Legal
The controller responsible for data processing on this website within the meaning of the GDPR is:
Felix Witte
Erbhof 9
44791 Bochum, Germany
Email: info@goraadv.com
No Data Protection Officer is required for this operation (fewer than 20 people regularly involved in processing; no systematic large-scale or special-category data processing).
We only process data that is technically necessary to provide the service or that you actively provide to us.
When you visit GoraAdv, our hosting provider (Hetzner) automatically logs standard web server data:
Legal basis: Art. 6(1)(f) GDPR — legitimate interest in maintaining server security and diagnosing technical errors.
Retention: 7 days, then automatically purged.
You may object to this processing under Art. 21 GDPR; however, doing so would make it impossible to serve the website to you.
If you create an account, we store:
Legal basis: Art. 6(1)(b) GDPR — necessary to perform the contract (providing the account-based features you signed up for).
Retention: Until you delete your account. You can request deletion at any time via info@goraadv.com.
If you save a route, we store:
Legal basis: Art. 6(1)(b) GDPR — necessary to provide the "save routes" feature you explicitly used.
Retention: Until you delete the route or your account.
We use your browser's localStorage — not cookies — for two purposes:
| Item stored | Purpose | Legal basis |
|---|---|---|
| JWT authentication token | Keeps you logged in between page loads | TDDDG §25(2) No. 2 — strictly necessary to provide the authentication service you requested |
| "Alpha notice seen" flag | Prevents the one-time welcome notice from reappearing | TDDDG §25(2) No. 2 — strictly necessary for the intended usability of the service |
No tracking cookies, no advertising cookies, no analytics cookies are used. You can clear localStorage at any time via your browser settings — this will log you out.
If you subscribe to country launch notifications or the GoraAdv newsletter (via the countries page, the registration form opt-in checkbox, or any other sign-up form), we store:
Legal basis: Art. 6(1)(a) GDPR — your explicit consent via the opt-in checkbox or sign-up form.
Retention: Until you unsubscribe. Every email we send contains an unsubscribe link. You can also email info@goraadv.com to be removed at any time, and we will action it within 5 business days.
When you purchase a PRO subscription, the payment transaction is handled by Lemon Squeezy (see Section 3.4). We receive from Lemon Squeezy only the information necessary to activate and manage your subscription status:
Legal basis: Art. 6(1)(b) GDPR — necessary to perform the contract (activating and maintaining your PRO access).
Retention: For the duration of your subscription plus the statutory retention period required by German tax law (§147 AO / §257 HGB) of up to 10 years for billing records. This retention obligation applies to transaction data and cannot be shortened by a deletion request.
Our server is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Hetzner processes server log data on our behalf as a data processor under Art. 28 GDPR. A Data Processing Agreement (DPA) is in place. All data remains within the EU. Hetzner's privacy policy: hetzner.com/legal/privacy-policy
Map tiles are served by the OpenStreetMap Foundation (OSMF) tile CDN. When the map loads, your IP address is transmitted to OSMF servers to fetch map images. Route calculations also use Nominatim (OSMF's geocoding service), which receives search queries and coordinates you enter in the planner. OSMF is based in the UK (adequacy decision applies). OSMF privacy policy: osmfoundation.org/wiki/Privacy_Policy
The "Support GoraAdv" button is a plain external link to ko-fi.com. No Ko-fi scripts or trackers are loaded on GoraAdv. When you click the link and visit Ko-fi, their own privacy policy applies: more.ko-fi.com/privacy
PRO subscription payments are processed by Lemon Squeezy (a Stripe company), who acts as the Merchant of Record. When you purchase a subscription, you enter payment data (card details, billing address) directly in the Lemon Squeezy checkout. GoraAdv never receives or stores your payment card data.
For the payment transaction, Lemon Squeezy acts as an independent data controller — the payment data is collected and processed by Lemon Squeezy under their own privacy policy, not by GoraAdv. Lemon Squeezy is a US-based entity; international data transfers are covered by Standard Contractual Clauses (SCCs) under GDPR Art. 46.
Lemon Squeezy privacy policy: lemonsqueezy.com/privacy
Lemon Squeezy buyer terms: lemonsqueezy.com/buyer-terms
We have executed a Data Processing Agreement (DPA) with Lemon Squeezy for any personal data we share with them via API (such as your email address for subscription management).
Under the GDPR you have the following rights regarding your personal data:
To exercise any of these rights, email info@goraadv.com. We will respond within 30 days.
You have the right to lodge a complaint with the data protection supervisory authority responsible for your place of residence, or with the authority responsible for us:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Kavalleriestraße 2–4, 40213 Düsseldorf
ldi.nrw.de
A list of all German supervisory authorities is available at bfdi.bund.de.
We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.
This website is served exclusively over HTTPS (TLS encryption). Passwords are stored as bcrypt hashes. We do not transmit or store payment card data — payment processing is handled entirely by Lemon Squeezy (a Stripe company) under their own security controls and PCI compliance.
We may update this privacy policy when we add new features or third-party services. The date at the top of this page reflects the last update. Significant changes will be noted in the app.