Privacy Policy

Privacy Policy

Last updated: September 12, 2025

1. Introduction and Data Controller

The protection of your personal data is important to us. This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter "data" on our website PokeRaffle Live.

Data Controller:
pokeraffle - William Fischer
c/o Online-Impressum.de #4145
Europaring 90
53757 Sankt Augustin
Germany
Email: info@pokeraffle.app

Secondary Contact Option

2. Collection and Processing of Personal Data

a) Automatically Collected Data (Server Log Files)

When you visit our website, your browser automatically transmits information that is stored in server log files. This includes:

  • IP address (in anonymized form)
  • Date and time of the request
  • Browser and operating system used
  • Referrer URL (the previously visited page)
  • Pages accessed on our website

b) Registered Users (User Account)

If you register on our website, we collect and process the following data:

  • Email address
  • Password (stored in encrypted form)
  • Login timestamps
  • Portfolio data created by you (e.g., raffle entries, investments)
  • Usage analytics and event tracking within your account

c) Sign-in via Google (Google OAuth)

We offer you the option to sign in with your Google account. If you use this feature, you will be redirected to Google, where you authorize the transfer of the following data from your Google profile to us: email address, name, and profile picture. We use this data solely to create and manage your user account. The legal basis for this is the performance of a contract pursuant to Art. 6(1)(b) GDPR. For more information, please see Google's Privacy Policy.

d) Reddit Data

We collect and display publicly available data from the subreddit r/PokemonRaffles. This includes the content of posts and the usernames of the post authors, which are considered pseudonymous personal data. The processing of this public data is based on our legitimate interest (Art. 6(1)(f) GDPR) to provide our informational service.

3. Cookies, Tracking Technologies, and Your Consent

a) Google AdSense

This website uses Google AdSense to display advertisements. Google AdSense uses cookies to enable user-based and personalized advertising. This involves transferring data to Google servers, possibly in the USA. This processing is based solely on your explicit consent (Art. 6(1)(a) GDPR), which you provide via our cookie consent banner. For more information, please see Google's Privacy Policy.

b) Vercel Analytics

We use Vercel Analytics to analyze website usage. This service is designed to be privacy-friendly and does not use cookies. It collects aggregated and anonymized data to optimize the performance of our website. The legal basis for this is our legitimate interest (Art. 6(1)(f) GDPR).

c) Supabase (Authentication & Database)

We use Supabase for user authentication and the secure storage of your data. For the technical implementation of the login functionality, Supabase uses essential cookies or local storage. These are necessary for the provision of the service (Art. 6(1)(b) GDPR).

d) Local Storage

We use your browser's local storage (localStorage) to save your settings, such as notification preferences.

e) Browser Notifications

With your explicit consent (Art. 6(1)(a) GDPR), we may send you push notifications. You can revoke this consent at any time in your browser settings.

4. Purpose of Data Processing

  • Provision, optimization, and security of our services
  • Display of personalized advertising (with your consent)
  • Sending notifications (with your consent)
  • Analysis of website usage to improve our offerings
  • Fulfillment of contractual obligations to registered users

5. Legal Basis for Data Processing

  • Art. 6(1)(a) GDPR: Your consent (for advertising cookies and notifications).
  • Art. 6(1)(b) GDPR: For the performance of a contract (providing features for registered users).
  • Art. 6(1)(f) GDPR: Our legitimate interest (ensuring website security, anonymized usage analysis).

6. Data Sharing

Your data is only shared with third parties if required by law or based on one of the legal grounds mentioned above. Recipients of your data may include:

  • Google (Ireland / USA): In the context of AdSense (with consent) and Google OAuth (when used).
  • Vercel (USA): As the technical hosting provider for our website.
  • Supabase (EU): As the provider of our database and authentication infrastructure.

7. Data Retention

  • Server Log Files: Deleted or anonymized after 30 days at the latest.
  • User Account Data: Stored as long as your account is active. Upon account deletion, your data will be permanently deleted within 30 days.
  • Portfolio Data: Linked to your account and removed upon account deletion.

8. International Data Transfers

Your data is primarily processed on servers within the European Union. When using services such as Google or Vercel, data may be transferred to the USA. These transfers are safeguarded by appropriate guarantees, such as the EU Adequacy Decision for the EU-U.S. Data Privacy Framework.

9. Your Rights as a Data Subject

You have the right to access, rectification, erasure, restriction of processing, objection to processing, and the right to data portability. To exercise these rights, please contact us. You also have the right to lodge a complaint with a data protection supervisory authority.

10. Contact for Data Protection Inquiries

For questions about data protection or to exercise your rights, you can contact us:
William Fischer
Email: info@pokeraffle.app
(See imprint for further contact details)

11. Changes to This Privacy Policy

We reserve the right to adapt this privacy policy to reflect changes in legal requirements or changes to our service and data processing.