Privacy Policy

Last updated: December 2025

Introduction

The protection of your personal data is important to us. This privacy policy informs you in accordance with Art. 13 and 14 GDPR about the processing of your data on our platform.

Controller (Art. 4 para. 7 GDPR)

HEADON Kreativagentur Onur Cirakoglu Am Vogelsberg 8 97922 Lauda-Königshofen Germany Email: hallo@headon.pro

Legal Basis for Processing

We process your data based on the following legal grounds:

Art. 6 para. 1 lit. a GDPR: Consent (e.g., research data, newsletter)
Art. 6 para. 1 lit. b GDPR: Performance of contract (e.g., user account, forum)
Art. 6 para. 1 lit. f GDPR: Legitimate interest (e.g., security, website operation)

User Account and Registration

During registration, we process the following data:

Email address (for authentication and communication)
Username (publicly visible in the forum)
Password (stored encrypted)
Profile information (optional: display name, biography, avatar)

Legal basis: Art. 6 para. 1 lit. b GDPR (performance of contract)

Retention period: Until deletion of your account

Forum and Community

When using our forum, we process:

Your posts, comments, and threads
Upvotes, bookmarks, and helpful markings
Direct messages to other users
Group memberships and posts
Experience stories (optionally anonymous)

Legal basis: Art. 6 para. 1 lit. b GDPR (performance of contract)

Retention period: Until deletion of the post or account

Moderation: To ensure respectful interaction, content is moderated. Violations may result in warnings or bans.

Aphantasia Tests

Anonymous Use

Our tests (VVIQ, PSIQ, Binocular Rivalry) can be used completely anonymously. When used anonymously, results are only stored locally in your browser.

Use with Account

When logged in, test results can optionally be linked to your account to save your test history.

Research Data (optional)

With your explicit consent, anonymized test results can be used for scientific research purposes.

I agree that my anonymized test results may be used for scientific research.

Participation is voluntary and can be refused at any time.

Note: After anonymization, no association with your person is possible, and therefore no subsequent deletion of individual data records.

Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

Technical Data Collection

Cookies

We only use technically necessary cookies for authentication, language selection, and theme settings. These cookies are required for the website to function.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

Local Storage

We use your browser's LocalStorage for test results and settings. This data remains on your device and is not transmitted to us.

Server Log Files

With each access, the following is automatically collected: IP address (anonymized after 7 days), browser type, operating system, referrer URL, access time.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in security and operation)

Retention period: 30 days

Data Processors

We use the following service providers who process data on our behalf. All data remains within the EU:

Supabase (EU – Frankfurt)

For database, authentication, and file storage, we use Supabase. We have concluded a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR. Data processing takes place exclusively on servers in Frankfurt am Main (Germany). No data transfer to third countries occurs.

https://supabase.com/privacy

Hetzner Online GmbH (Germany)

Our website is hosted on our own server at Hetzner Online GmbH, located in Nuremberg (Germany). Hetzner is a German hosting provider with data centers in Germany and Finland. We have concluded a Data Processing Agreement (DPA). No data transfer to third countries occurs.

https://www.hetzner.com/legal/privacy-policy

Fonts

We use self-hosted fonts. There is no connection to external services like Google Fonts.

Web Analytics (Umami – Self-Hosted)

We use Umami, a privacy-friendly open-source analytics software that we self-host on our servers in Germany. Umami is fully cookieless – no cookies are set and no consent is required. IP addresses are not stored. There is no data transfer to third parties or third countries.

Data collected (aggregated and anonymous):

Page views and time on page
Referrer URL (where you came from)
Device type and browser (anonymized)
Approximate location (country only, no IP storage)

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in improving our service). Since no personal data is processed and no cookies are set, no consent under TTDSG/ePrivacy is required.

Retention Periods

We only store your data for as long as necessary for the respective purposes:

Account data: Until account deletion
Forum posts: Until deletion by you or moderation
Server logs: 30 days
Anonymized research data: Indefinitely (no personal reference)

Your Rights

You have the following rights regarding your personal data:

Right of access (Art. 15 GDPR): You can request information about your stored data.
Right to rectification (Art. 16 GDPR): You can request correction of inaccurate data.
Right to erasure (Art. 17 GDPR): You can request deletion of your data.
Right to restriction (Art. 18 GDPR): You can request restriction of processing.
Right to data portability (Art. 20 GDPR): You can receive your data in a common format.
Right to object (Art. 21 GDPR): You can object to processing.
Right to withdraw consent (Art. 7 para. 3 GDPR): You can withdraw any given consent at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg Lautenschlagerstraße 20 70173 Stuttgart, Germany Phone: +49 711/615541-0 Email: poststelle@lfdi.bwl.de Website: https://www.baden-wuerttemberg.datenschutz.de

Data Security

We implement technical and organizational measures to protect your data:

HTTPS encryption for all data transfers
Encrypted password storage
Row Level Security (RLS) in the database
Regular security updates

Changes to This Privacy Policy

We reserve the right to adapt this privacy policy to comply with changed legal requirements or changes to our services. The current version can always be found on this page.

Privacy Contact

For questions about data protection, contact us at: hallo@headon.pro

Lädt...