Skip to content
[a]/all-survive
MenüMENU

Privacy Policy

Legally binding version is the German one. This English text is a convenience translation; in case of doubt the German privacy policy prevails.

1. Controller

The controller within the meaning of the GDPR is the natural person reachable at the following address, who operates this website privately and without any intent to make a profit (community game servers):
Email: kontakt@all-survive.de

Name and summonable postal address are provided on request via the email address above — see also the legal notice.

2. General information on data processing

We generally process our users' personal data only to the extent necessary to provide a functional website along with our content and services. Processing regularly takes place only with the user's consent (Art. 6 (1) lit. a GDPR) or on the basis of legitimate interests (Art. 6 (1) lit. f GDPR).

3. Contact form & bot protection (Cloudflare Turnstile)

The contact form at /kontakt/ is protected against automated requests by Cloudflare Turnstile. In the process, technical data (IP address, browser properties, embedded JavaScript from Cloudflare, Inc.) is transmitted to Cloudflare in the USA. The legal basis is Art. 6 (1) lit. f GDPR (legitimate interest in spam protection). The data transfer to the USA takes place on the basis of the EU Standard Contractual Clauses and the EU-US Data Privacy Framework (Cloudflare is DPF-certified).

4. Form relay backend

Entries from the contact form are validated on the server and forwarded by email to kontakt@all-survive.de. We do not store the entries permanently in a database. Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in answering enquiries).

5. Discord widget

The home page optionally embeds a Discord widget. As soon as the widget loads, your browser calls the public endpoint URL discord.com/api/guilds/<id>/widget.json directly at Discord Inc. (servers in the USA). This technically necessarily transmits your IP address and browser headers. The member avatars shown are loaded directly from the Discord CDN (cdn.discordapp.com). No cookie and no tracker is set. Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in a simple visibility of the community). If you do not want this, you can visit the Discord server directly at discord.gg instead — opening the home page without clicking the Discord server does not trigger any Discord connection other than the widget itself.

6. Live server status

The server status cards (online/offline, player count) are generated in a CI cron job in the Forgejo backend via a Steam A2S query and delivered as static JSON. When you open the page, your browser does not connect directly to the game servers — only data from the static bundle is read.

7. Sveltia CMS / Forgejo OAuth (admin area)

The admin area (/admin/) is provided by the Sveltia CMS and is secured via OAuth against our own Forgejo instance (homelab). Only the username, email address and Forgejo user ID are processed in order to check access rights. Since Audit-v4 the Sveltia CMS itself is served from our own server (no external CDN).

8. External resources / CDNs

The website generally loads all assets from its own server. Only the JavaScript for Cloudflare Turnstile (see above) is loaded directly from challenges.cloudflare.com, and the Discord widget (see above) optionally calls discord.com + cdn.discordapp.com.

9. Server location & hosting

The website is operated primarily in our homelab in Germany. As a backup we use servers at netcup GmbH (Germany). A data transfer to third countries only takes place in the exceptional cases described above (Turnstile, Discord).

10. Storage period

11. Data-subject rights

Under Art. 15-21 GDPR you have the right to:

Please direct requests to kontakt@all-survive.de.

12. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement (Art. 77 GDPR). The competent authority is generally the data protection supervisory authority of the federal state of the controller — we will name the specific authority on request via the email address stated under "1. Controller".

13. Status of this privacy policy

Status: 2026-05-12