Privacy Policy

Version 2 · Stand: May 21, 2026

1. Controller

oi.gg
Bitte im Admin-Panel pflegen
Email: kontakt@oi.gg

2. Data Protection Officer

If a DPO is appointed, contact details: . Otherwise please contact the controller above.

3. General

We process personal data only in line with GDPR and TDDDG. Personal data are all information relating to an identified or identifiable natural person (Art. 4 No. 1 GDPR).

4. Server logs

When the website is accessed, the following are stored in a log file: browser type and version, operating system, referrer URL, hostname, request time, IP address (truncated/anonymised after 7 days at the latest).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in stable, secure operation).
Retention: 7 days, then deletion or anonymised aggregation.

5. Registration and account

On registration we collect: first and last name, nickname (public only on opt-in), email address, password (Argon2 hash only), locale, timestamp.

Purpose: service provision, account recovery, security.
Legal basis: Art. 6(1)(b) GDPR (performance of contract).
Retention: until deletion of the account, then 30 days for recovery, afterwards deletion – except for statutory retention (typically 6/10 years, § 257 HGB, § 147 AO).

6. Short-link creation and click tracking

When creating a short link we store the destination URL, a timestamp and – if provided – a title. When the short link is invoked we log a click event with timestamp, truncated IP (pseudonymised), referrer and user-agent.

Purpose: delivering the redirect, fraud detection, aggregated statistics.
Legal basis: Art. 6(1)(b) and (f) GDPR.
Retention: raw data 30 days, afterwards aggregated analysis without personal reference.

7. Cookies and similar technologies

We use the following cookies / local storage items:

  • Session cookie (login) – essential, session duration, § 25(2) TDDDG.
  • CSRF token – essential, session duration, § 25(2) TDDDG.
  • Locale – essential, 12 months, § 25(2) TDDDG.
  • Consent decision (__oigg_consent) – essential, 12 months, § 25(2) TDDDG.
  • Analytics (pseudonymous) – up to 6 months, § 25(1) TDDDG + Art. 6(1)(a) GDPR (consent).

You can withdraw or change consent for non-essential cookies at any time via the footer link "Cookie settings".

8. Email (transactional and newsletter)

Transactional emails are sent based on Art. 6(1)(b) GDPR. Newsletters use a double opt-in (Art. 6(1)(a) GDPR); consent can be withdrawn at any time via the unsubscribe link.

9. Recipients / processors

  • Hosting: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Deutschland – data processing agreement under Art. 28 GDPR in place.
  • Email delivery: SMTP provider (configured under Admin mailer settings).
  • No data are shared with third parties without a legal basis.

10. Transfers to third countries

Transfers outside the EEA only take place if an adequate level of protection is ensured under Art. 44 et seqq. GDPR (adequacy decision, SCCs, BCRs).

11. Retention

We retain personal data only as long as necessary for the respective purpose or required by statutory retention obligations.

12. Your rights

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21) and to withdraw consent (Art. 7(3) GDPR). Please contact kontakt@oi.gg.

13. Right to lodge a complaint

You may lodge a complaint with a supervisory authority (Art. 77 GDPR). Competent authority: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstraße 219, 10969 Berlin.

14. Obligation to provide

Providing the mandatory data (e.g. email, password) is required to conclude the contract. Without these, the service cannot be used.

15. Automated decision-making

No automated decision-making within the meaning of Art. 22 GDPR takes place.

16. Changes

We adapt this policy when the legal situation or our service changes. The current version is available at https://oi.gg/legal/privacy.

6a. Automatic preview images and snapshot

If you publish a short link on oi.gg without your own preview image, we automatically generate a preview for the live showcase in the following order:

  1. og:image / twitter:image: Our backend fetches the destination page you have linked once every 7 days via HTTPS GET (user agent oi.gg-PreviewBot/1.0) and only reads the publicly available meta tags. No personal data of the end user (IP, cookies, referer) is transmitted to the destination site.
  2. Auto snapshot: If no meta tags can be obtained (e.g. single-page apps, CSS-background heroes), our backend generates a server-side 1200 × 675 pixel JPEG miniature snapshot of the entry view of the page. Rendering takes place in an isolated headless Chromium on our servers in Falkenstein, Germany (Hetzner); no external screenshot service is involved. Tracking pixels and analytics calls of the destination page are actively blocked during the render.
  3. If even that does not yield a usable preview, the showcase displays the slug placeholder with the initials.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a meaningful display of publicly linked content).
Storage: exclusively on our servers in the EEA (Germany). Snapshots are cached for 7 days and re-rendered on demand.
Opt-out: You can enable the checkbox “Do not pull an automatic preview from the destination page” per short link in the edit dialog. This setting disables both the meta-tag fetch and the snapshot path; stored snapshots are then deleted from the server immediately. Manually uploaded images are unaffected.

Effective: May 21, 2026 · Version 2