Last updated: March 13, 2026
The controller responsible for the processing of personal data on this website within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection laws is:
Marco SchoosWe process personal data of our users only to the extent necessary to provide a functioning website and our content and services. Personal data is generally only processed after the user has given their consent. An exception applies where obtaining prior consent is not possible for factual reasons and the processing of data is permitted by statutory provisions.
Where we obtain the consent of the data subject for processing operations involving personal data, Art. 6(1)(a) GDPR serves as the legal basis. For the processing of personal data necessary for the performance of a contract, Art. 6(1)(b) GDPR serves as the legal basis. Where processing is necessary for compliance with a legal obligation, Art. 6(1)(c) GDPR serves as the legal basis. Where processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, and those interests are not overridden by the interests or fundamental rights of the data subject, Art. 6(1)(f) GDPR serves as the legal basis.
Each time our website is accessed, our system automatically collects data and information from the computer system of the requesting device. The following data is collected:
The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR. Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's device. The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collected to provide the website, this occurs when the respective session has ended. Log files are deleted no later than seven days after collection.
Users can create an account on our website. The following mandatory information is required for registration:
Registration serves to provide personalised content and access to additional features of the platform. Processing is carried out on the basis of Art. 6(1)(b) GDPR (performance of a contract). Data is stored for as long as the user account exists. Upon deletion of the account, data is deleted unless statutory retention obligations require otherwise.
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.
We use technically necessary cookies to ensure user authentication. These cookies contain encrypted session tokens ( sb_access, sb_refresh) and are set as HttpOnly cookies so they cannot be read via JavaScript. The legal basis for processing is Art. 6(1)(f) GDPR (legitimate interest in a secure authentication process).
Session cookies are automatically deleted when the browser is closed. Persistent cookies are deleted after the specified time period has elapsed.
The user can prevent cookies from being set by our website at any time by adjusting their browser settings, thereby permanently objecting to the setting of cookies. Cookies that have already been set can be deleted at any time via a browser or other software programs. This is possible in all common internet browsers.
We use Supabase for authentication and database services (Supabase Inc., 970 Trestle Glen Rd, Oakland, CA 94610, USA). Supabase processes personal data (in particular email addresses) as part of user management. A data processing agreement pursuant to Art. 28 GDPR is in place. For more information on data protection at Supabase, please visit https://supabase.com/privacy.
We use an AI-powered service to evaluate code reviews. The content of submitted reviews may be transmitted to this service for processing. No additional personal data is collected in this context. Processing is carried out on the basis of Art. 6(1)(b) GDPR.
Personal data is deleted or blocked as soon as the purpose for which it was stored no longer applies. Storage beyond this period may occur where required by European or national legislators through regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted when a retention period prescribed by such standards expires, unless further storage is necessary for the conclusion or performance of a contract.
User data is deleted no later than the deletion of the user account. Server log files are automatically deleted after seven days.
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights against the controller:
You may request confirmation from the controller as to whether personal data concerning you is being processed by us. Where such processing exists, you may request information from the controller about the purposes of processing, the categories of personal data concerned, recipients, retention periods, and other details listed in Art. 15 GDPR.
You have the right to obtain from the controller the rectification and/or completion of inaccurate or incomplete personal data concerning you.
You may request from the controller the erasure of personal data concerning you without undue delay where one of the grounds listed in Art. 17 GDPR applies.
Where the conditions set out in Art. 18 GDPR are met, you may request the restriction of processing of personal data concerning you.
You have the right to receive personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format (Art. 20 GDPR).
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) or (f) GDPR.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority — in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement — if you consider that the processing of personal data relating to you infringes the GDPR.
The competent supervisory authority in Germany is the data protection commissioner (Landesbeauftragter für den Datenschutz und die Informationsfreiheit) of the federal state in which the controller is established.
Under current statutory requirements (Art. 37 GDPR), we are not required to appoint a data protection officer as the applicable conditions are not met. For any data protection-related enquiries, please contact the controller directly using the contact details provided above.
We reserve the right to update this Privacy Policy to ensure it always reflects current legal requirements or to implement changes to our services, for example when introducing new features. Your next visit will be governed by the updated Privacy Policy.