Privacy Policy

1. Data Controller

The controller responsible for processing personal data on this platform is the operator of this Information Crawler instance (contact details in the Legal Notice).

2. What Data We Process

2.1 Registration and User Account

During registration we collect:

Email address – for account creation, login, and the email digest
Password – stored as a bcrypt hash (never in plaintext)

Email confirmation (double opt-in) is required before an account is activated. The time of your consent is recorded.

2.2 User Profile

You may optionally provide:

Preferred language(s) for the digest (e.g. German, English)
Digest frequency (every 4 hours, daily, weekly)

2.3 Subscriptions

For each subscription we store the subscribed source blog, optional keywords and tag filters, and the timestamp of the last digest sent.

2.4 Digest Emails

The email digest is sent exclusively to your registered email address and contains links to publicly accessible articles. No tracking is performed (no open or click tracking).

2.5 Technical Logs

Server operation produces logs that may contain IP addresses and timestamps. These are deleted after at most 14 days.

3. Legal Bases (GDPR)

Art. 6(1)(a) GDPR – Consent (double opt-in at registration)
Art. 6(1)(b) GDPR – Performance of a contract (operating the digest service)

4. Disclosure to Third Parties

We do not share your personal data with third parties. This platform is self-hosted; no data is transferred to external analytics or advertising services.

5. Cookies

This platform uses only a technically necessary session cookie (ic_jwt) for authentication. No tracking cookies or third-party cookies are set.

6. Retention Periods

User account	Until deletion by the user
Subscriptions	Until deletion by the user
Articles in the digest index	7 days (automatic cleanup)
Server logs	At most 14 days

7. Your Rights

You have the following rights with respect to the data controller:

Access (Art. 15 GDPR) – information about stored data
Rectification (Art. 16 GDPR) – correction of inaccurate data
Erasure (Art. 17 GDPR) – deletion of your data
Restriction (Art. 18 GDPR) – restriction of processing
Objection (Art. 21 GDPR) – objecting to processing
Complaint – to the competent data protection supervisory authority

To exercise your rights, please contact the operator of this instance (contact details in the Legal Notice).

8. Technical Security

All transmission is exclusively over HTTPS (TLS). Passwords are never stored in plaintext. The infrastructure is self-hosted and not in a public cloud.

9. AI Processing

A locally operated language model (Ollama) is used for article analysis and summarisation. Article texts are not sent to external AI services unless the operator has configured an external provider (OpenAI, Google Gemini). The operator of this instance will inform you about this in the Legal Notice.

10. Changes to This Policy

This privacy policy may be updated as needed. The current version is always available on this page.