Privacy policy

1. Data controller

Controller per Art. 4(7) GDPR:
David Schindler
Wacholderweg 3, 93197 Zeitlarn, Deutschland
Email: info@doing-good.org

2. What we process and why

Server logs: IP, timestamp, URL, browser, referrer. Auto-deleted after 14 days. Legal basis: Art. 6(1)(f) GDPR.

Account data: email, display name, bcrypt password hash, verification status. Kept while your account exists. Legal basis: Art. 6(1)(b).

Cookies: only essential cookies (auth + language) by default. Optional analytics cookies are set only after explicit consent via the cookie banner.

Email delivery (Resend Inc., USA): we send verification + password-reset emails via Resend. Email transferred under EU Standard Contractual Clauses.

3. We never sell or rent your data

Personal data is only shared with processors (Resend for email, our hosting provider) — never for ads or third-party tracking.

4. Your GDPR rights

Access, rectification, erasure, restriction, portability, objection, withdrawal of consent, complaint to a supervisory authority. Email us at info@doing-good.org; we respond within 30 days.

5. Security

Passwords stored as bcrypt hashes. 15-minute lockout after repeated failed logins. End-to-end HTTPS/TLS.

6. Changes

We update this policy when our technical or legal situation changes. The "last updated" date above reflects the latest version.