Privacy Policy
Legally binding version is the German one. This English text is a convenience translation; in case of doubt the German privacy policy prevails.
1. Controller
The controller within the meaning of the GDPR is the natural person
reachable at the following address, who operates this website privately
and without any intent to make a profit (community game servers):
Email: kontakt@all-survive.de
Name and summonable postal address are provided on request via the email address above — see also the legal notice.
2. General information on data processing
We generally process our users' personal data only to the extent necessary to provide a functional website along with our content and services. Processing regularly takes place only with the user's consent (Art. 6 (1) lit. a GDPR) or on the basis of legitimate interests (Art. 6 (1) lit. f GDPR).
3. Contact form & bot protection (Cloudflare Turnstile)
The contact form at /kontakt/ is protected against automated
requests by Cloudflare Turnstile. In the process,
technical data (IP address, browser properties, embedded JavaScript from
Cloudflare, Inc.) is transmitted to Cloudflare in the USA. The legal basis
is Art. 6 (1) lit. f GDPR (legitimate interest in spam protection). The
data transfer to the USA takes place on the basis of the EU Standard
Contractual Clauses and the EU-US Data Privacy Framework (Cloudflare is
DPF-certified).
4. Form relay backend
Entries from the contact form are validated on the server and forwarded by email to kontakt@all-survive.de. We do not store the entries permanently in a database. Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in answering enquiries).
5. Discord widget
The home page optionally embeds a Discord widget. As soon
as the widget loads, your browser calls the public endpoint URL
discord.com/api/guilds/<id>/widget.json directly at
Discord Inc. (servers in the USA). This technically necessarily transmits
your IP address and browser headers. The member avatars shown are loaded
directly from the Discord CDN (cdn.discordapp.com). No cookie
and no tracker is set. Legal basis: Art. 6 (1) lit. f GDPR (legitimate
interest in a simple visibility of the community). If you do not want this,
you can visit the Discord server directly at discord.gg
instead — opening the home page without clicking the Discord server does
not trigger any Discord connection other than the widget itself.
6. Live server status
The server status cards (online/offline, player count) are generated in a CI cron job in the Forgejo backend via a Steam A2S query and delivered as static JSON. When you open the page, your browser does not connect directly to the game servers — only data from the static bundle is read.
7. Sveltia CMS / Forgejo OAuth (admin area)
The admin area (/admin/) is provided by the Sveltia
CMS and is secured via OAuth against our own Forgejo
instance (homelab). Only the username, email address and Forgejo
user ID are processed in order to check access rights. Since Audit-v4 the
Sveltia CMS itself is served from our own server (no external CDN).
8. External resources / CDNs
The website generally loads all assets from its own server. Only the
JavaScript for Cloudflare Turnstile (see above) is loaded
directly from challenges.cloudflare.com, and the
Discord widget (see above) optionally calls
discord.com + cdn.discordapp.com.
9. Server location & hosting
The website is operated primarily in our homelab in Germany. As a backup we use servers at netcup GmbH (Germany). A data transfer to third countries only takes place in the exceptional cases described above (Turnstile, Discord).
10. Storage period
- Contact enquiries: until the matter is dealt with, then erasure.
- Server logs (HTTP access logs, errors): 14 days, then automatic rotation.
11. Data-subject rights
Under Art. 15-21 GDPR you have the right to:
- Access to the processed data (Art. 15)
- Rectification of inaccurate data (Art. 16)
- Erasure (Art. 17, "right to be forgotten")
- Restriction of processing (Art. 18)
- Data portability (Art. 20)
- Objection to processing (Art. 21)
Please direct requests to kontakt@all-survive.de.
12. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement (Art. 77 GDPR). The competent authority is generally the data protection supervisory authority of the federal state of the controller — we will name the specific authority on request via the email address stated under "1. Controller".
13. Status of this privacy policy
Status: 2026-05-12