you have the right to access your data, correct it, request its deletion, restrict or object to processing, and request a copy in a portable format. To exercise any of these, contact us using the details in our Impressum or via the contact form. You also have the right to complain to a data protection supervisory authority.

8. Data outside the EU

Your account data is stored in the EU. Some providers (such as our hosting and payment services) may process limited data outside the EU; where they do, they are required to use appropriate legal safeguards.

9. Changes

We may update this policy from time to time. The “last updated” date above shows when it last changed.

10. Contact

For any privacy questions or requests, reach us via the details in our Impressum or through the contact form.