GDPR Compliance & German BDSG
This document outlines the technical and organizational measures Anki Addons employs to abide by the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
2. Personal Data Collection
| Category | Data Points | Purpose |
|---|---|---|
| Identity | Name, Email | Account management, notifications, authorship. |
| Technical | IP Address (masked), User Agent | Security logs, rate limiting, analytics. |
| Profile | Bio, Social Links, Website | Optional user-provided community information. |
| Interaction | Comments, Ratings, Addon Uploads | Platform content and community feedback. |
1. Compliance Principles
We adhere to the core principles of GDPR (Art. 5):
Lawfulness, Fairness, and Transparency
Data is processed legally and users are informed.
Purpose Limitation
Data is only collected for specified, legitimate purposes (addon hosting, community interaction).
Data Minimization
We only collect the minimum PII required for platform functionality.
Accuracy
Users can update their profile at any time.
Storage Limitation
Data is kept only as long as necessary.
Integrity and Confidentiality
Data is secured via encryption and access controls.
3. Implementation of User Rights
3.1 Right of Access & Data Portability (Art. 15 & 20)
Users can download a complete export of their personal data in a machine-readable JSON format via their User Settings (Planned feature). This data includes profile information, active sessions, and contribution history.
3.2 Right to Rectification (Art. 16)
Users can update their profile information at any time. To ensure this right is fully implemented across the database, we use a Cascading Update mechanism. When a user changes their name, the update is automatically propagated to cached display names in comments and addon records.
3.3 Right to Erasure / "Right to be Forgotten" (Art. 17)
When a user deletes their account, we perform Anonymization instead of a hard database delete. This respects the user's right to have their PII removed while maintaining the integrity of the platform (e.g., keeping addons and comments reachable but unlinked from the real identity).
4. Technical Measures
IP Anonymization
All activity logs store masked IPs (e.g., 192.168.1.xxx) to prevent identification while allowing security analysis.
Storage Limitation
Activity logs are automatically purged after 90 days. Admin logs are retained for one year per BDSG § 76, then deleted.
Encryption
All data is encrypted in transit via TLS 1.2+ and stored securely with strict access controls.
Password Security
Passwords are hashed using bcrypt with a high cost factor (12).
This technical documentation is part of our commitment to transparency under EU Regulation 2016/679 (GDPR). It describes the technical and organizational measures (TOMs) implemented by Anki Addons.