Privacy Policy

Last updated: 2026-05-04

This Privacy Policy explains what data cine.tours collects when you visit the site or use the editor, why we collect it, who we share it with, and your rights under the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

Short version: we collect the minimum needed to run the service — your email and password to give you an account, your GPS files only when you choose to render them, your payment details via Stripe when you buy credits, and your IP address briefly for security and rate limiting. We do not sell your data. GPS files are parsed locally in your browser and only sent to our servers when you submit a render job.

1. Who is responsible for your data

The data controller is:

[Operator legal name]
[Operator postal address]
Email: [email protected]

We have not appointed a Data Protection Officer because we are not required to under Article 37 GDPR. For all data-protection enquiries, write to the email above.

2. What we collect, why, and on what legal basis

Data	Purpose	Legal basis (GDPR Art. 6)
Email address, password (hashed with bcrypt), display name	Create and authenticate your account; send transactional emails (password reset, render-complete notifications)	Performance of a contract (Art. 6(1)(b))
GPS track files (GPX, FIT, KML, TCX, IGC, NMEA, CSV)	Parsed locally in your browser — never uploaded for import. Only the resulting project (track points, settings, marker positions) is sent to our servers when you save a project or submit a render job.	Performance of a contract (Art. 6(1)(b))
Project data (saved scenes, camera keyframes, marker positions, render settings)	Persist your work so you can return to it; submit it to the render worker	Performance of a contract (Art. 6(1)(b))
Render outputs (your finished MP4 / WebM files)	Deliver the output you paid for; let you re-download it later	Performance of a contract (Art. 6(1)(b))
Payment data (card details, billing address, country)	Collected and stored by Stripe. We only see Stripe's customer ID, last 4 digits of your card, and the status of each transaction.	Performance of a contract (Art. 6(1)(b)); legal obligation for tax records (Art. 6(1)(c))
IP address, request timestamps, user-agent	Rate limiting, abuse prevention, security monitoring, debugging	Legitimate interest in service security (Art. 6(1)(f))
Analytics (page views, referrer, approximate location, device class)	Understand which features are used and how visitors find the site	Consent (Art. 6(1)(a)) — collected only after you accept the cookie banner
Support correspondence (email content if you write to us)	Reply to your enquiry	Legitimate interest in customer support (Art. 6(1)(f))

3. Cookies and similar technologies

Strictly necessary

We use a small number of cookies and browser-storage items that are essential to the service. These do not require consent under the ePrivacy Directive:

localStorage: authToken — your login session token (JWT).
localStorage: project state — your unsaved work, kept locally so you don't lose it on refresh.
Stripe Checkout cookies — set by Stripe during the payment flow to prevent fraud and complete payment.

Analytics (consent required)

If you accept analytics, we set Google Analytics 4 cookies (_ga, _ga_*) to measure aggregate site usage. These expire after 13 months. You can decline at any time and we will not set them, or, if already set, you can delete them in your browser. If you decline, parts of the site will still work normally — only the analytics report will be missing your visit.

Cloudflare

Cloudflare sits in front of cine.tours and may set the cookie __cf_bm for bot detection. This cookie is classed as strictly necessary under EDPB guidance because it protects the service from automated abuse, and does not track users across sites.

4. Who we share data with (subprocessors)

We use a small number of third-party providers to run the service. Each is bound by a data-processing agreement (or equivalent terms) and only processes data on our instructions.

Provider	Purpose	Location
Hetzner Online GmbH	VPS hosting (frontend, API, database, object storage)	Germany (EU)
Cloudflare, Inc.	Content delivery network, DDoS protection, edge rate limiting, TLS termination	USA (EU Data Privacy Framework certified)
Stripe Payments Europe, Ltd.	Payment processing for credit purchases	Ireland (EU); some data routed to Stripe, Inc. in the USA under SCCs
Google LLC (Google Analytics 4)	Aggregate web analytics — only when you have given consent	USA (EU Data Privacy Framework certified)
[SMTP email provider — e.g. Postmark / Brevo / Mailgun]	Sending password-reset and transactional emails	[location]
Render worker (self-hosted)	GPU-accelerated video rendering of submitted projects	Germany (EU); reachable only via private Tailscale network
Map and tile providers (Protomaps, EOX, OpenFreeMap, CARTO, MapLibre, others)	Background map tiles, satellite imagery, terrain data — proxied through our servers, so your IP is not exposed to these providers	EU and USA
Open-Meteo	Historical weather data for the geographic area of your render — accessed server-side, with coordinates rounded to ~1 km	Germany (EU)

We do not use advertising networks, share data with data brokers, or sell personal data under any definition (CCPA included).

