Privacy Policy

Information according to Art. 13 GDPR

1. Controller

The controller responsible for data processing on this website is:

Julius Lennartz
Bahnhofstraße 165
47137 Duisburg
Germany
Email: [email protected]

2. Overview of Data Processing

BoundLore is a community-driven fan wiki. To offer account registration, content submission, comments and ratings, we process the following categories of personal data: account data (username, email address, hashed password), content you submit (posts, comments, ratings, reports), and technical data (IP address, timestamps) generated automatically when using the site.

3. Hosting and Infrastructure

This website is hosted via GitHub Pages (GitHub, Inc., USA) and uses Cloudflare for domain and content delivery. Our backend, database and authentication service is provided by Supabase (Supabase Inc.), with data stored in a database hosted in the EU (Frankfurt, Germany) region.

4. Account Registration

Data processed: username, email address, password (stored as a secure hash, never in plain text).

Purpose: to allow you to create an account, verify your email address, log in, and submit content after verification.

Legal basis: Art. 6 (1)(b) GDPR (performance of a contract / provision of the service you requested by registering).

Storage duration: account data is stored until you delete your account or request deletion via [email protected].

5. Email Verification and Password Reset

To verify your email address and to enable secure password resets, transactional emails are sent to the address you provided via our authentication provider (Supabase Auth). These emails are strictly necessary for account security and are not used for marketing purposes. Legal basis: Art. 6 (1)(b) and (f) GDPR (legitimate interest in account security).

6. User-Generated Content

Posts, comments, ratings and reports you submit are stored together with a reference to your account and a timestamp. Posts containing links or images are reviewed by an administrator before being published. Legal basis: Art. 6 (1)(a) and (b) GDPR (your consent by submitting content, and performance of the service).

7. Reports and Moderation

If you report a post for violating our community guidelines, the report (including your account reference and the reason given) is visible only to administrators for moderation purposes. Legal basis: Art. 6 (1)(f) GDPR (legitimate interest in maintaining a safe community).

8. Cookies and Local Storage

We use technically necessary cookies/local storage to keep you logged in (session management) and to enforce basic rate-limiting for spam prevention on public forms. These do not require consent under § 25 (2) TDDDG as they are strictly necessary for the functionality you requested. We do not use tracking or advertising cookies.

9. Your Rights

Under the GDPR, you have the right to:

To exercise any of these rights, contact us at [email protected].

10. Account Deletion

You may request deletion of your account and associated personal data at any time by emailing [email protected] from the email address associated with your account. We will process deletion requests within 30 days. Please note that publicly submitted content (posts, comments) may be anonymised rather than fully deleted where necessary to preserve the coherence of the wiki, unless you specifically request full removal.

11. Data Security

We use industry-standard security measures, including encrypted password storage (hashing), Row Level Security on our database, and HTTPS encryption for all data in transit.

12. Changes to this Policy

We may update this privacy policy to reflect changes to our practices or for legal reasons. The current version is always available on this page.

Last updated: July 2026