This Data Policy ("Policy") outlines the policies and practices for the collection, use, and disclosure of personal data by failfa.st ("we", "us", or "our") in connection with our website https://failfa.st and related services (collectively, the "Services"). This Policy is intended to help users of our Services ("you", "your", or "user") understand what personal data we collect, why we collect it, and how we process it in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
By using our Services, you acknowledge that you have read, understood, and agree to the terms of this Policy. If you do not agree with this Policy, please do not use our Services.
We collect and process the following categories of personal data from you:
a. Account Information: When you sign up for our Services using your Google or GitHub account, we collect your name, email address, profile picture, and any other information you choose to provide.
b. Usage Data: We collect information about your usage of our Services, including the pages you visit, the features you use, and the time you spend on our platform.
c. YouTube Data: When you interact with YouTube videos on our website, YouTube may collect data about your interactions as per their privacy policy.
d. Cookies and Similar Technologies: We use cookies and similar technologies to collect information about your device, browser, and how you interact with our Services.
e. Other Data: We may also collect any other data you voluntarily provide to us, such as feedback, comments, or other communications.
We process your personal data in accordance with the GDPR and other applicable data protection laws. Our legal basis for processing your personal data depends on the specific context in which we collect it:
a. Consent: We may process your personal data based on your explicit consent, such as when you sign up for our Services using your Google or GitHub account, or when you agree to the use of cookies.
b. Legitimate Interests: We may process your personal data to pursue our legitimate interests, such as improving our Services, ensuring their security, or understanding how users interact with our platform. We will always ensure that our legitimate interests do not override your rights and freedoms.
c. Fulfilling a Contract: We may process your personal data to fulfill a contract with you or take steps at your request before entering into a contract, such as providing you with access to our Services.
d. Legal Obligations: We may process your personal data to comply with our legal obligations, such as responding to lawful requests from public authorities or maintaining records for tax purposes.
We process your personal data for the following purposes:
a. Providing and Improving Services: We use your personal data to provide you with access to our Services, to personalize your experience, and to improve the overall quality of our Services.
b. Communication: We use your personal data to communicate with you, respond to your inquiries, and provide you with updates on our Services.
c. Security: We use your personal data to protect the security and integrity of our Services, to prevent unauthorized access, and to investigate and address any potential security incidents.
d. Token Limit Management: We use your personal data to determine and enforce token limits on our platform, ensuring fair usage of our Services among all users.
e. Legal Compliance: We use your personal data to comply with our legal obligations, including responding to lawful requests from public authorities and maintaining records for tax purposes.
We will retain your personal data for as long as necessary to fulfill the purposes for which it was collected, in accordance with our data retention policies and applicable laws. The criteria used to determine the retention period include:
a. The duration of your relationship with us, such as the time you remain a registered user of our Services.
b. The existence of a legal obligation to retain personal data, such as tax or accounting regulations.
c. The need to retain personal data to protect our legal interests, resolve disputes, or enforce our agreements.
When your personal data is no longer needed for the purposes for which it was collected, we will securely delete or anonymize it, in accordance with applicable laws and our internal data retention policies.
We may share your personal data with third parties under the following circumstances:
a. Third-Party Service Providers: We use third-party service providers to help us deliver, maintain, and improve our Services. These providers may access and process your personal data as necessary to perform their services. Our service providers include Vercel (website hosting) and Hetzner (data storage). We have agreements in place with these service providers to ensure that they process your personal data in accordance with our instructions and applicable data protection laws.
b. YouTube: We embed YouTube videos on our website, which may result in YouTube collecting data about your interactions with the videos as per their privacy policy.
c. Legal Obligations: We may disclose your personal data to public authorities, law enforcement agencies, or other third parties when required to do so by law, or to protect our rights and interests, or the rights and interests of our users and partners.
d. Business Transfers: In the event of a merger, acquisition, or other business transfer, we may disclose your personal data to the relevant parties, provided that they agree to protect your personal data in accordance with this Policy.