5. International data transfers

Most processing happens inside the EU. Where personal data is transferred outside the EU/EEA (Cloudflare, Google Analytics, parts of Stripe), the recipient is either certified under the EU–US Data Privacy Framework or covered by Standard Contractual Clauses (SCCs) approved by the European Commission, together with appropriate supplementary measures (TLS in transit, access controls, minimisation).

6. How long we keep data

Account data (email, password, name): until you delete your account, or after 24 months of inactivity (we will email you first).
Saved projects: until you delete them or your account.
Render outputs: stored for 24 hours after each render completes, then automatically deleted from our object storage. Re-render at any time from your saved project.
Payment records: 10 years (German tax law, §147 AO) — held by Stripe and in our billing ledger.
Server access logs (IP, timestamp, path): rolled up to aggregate counters within 14 days; raw logs deleted within 30 days.
Rate-limit counters (IP-keyed): held in Redis for the duration of the limit window (minutes to hours), then expire automatically.
Analytics: Google Analytics retains user-level data for 14 months by default; we do not export or store this data ourselves.
Support emails: kept for 24 months, then deleted.

7. Your rights

Under the GDPR you have the right to:

Access — get a copy of the personal data we hold about you (Art. 15)
Rectification — correct inaccurate data (Art. 16)
Erasure — have your account and associated data deleted (Art. 17)
Restriction — pause processing while a dispute is resolved (Art. 18)
Portability — receive your data in a machine-readable format (Art. 20)
Objection — object to processing based on legitimate interest (Art. 21)
Withdraw consent — for analytics, at any time, with no effect on the lawfulness of prior processing

To exercise any of these rights, email [email protected]. We will respond within 30 days. Identity verification may be required to protect your data from impersonation.

You can delete most of your data yourself: log in and use the account-deletion option in your account settings. This removes your account, projects, and render outputs immediately. Payment records are retained as required by tax law.

You also have the right to lodge a complaint with a data-protection supervisory authority — for EU residents, the authority in your country of residence; for the operator's lead authority, see [insert lead supervisory authority based on operator's establishment].

8. Security

We protect data with industry-standard measures: TLS for all traffic, bcrypt password hashing, JWT-based session tokens, per-IP rate limiting, internal services bound to a private (Tailscale) network, an edge firewall restricting public traffic to Cloudflare, and least-privilege access for the small operations team. No system is perfectly secure; if a breach occurs that is likely to result in a risk to your rights, we will notify the supervisory authority within 72 hours and you without undue delay (GDPR Art. 33–34).

9. Automated decision-making

We do not make decisions that produce legal or similarly significant effects on you based solely on automated processing (GDPR Art. 22). Rate limiting and abuse detection are automated but only restrict use of the service temporarily — a human will review on request.

10. Children

cine.tours is not directed at children under 16 and we do not knowingly collect personal data from children. If you believe a child has created an account, contact us and we will delete it.

11. Changes to this policy

We may update this policy as the service evolves. The "Last updated" date at the top reflects the most recent change. For material changes (new subprocessor, expanded data collection, new purpose), we will notify registered users by email at least 14 days before the change takes effect.

12. Contact

Questions, complaints, or requests: [email protected].

This document is provided as a starting template. You should have it reviewed by a qualified lawyer before publication, in particular to confirm: the data-controller identification (section 1), the SMTP provider (section 4), the supervisory authority (section 7), and that the retention periods (section 6) match your actual operational practice.

← cine.tours