Privacy Policy

The controller responsible for data processing on this website is:

reHeritage GmbH
c/o Margherita Natalini, Schroederstrasse 4, 10115 Berlin, Germany
E-Mail: hello@unrsnbl.ai

reHeritage GmbH has no designated Data Protection Officer as it does not meet the thresholds requiring mandatory appointment under Art. 37 GDPR. Data protection queries can be directed to the controller at the address above.

2.1 Server and access logs

When you visit this website, our hosting provider (Vercel Inc.) automatically records access data in server logs: IP address, browser type and version, operating system, referrer URL, date and time of request, and the pages accessed. This data is technically necessary to deliver the website and to detect and prevent abuse. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and stable operation). Vercel retains these logs for a short period as per their data retention policy; we do not evaluate them unless a security incident requires investigation.

2.2 Account and authentication

When you sign in using a magic link (email-based) or Google OAuth, we store your email address, your name (if provided by Google), a profile image URL (if provided by Google), and a role flag indicating your access level. This data is necessary to identify you across sessions and provide access-controlled features. Legal basis: Art. 6(1)(b) GDPR (performance of a contract / service provision).

For Google OAuth, we request only the minimum scope: your email address and basic profile information. We do not access your Google contacts, Drive, or any other Google services.

2.3 Newsletter subscription

If you subscribe to our newsletter, we store your email address, the subscription date, and the source of the subscription (e.g. About page or resource download). We send a confirmation email after you submit your address. We recommend implementing double opt-in (confirmed by clicking a link in the confirmation email) and will do so in a future update. Legal basis: Art. 6(1)(a) GDPR (consent). You may withdraw your consent at any time by contacting hello@unrsnbl.ai. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

2.4 Resource downloads

To access gated downloadable resources, you must provide your email address. We use this to send you the download link and, with your consent, subscribe you to the newsletter. Legal basis: Art. 6(1)(a) GDPR (consent). You may withdraw at any time as described above.

2.5 Progress tracking

When you mark an episode as watched, we record which episodes you have completed, linked to your account. This data is used solely to display your personal progress across sessions. Legal basis: Art. 6(1)(b) GDPR (service provision at your request).

2.6 Episode votes

When you vote for an upcoming episode, we store your email address and your episode preference. If you opt in, we use this to send you a notification when that episode is published. Legal basis: Art. 6(1)(a) GDPR (consent). You may withdraw at any time as described above.

This website sets only strictly necessary cookies: a session cookie placed by our authentication system (NextAuth.js) that keeps you logged in. This cookie is a session cookie — it is deleted when you close your browser — or expires after 30 days if you remain logged in. It contains a cryptographically signed token with no sensitive personal data. No consent is required for strictly necessary cookies under GDPR and the ePrivacy Directive.

We do not use any analytics, advertising, or tracking cookies.

Embedded YouTube videos use the privacy-enhanced mode (youtube-nocookie.com). In this mode, YouTube states that it does not store personal data or set cookies until you actively play the video. Once you interact with a video, YouTube/Google may set cookies and process data as described in Google's Privacy Policy. This processing is subject to Google's own terms and falls outside our direct control.

We use the following data processors. Each is bound to us by a Data Processing Agreement (DPA) and, where data is transferred to the United States, such transfer is covered by the EU Standard Contractual Clauses (SCCs, Commission Decision 2021/914) and/or, where applicable, the EU-US Data Privacy Framework:

We do not sell personal data to third parties and do not share it with any party beyond those listed above.

We retain personal data only as long as necessary for the purposes described above or as required by law:

• Account data: retained while your account is active; deleted within 30 days of account deletion request
• Newsletter subscriptions: retained until you unsubscribe or request deletion
• Progress and vote data: retained as long as your account exists
• Server logs: short-term retention by Vercel per their policy; we do not separately retain these
• Session cookies: expire on browser close or after 30 days

You may request deletion of your data at any time (see Section 6).

You have the following rights regarding your personal data:

• Right of access (Art. 15): request a copy of the data we hold about you
• Right to rectification (Art. 16): request correction of inaccurate data
• Right to erasure (Art. 17): request deletion of your data ("right to be forgotten")
• Right to restriction (Art. 18): request that we limit processing of your data
• Right to data portability (Art. 20): receive your data in a structured, machine-readable format
• Right to object (Art. 21): object to processing based on legitimate interest (Art. 6(1)(f))
• Right to withdraw consent (Art. 7(3)): withdraw consent at any time without affecting prior processing

To exercise any of these rights, contact us at hello@unrsnbl.ai. We will respond within one month (Art. 12(3) GDPR).

You also have the right to lodge a complaint with a data protection supervisory authority. The competent authority for reHeritage GmbH is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219, 10969 Berlin
www.datenschutz-berlin.de

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR. No decisions with legal or similarly significant effects are made about you automatically.

We may update this policy when our data practices change. The "last updated" date at the top of this page reflects the most recent revision. For material changes affecting your rights, we will notify registered users by email.