Data Protection
1. Controller
The controller responsible for data processing on this website and in the provided demo applications is:
Vladyslav Marchenko
c/o COCENTER
Koppoldstr. 1
86551 Aichach
Deutschland
E-mail: contact@vladyslavm.dev
2. Scope
This privacy policy applies to this Gateway website and to the demo applications linked from it. The linked demo applications are provided exclusively for technical demonstration and evaluation purposes. No real assets are managed and no real money is processed.
3. Purposes and Legal Bases of Processing
Personal data are processed on a limited basis for the technical operation of the website and the demo applications, for providing requested demo functionality, for authentication, abuse prevention, error analysis, and for maintaining the integrity and security of the systems.
The legal bases are, in particular:
- Article 6(1)(b) GDPR insofar as processing is necessary to provide requested demo functionality and user accounts;
- Article 6(1)(f) GDPR for the secure operation of the website and demo applications, abuse prevention, rate limiting, error analysis, and IT security.
4. Categories of Data Processed
Depending on the service used, the following categories of data may be processed:
- display names, usernames, and other account identifiers
- password hashes
- session and authentication data
- strictly necessary cookie information and comparable storage mechanisms
- workspace IDs and other technically necessary demo identifiers
- application-specific demo data, for example notifications, audit and approval data, as well as auction, bid, and wallet data
- technical IP data for server-side rate limiting and abuse prevention
5. Recipients
Data may be disclosed to technical service providers engaged by me insofar as this is necessary for hosting, network operation, security, and the provision of the applications. No disclosure takes place for advertising or tracking purposes.
netcup GmbH is used as the technical hosting provider.
6. Place of Processing
Processing location: Germany / EU/EEA.
7. Retention Period
The demo applications are designed as isolated sandbox environments. Application-specific demo data are automatically deleted after 24 hours. Backups of such demo data are not retained.
This does not affect temporary security-related and connection-related data that must be processed for the secure operation of the services.
8. Cookies and Comparable Technologies
Depending on the service used, only strictly necessary cookies or comparable storage mechanisms are used. These serve, in particular, authentication, session management, and the storage of user interface preferences such as theme mode.
No third-party tracking cookies and no analytics tools are used.
9. Automated Decision-Making
No automated decision-making, including profiling within the meaning of Article 22 GDPR, takes place.
10. Rights of Data Subjects
Subject to the applicable legal requirements, data subjects have the right to obtain access to their personal data, to request rectification of inaccurate data, erasure, restriction of processing, to object to processing, and - where applicable - to data portability.
To exercise these rights, an informal message to the contact address stated above is sufficient.
11. Right to Lodge a Complaint
Data subjects also have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place of the alleged infringement.
12. Product-Specific Information
The linked demo applications contain additional technical information, in particular regarding demo operation, data isolation, deletion periods, strictly necessary cookies, and server-side rate limiting.
- Vault Demo: https://vault.vladyslavm.dev/data-protection
- Auction Demo: https://auction.vladyslavm.dev/data-protection
13. DOMgeist Browser Extension
DOMgeist is a local-first browser extension for auditing the currently open page. At the user's request, the extension checks technical signals for accessibility, performance, security headers, SEO, storage, and detected web technologies.
Scan results, page snapshots, browsing activity, cookies, storage data, and exported reports are not transmitted to the developer. Processing takes place locally in the user's browser.
Local AI is disabled by default. When the user enables Local AI, DOMgeist can send minimized scan data to the user's local Ollama endpoint. DOMgeist does not send this data to the developer or to a cloud service operated by DOMgeist.