As our service providers and some third parties are located outside the European Union, your personal data may be transferred to countries that may have different data protection standards. We ensure that adequate safeguards are in place to protect your personal data, in accordance with the GDPR and other applicable laws.
Under the GDPR and other applicable data protection laws, you have various rights regarding your personal data. These rights include:
a. Right of Access: You have the right to request access to the personal data we hold about you.
b. Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
c. Right to Erasure: You have the right to request the deletion of your personal data under certain circumstances, such as when your personal data is no longer necessary for the purposes for which it was collected.
d. Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances, such as when you contest the accuracy of your personal data or object to its processing.
e. Right to Data Portability: You have the right to request that we provide you with a copy of your personal data in a structured, commonly used, and machine-readable format, or that we transmit your personal data to another controller, where technically feasible.
f. Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes or when our processing is based on our legitimate interests, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms.
g. Right to Withdraw Consent: If our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Please note that withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
To exercise any of your rights, please contact us using the contact information provided in this Policy. We will respond to your request within one month, in accordance with the GDPR and other applicable laws.
We take the security of your personal data very seriously and have implemented technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These measures include:
a. Secure data storage: Your personal data is stored on secure servers provided by Hetzner in Germany.
b. Encryption: We use encryption to protect your personal data when it is transmitted between your device and our servers, as well as when it is stored on our servers.
c. Access control: We restrict access to your personal data to our employees, contractors, and service providers who need access to the data to perform their duties and are subject to strict confidentiality obligations.
d. Regular audits and updates: We regularly review and update our security measures to ensure they remain effective and in line with industry standards.
Please note that no method of data transmission or storage can be guaranteed to be 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security.
We use the following third-party service providers to process your personal data:
a. Vercel: We use Vercel for website hosting. Vercel processes your personal data in accordance with their privacy policy, which can be found at https://vercel.com/legal/privacy-policy.
b. Hetzner: We use Hetzner for data storage. Hetzner processes your personal data in accordance with their privacy policy, which can be found at https://www.hetzner.com/rechtliches/datenschutz.
c. YouTube: We embed YouTube videos on our website, which may result in YouTube collecting data about your interactions with the videos. YouTube processes your personal data in accordance with their privacy policy, which can be found at https://policies.google.com/privacy.
d. Google: We allow users to sign in using their Google accounts. Google processes your personal data in accordance with their privacy policy, which can be found at https://policies.google.com/privacy.
e. GitHub: We allow users to sign in using their GitHub accounts. GitHub processes your personal data in accordance with their privacy policy, which can be found at https://docs.github.com/en/github/site-policy/github-privacy-statement.
We have agreements in place with these third-party service providers to ensure that they process your personal data in accordance with our instructions and applicable data protection laws. We also ensure that adequate safeguards are in place to protect your personal data when it is processed by these service providers.
In the event of a personal data breach, we will take appropriate measures to address the breach, including notifying the relevant data protection authority and affected users, in accordance with the GDPR and other applicable laws.
If we become aware of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. The notification will include, where possible, the nature of the breach, the categories and approximate number of affected users, the likely consequences of the breach, the measures we have taken or propose to take to address the breach, and contact information for further inquiries.
If you have any questions or concerns about this Data Policy, or if you would like to exercise your rights under the GDPR or other applicable data protection laws, please contact us using the information below:
failfa.st
Gregor Adams, Tim Pietrusky
Nonnenstieg 30, 20149, Hamburg
Email: tim.pietrusky@failfa.st
We reserve the right to update this Data Policy at any time to reflect changes in our practices, services, or legal requirements. When we make changes to the Data Policy, we will update the "last modified" date at the top of the Policy and, where appropriate, notify you by email or through a prominent notice on our website. We encourage you to review this Data Policy periodically to stay informed about our data protection practices.
Your continued use of our Services after any changes to this Data Policy constitutes your acceptance of the updated Policy. If you do not agree to the changes, please discontinue your use of our Services.
Last updated: 2023-04-18