Privacy statement

How we handle your data

Anonymous by design

There are no accounts and no passwords. Participants join anonymously and automatically receive a neutral pseudonym (for example Amber or Sapphire). No name is requested or stored.

Encrypted content

Item names are encrypted in your browser before they reach the server. The server and the administrator only see unreadable text. The key travels in the share link and never reaches the server. Only those with the share link can read the content, so share that link through a trusted channel. The session name itself is an automatically generated, non-sensitive label (date and session code) and contains no substantive data.

Automatic deletion

When the facilitator closes the session, all data (items, scores and participants) is deleted permanently right away. If that does not happen, it is automatically deleted within 5 days anyway. If you want to keep the results, export them before you close the session.

Where the data lives

The data lives on our own server in a data center within the European Union. The database runs in-house; no external database service is involved. Traffic between your browser and the server goes over HTTPS.

What we don't keep

We do not store raw IP addresses. Solely to limit abuse, we briefly keep an irreversible, encrypted derivative of the IP that cannot be traced to a person and is deleted automatically. For usage statistics we use cookieless, self-hosted analytics; no data goes to a third party.

Feedback

With feedback you can optionally leave a free-text comment. Do not enter personal data there. Feedback is deleted automatically after 30 days.