FRITKOT.ONLINE
FR NL EN
Privacy Terms Legal contact Deletion/export

Last updated: 2 July 2026

Privacy Policy

This policy explains which personal data FritKot.Online processes, why, for how long and how you can exercise your rights.

Controller and contact

  • Publisher: FritKot.Online, Belgium. Full administrative details of the operating entity (legal form, postal address, company/VAT number if applicable) will be added before commercial operation or paid processing.
  • Privacy contact: privacy@fritkot.online. Legal contact: legal@fritkot.online. Security reports: security@fritkot.online.

Data we process

  • Account data: nickname, email, phone number, language, GDPR consent and creation date.
  • Verification data: hashed OTP code, expiry, attempt counter and sent date. The code itself is not stored in readable form.
  • Contributions: ratings, criteria, optional comment, date and associated nickname.
  • Technical security data: session ID, rate-limit counters, hashed IP and user-agent in security logs.

Purposes and legal bases

  • Access management and email verification by OTP: performance of the requested service.
  • Securing votes and comments, limiting abuse and preventing fraud: legitimate interest.
  • Displaying public comments and scores: performance of the service and user contribution.
  • Handling GDPR requests and legal obligations: legal obligation.
  • No marketing without separate consent.

Retention

  • OTP code: valid for 10 minutes; OTP hash and metadata are cleared after expiry and at the latest within 24 hours. Any OTP test log is kept for a maximum of 24 hours.
  • Rate-limit files: kept until the end of the security window plus a maximum of 1 hour.
  • Sessions and necessary session files: maximum 30 days.
  • Technical logs: Nginx access logs 30 days; Nginx error logs, uptime and operational logs 90 days; security events and incident alerts 180 days. Incident extracts may be kept under restricted access for up to 12 months when needed for security or legal evidence.
  • Unverified accounts are deleted after 30 days. Verified accounts unused for 24 months are deleted/anonymised: email, phone and account identifiers are removed; public contributions are detached or anonymised; aggregate scores may remain anonymously.
  • Valid deletion or export requests are normally handled within 1 month unless the GDPR allows a reasoned extension.

Recipients and processors

  • Hosting: Hetzner server infrastructure.
  • Email: local mail server or Brevo SMTP if configured.
  • Map: OpenStreetMap tiles are loaded by your browser to display the map.
  • We do not sell personal data.

Cookies and local storage

  • Necessary cookies: session and language preference.
  • Local storage: PWA/splash/install status, without marketing tracking.
  • There are currently no advertising or marketing tracking cookies.

Your rights

  • You may request access, correction, erasure, restriction, portability and objection via privacy@fritkot.online.
  • You may complain to the Belgian Data Protection Authority: https://www.dataprotectionauthority.be.
Back to app privacy@fritkot.online