Privacy Policy

Last updated: November 2025

At ebio.gg, we take your privacy seriously.

1. Introduction

This Privacy Policy explains how ebio.gg, operated by Le Clement UG (haftungsbeschränkt), processes personal data when you visit our website or use our services. We are committed to protecting your privacy and handling your data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller within the meaning of the GDPR is:

Le Clement UG (haftungsbeschränkt) Jahnstraße 17 71032 Böblingen, Germany Email: [email protected]

If you have questions about this Privacy Policy or wish to exercise your rights, you may contact us at any time.

3. Categories of Data We Process

We process the following categories of personal data depending on how you use our service:

  • Account data: username, email address, password hash.
  • Profile content: text, links, images, modules and settings you add to your public ebio profile.
  • Technical data: IP address (anonymized for analytics), browser information, device type, access times.
  • Server logs: automatically collected logs for security and stability.
  • Payment-related data: If you purchase a paid plan, payments are processed via Stripe. We do not store full payment details on our servers. Stripe receives and processes payment information (such as card data, billing details, and transaction metadata) directly according to their PCI-DSS compliant infrastructure. We only receive limited metadata required to confirm your subscription status (e.g., payment success, renewal status, customer ID).
  • Self-hosted communication data: emails sent via our Mailu email infrastructure.
  • Embedded content data: data transmitted when loading YouTube, Spotify or Twitter embeds on a profile, as requested by the user.

4. Purposes and Legal Bases

We process your personal data only where permitted by law. According to Art. 6 GDPR, data may be processed for the following purposes and legal bases:

  • Service operation (Art. 6(1)(b) GDPR): Creating and managing your account, operating your profile, delivering content.
  • Security and server stability (Art. 6(1)(f) GDPR): Processing IP addresses and logs to prevent abuse and ensure uptime.
  • Analytics and performance measurement (Art. 6(1)(a) or 6(1)(f) GDPR): Cloudflare Web Analytics (anonymous) and Google Analytics (with anonymized IP). GA requires user consent if local law demands.
  • Communication (Art. 6(1)(b) and 6(1)(f) GDPR): Transactional emails such as account notifications.
  • Consent-based processing (Art. 6(1)(a) GDPR): Loading third-party embeds (YouTube, Twitter, Spotify) may transfer data to the respective providers.

5. Hosting and Infrastructure

Our infrastructure is fully self-hosted:

  • Hosting Provider: Contabo GmbH, Germany.
  • Database: Pocketbase (self-hosted) using SQLite.
  • Email Infrastructure: Mailu (self-hosted) — no data is processed by external email providers.

All user data is stored exclusively on our servers located in Germany.

6. Analytics

We use Cloudflare Web Analytics and Google Analytics to understand how our service is used.

  • Processes only anonymized data.
  • Does not use cookies.
  • No personal identifiers.

Cloudflare Web Analytics

  • IP addresses are anonymized before storage.
  • Google LLC may process data in the US.
  • Data transfer is based on the EU–US Data Privacy Framework and Standard Contractual Clauses (SCCs).
  • You may opt out by refusing analytics cookies or adjusting your cookie preferences.

Google Analytics (with anonymizeIp)

7. Cookies and Local Storage

ebio.gg uses:

  • Essential cookies / local storage: Required for login, session handling and user-specific settings.
  • Analytics cookies (Google Analytics): Only with user consent.

You can adjust or revoke your consent at any time.

8. Public Profiles

Public ebio profiles are accessible to anyone on the internet. Any information you choose to publish including text, usernames, links, embedded content, and images will be publicly visible.

You are responsible for the visibility of your profile content. We strongly recommend avoiding sensitive personal information.

9. Third-Party Embeds (YouTube, Spotify, Twitter)

If you activate modules that load external content, your browser connects directly to the third-party provider. This means these providers may receive your IP address and other technical data.

  • YouTube (Google LLC)
  • Spotify AB
  • Twitter / X Corp.

We only load these embeds when you add them to your profile or visit a profile containing them. Data processing is based on your explicit action and therefore on Art. 6(1)(a) GDPR (consent). You can remove embeds at any time.

10. Server Log Files

  • IP address (shortened in analytics systems)
  • Browser type
  • Timestamp
  • Request URL

For security, stability and fraud prevention we store log files containing:

Legal basis: Art. 6(1)(f) GDPR (legitimate interest). Log files are deleted regularly unless needed for investigations.

11. Data Retention

We store personal data only as long as necessary:

  • Account data: until your account is deleted.
  • Public profile content: until you remove it.
  • Log files: typically 30–90 days.
  • Self-hosted email data: only for delivery and troubleshooting.
  • Analytics data: according to the retention settings of each analytics provider (Google Analytics default settings with anonymization).

12. Third-Country Transfers

While our core infrastructure is located in Germany, certain analytics tools and embed providers may process data in third countries such as the United States.

  • EU–US Data Privacy Framework (where applicable).
  • Standard Contractual Clauses (SCCs).
  • Additional technical/security measures.

Transfers are based on:

We ensure that all required safeguards under Art. 44–49 GDPR are applied.

13. Your Rights Under GDPR

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)
  • Right to withdraw consent (Art. 7)
  • Right to lodge a complaint with a supervisory authority (Art. 77)

You have the following rights:

To exercise your rights, please contact: [email protected]

14. Data Security

We use modern technical and organizational measures including encryption, access control, network protection and self-hosted infrastructure to secure your personal data. Nevertheless, no internet-based system is completely secure.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our service, technology or legal requirements.

  • The latest version is always available at https://ebio.gg/legal/privacy.
  • We will notify users via email about significant changes.
  • Users are responsible for reviewing this policy regularly.

Use of our service after changes take effect constitutes acceptance of the updated Privacy Policy.

16. Contact

If you have questions about this Privacy Policy or your personal data, please contact us at [email protected].

Minecraft Windows 10 Lockscreen

© 2025 ebio.gg. All rights reserved.


ebio is an independent platform designed for gamers and creators to express their digital identity. All referenced game titles, brands, and assets belong to their respective owners. ebio is not affiliated with or endorsed by any game publisher or studio — we simply connect your worlds in one place.

Made in Germany. Hosted securely in the EU.