Privacy Policy | deslop.me

Controller

Data controller: tiu-webapplications. See Impressum for legal identity details and service contact information.

What Data We Process

User-entered text submitted through the input form.
Request metadata for security and reliability (for example timestamp, request ID, status code, and latency).
Pseudonymous usage records for /api/deslop (masked IP, one-way user ID derived from IP+salt, token usage, model cost fields, and masking severity ratio).
Server access/error logs (for example IP address, user agent, and request path) generated by infrastructure components.
Local storage entry for consent acknowledgement (deslop_consent_v1).

Purposes and Legal Bases

Service provision (process submitted text and return transformed output).
Security and abuse prevention (rate limiting, request integrity, incident handling).
Reliability and troubleshooting (error diagnosis and performance monitoring).

Legal basis for core service processing: Art. 6(1)(b) GDPR (performance of a contract / steps at the request of the user before entering into a contract). We process user-submitted text and the technical data necessary to transmit and return the request in order to provide the requested text simplification service.

Legal basis for security, abuse prevention, and service reliability: Art. 6(1)(f) GDPR (legitimate interests). We process limited technical metadata (such as IP address, timestamp, request metadata, response status, and error/rate-limit logs) where necessary to protect the service, prevent abuse, detect and mitigate attacks or misuse, enforce rate limits, and ensure availability and operational stability. This processing is not used for advertising or profiling, and data minimization is applied.

Usage tracking identifiers are pseudonymous: the application stores a masked IP representation and a one-way salted hash-based user ID for traceability across repeated requests. The original IP address is not stored in the application usage-tracking database.

Recipients and Processors

Hosting/provider infrastructure: Hetzner Germany.
OpenRouter (processor): openrouter.ai.
Model provider via OpenRouter: currently configured model is openai/gpt-oss-120b.

International Transfers

Processing may involve transfers outside the EU/EEA (for example to the United States) depending on infrastructure and model providers. Transfers are based on applicable safeguards, including Standard Contractual Clauses (SCCs) where required and adequacy decisions where available.

Retention

Request metadata retention: 30 days.
Usage tracking retention (SQLite): 30 days.
Error log retention: 30 days.
User text storage on this service: not stored persistently by default, except transient in-memory processing and any processor-side handling.

Your Rights

You may request access, correction, deletion, restriction, and objection, and you may lodge a complaint with a supervisory authority. Contact: timo@tiu-webapplications.de.

Security and Cookies/Storage

Transport encryption (TLS) is expected for production deployment.
Access controls and abuse protections include input limits and rate limiting.
No analytics, marketing pixels, or session replay scripts are intentionally used.
Local storage is used only to remember consent acknowledgement state.