Privacy Policy
Last updated: November 2025
At ebio.gg, we take your privacy seriously.
1. Introduction
This Privacy Policy explains how ebio.gg, operated by Le Clement UG (haftungsbeschränkt), processes personal data when you visit our website or use our services. We are committed to protecting your privacy and handling your data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Data Controller
The data controller within the meaning of the GDPR is:
Le Clement UG (haftungsbeschränkt) Jahnstraße 17 71032 Böblingen, Germany Email: [email protected]
If you have questions about this Privacy Policy or wish to exercise your rights, you may contact us at any time.
3. Categories of Data We Process
We process the following categories of personal data depending on how you use our service:
- Account data: username, email address, password hash.
- Profile content: text, links, images, modules and settings you add to your public ebio profile.
- Technical data: IP address (anonymized for analytics), browser information, device type, access times.
- Server logs: automatically collected logs for security and stability.
- Payment-related data: If you purchase a paid plan, payments are processed via Stripe. We do not store full payment details on our servers. Stripe receives and processes payment information (such as card data, billing details, and transaction metadata) directly according to their PCI-DSS compliant infrastructure. We only receive limited metadata required to confirm your subscription status (e.g., payment success, renewal status, customer ID).
- Self-hosted communication data: emails sent via our Mailu email infrastructure.
- Embedded content data: data transmitted when loading YouTube, Spotify or Twitter embeds on a profile, as requested by the user.
4. Purposes and Legal Bases
We process your personal data only where permitted by law. According to Art. 6 GDPR, data may be processed for the following purposes and legal bases:
- Service operation (Art. 6(1)(b) GDPR): Creating and managing your account, operating your profile, delivering content.
- Security and server stability (Art. 6(1)(f) GDPR): Processing IP addresses and logs to prevent abuse and ensure uptime.
- Analytics and performance measurement (Art. 6(1)(a) or 6(1)(f) GDPR): Cloudflare Web Analytics (anonymous) and Google Analytics (with anonymized IP). GA requires user consent if local law demands.
- Communication (Art. 6(1)(b) and 6(1)(f) GDPR): Transactional emails such as account notifications.
- Consent-based processing (Art. 6(1)(a) GDPR): Loading third-party embeds (YouTube, Twitter, Spotify) may transfer data to the respective providers.
5. Hosting and Infrastructure
Our infrastructure is fully self-hosted:
- Hosting Provider: Contabo GmbH, Germany.
- Database: Pocketbase (self-hosted) using SQLite.
- Email Infrastructure: Mailu (self-hosted) — no data is processed by external email providers.
All user data is stored exclusively on our servers located in Germany.
6. Analytics
We use Cloudflare Web Analytics and Google Analytics to understand how our service is used.
- Processes only anonymized data.
- Does not use cookies.
- No personal identifiers.
Cloudflare Web Analytics
- IP addresses are anonymized before storage.
- Google LLC may process data in the US.
- Data transfer is based on the EU–US Data Privacy Framework and Standard Contractual Clauses (SCCs).
- You may opt out by refusing analytics cookies or adjusting your cookie preferences.
Google Analytics (with anonymizeIp)
7. Cookies and Local Storage
ebio.gg uses:
- Essential cookies / local storage: Required for login, session handling and user-specific settings.
- Analytics cookies (Google Analytics): Only with user consent.
You can adjust or revoke your consent at any time.
8. Public Profiles
Public ebio profiles are accessible to anyone on the internet. Any information you choose to publish including text, usernames, links, embedded content, and images will be publicly visible.
You are responsible for the visibility of your profile content. We strongly recommend avoiding sensitive personal information.
9. Third-Party Embeds (YouTube, Spotify, Twitter)
If you activate modules that load external content, your browser connects directly to the third-party provider. This means these providers may receive your IP address and other technical data.
- YouTube (Google LLC)
- Spotify AB
- Twitter / X Corp.
We only load these embeds when you add them to your profile or visit a profile containing them. Data processing is based on your explicit action and therefore on Art. 6(1)(a) GDPR (consent). You can remove embeds at any time.
10. Server Log Files
- IP address (shortened in analytics systems)
- Browser type
- Timestamp
- Request URL
For security, stability and fraud prevention we store log files containing:
Legal basis: Art. 6(1)(f) GDPR (legitimate interest). Log files are deleted regularly unless needed for investigations.
11. Data Retention
We store personal data only as long as necessary:
- Account data: until your account is deleted.
- Public profile content: until you remove it.
- Log files: typically 30–90 days.
- Self-hosted email data: only for delivery and troubleshooting.
- Analytics data: according to the retention settings of each analytics provider (Google Analytics default settings with anonymization).
12. Third-Country Transfers
While our core infrastructure is located in Germany, certain analytics tools and embed providers may process data in third countries such as the United States.
- EU–US Data Privacy Framework (where applicable).
- Standard Contractual Clauses (SCCs).
- Additional technical/security measures.
Transfers are based on:
We ensure that all required safeguards under Art. 44–49 GDPR are applied.
13. Your Rights Under GDPR
- Right of access (Art. 15)
- Right to rectification (Art. 16)
- Right to erasure (Art. 17)
- Right to restriction (Art. 18)
- Right to data portability (Art. 20)
- Right to object (Art. 21)
- Right to withdraw consent (Art. 7)
- Right to lodge a complaint with a supervisory authority (Art. 77)
You have the following rights:
To exercise your rights, please contact: [email protected]
14. Data Security
We use modern technical and organizational measures including encryption, access control, network protection and self-hosted infrastructure to secure your personal data. Nevertheless, no internet-based system is completely secure.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our service, technology or legal requirements.
- The latest version is always available at https://ebio.gg/legal/privacy.
- We will notify users via email about significant changes.
- Users are responsible for reviewing this policy regularly.
Use of our service after changes take effect constitutes acceptance of the updated Privacy Policy.
16. Contact
If you have questions about this Privacy Policy or your personal data, please contact us at [email protected].
