Privacy Policy

As of: April 2026

1. Data Controller

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

__NAME__
__ANSCHRIFT_STRASSE__
__ANSCHRIFT_PLZ_ORT__
Germany

Contact: support@analyseboard.com, phone __TELEFON__. For further details, see the imprint.

2. General Information on Data Processing

We process personal data only to the extent necessary to provide the platform and its functions. The legal bases are in particular Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures — account functions) and Art. 6(1)(f) GDPR (legitimate interest in operating a functional Dota 2 analysis platform). For optional features (e.g. Discord integration) we rely on Art. 6(1)(a) GDPR (consent).

3. Hosting

Application hosting

The application runs in a containerised environment (Docker with PostgreSQL, Redis, Nginx, Mercure). The hosting provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. A data processing agreement (DPA) under Art. 28 GDPR is in place with the provider.

Mail hosting

Incoming and outgoing e-mail for the address support@analyseboard.com is processed by lima-city (Internet division) GmbH, Mannheim, Germany. A data processing agreement is in place here as well.

4. Server Logs

The application layer logs only technical error messages (JSON logs) for troubleshooting. No persistent storage of request IP addresses, user agents or individual page views takes place at the application level. At the web server level (Nginx) and at the hoster, temporary access logs may be created and are deleted after a short period — the details are governed by the hoster's privacy notices.

5. Cookies and Local Storage

We use only technically necessary cookies. Consent within the meaning of § 25 (1) TTDSG is therefore not required (§ 25 (2) no. 2 TTDSG).

  • Session cookie (Symfony, lifetime 7 days) — keeps you signed in between page views.
  • CSRF token cookie — protects forms against cross-site request forgery attacks.
  • localStorage "dt_lang" — stores the selected display language (DE/EN). Not personally identifiable.

No tracking, marketing or analytics cookies are used. There is no third-party tracking (Google Analytics, Matomo, Sentry or similar).

6. Registration and Account

An account is required to use the protected functions. During registration we process:

  • Username
  • E-mail address
  • Password (stored exclusively as a BCrypt hash, never in plain text)
  • Invite code (if used)
  • Registration timestamp

Legal basis: Art. 6(1)(b) GDPR (performance of a contract). Storage period: until the account is deleted. Account deletion can be requested informally at any time by e-mail to support@analyseboard.com. We delete the associated data manually within a reasonable period.

7. Optional Discord Integration

On request, an account can be linked to a Discord account ("Connect Discord" feature in settings). The Discord user ID (a numeric identifier) and the timestamp of the link are stored in our database. Linking enables bot features (e.g. slash commands, notifications). Legal basis: Art. 6(1)(a) GDPR (consent). Consent can be withdrawn at any time by removing the link in settings or by sending a request to support@analyseboard.com.

8. Optional Steam API Key

Users can store their own Steam Web API key in their profile to retrieve their own match data more quickly. The key is stored in our database and used exclusively for requests to the Steam Web API (see section 9). Legal basis: Art. 6(1)(a) GDPR (consent). The key can be removed from the profile at any time.

9. External Services and Third Countries

To deliver the platform's functions we retrieve data from the following external services. No external scripts, fonts or tracking pixels are embedded in the browser — all calls are made server-side by our application. End-user IP addresses are not transmitted.

OpenDota

Provider: OpenDota (USA).
Purpose: Retrieval of public match, player and league statistics from Dota 2.
Data transmitted: match IDs, account IDs, league IDs.
Legal basis: Art. 6(1)(f) GDPR.
Privacy policy: https://www.opendota.com/privacy

Stratz

Provider: Stratz LLC (USA).
Purpose: Retrieval of detailed match data (wards, runes, items, events) for display in match details.
Data transmitted: match IDs, team IDs, Steam account IDs in GraphQL queries.
Legal basis: Art. 6(1)(f) GDPR.
Privacy policy: https://stratz.com/privacy

Steam Web API (Valve)

Provider: Valve Corporation (USA).
Purpose: Retrieval of match histories for public Dota 2 leagues.
Data transmitted: league IDs, the Steam API key provided by the account holder.
Legal basis: Art. 6(1)(f) GDPR; for user-provided API keys additionally Art. 6(1)(a) GDPR.
Privacy policy: https://store.steampowered.com/privacy_agreement/

Discord

Provider: Discord Inc. (USA).
Purpose: OAuth account linking (optional) and receiving/sending bot interactions.
Data transmitted: Discord user ID, slash command arguments, response content (e.g. match embeds).
Legal basis: Art. 6(1)(a) GDPR (user's consent through active linking).
Privacy policy: https://discord.com/privacy

Twitch

Provider: Twitch Interactive, Inc. (USA).
Purpose: Display of ongoing Dota 2 streams (lookup by game ID).
Data transmitted: No end-user identifiers; only our app's own client credentials.
Legal basis: Art. 6(1)(f) GDPR.
Privacy policy: https://www.twitch.tv/p/legal/privacy-notice/

Liquipedia

Provider: Liquipedia / Wikimedia Foundation (USA).
Purpose: Retrieval of public tournament metadata (teams, brackets, schedules).
Data transmitted: No personal data; only public tournament titles.
Legal basis: Art. 6(1)(f) GDPR.
Privacy policy: https://liquipedia.net/commons/Liquipedia:Privacy_policy

10. Transfers to Third Countries

Where the providers listed in section 9 process data in the USA, we base the transfer primarily on the adequacy decision of the European Commission of 10 July 2023 regarding the EU-US Data Privacy Framework. For providers that are not actively certified under the Data Privacy Framework, the transfer is carried out on the basis of Art. 49(1)(f) GDPR or following a balancing of our legitimate interests (provision of platform functionality).

11. Storage Periods

  • Account data (username, e-mail, password hash, Discord user ID, Steam API key): until account deletion.
  • Match / league data cache (public Dota 2 data): rolling, generally until the next refresh by cron jobs or up to 30 days.
  • Session cookie: 7 days from last access.
  • CSRF token: only for the duration of the session.
  • Application server logs: error messages only, no personal evaluation.
  • Hoster and web server logs: in accordance with the privacy notices of the data processors.

12. Your Rights as a Data Subject

Under the GDPR you have the following rights:

  • Information about the data stored about you (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing (Art. 21 GDPR)
  • Withdrawal of consent with effect for the future (Art. 7(3) GDPR)

An informal message to support@analyseboard.com is sufficient to exercise these rights. Requests are handled manually.

13. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other legal remedy, you have the right to lodge a complaint with a data protection supervisory authority, in particular at the place of your habitual residence or at the registered office of the controller. Competent authority at the registered office of the controller:

__AUFSICHTSBEHOERDE__

14. Changes to this Privacy Policy

We will adjust this privacy policy whenever legal requirements or platform features change. The current version is always available at this URL. The "as of" date above indicates the time of the most recent change.