Privacy Policy | TAOMA Space

1. Controller

The controller for this website and its functions is TAOMA (Taoma M.), email: taoma.m@proton.me.

If you have privacy questions, contact us anytime at this address.

2. Core Principles

We only process data that is necessary to provide the features.
No advertising or tracking cookies; only technically required cookies or local storage.
No sharing with third parties without a legal basis. No selling of data.
Transport encryption (TLS/HTTPS) and role-based access in protected areas.

3. What Data We Process

3.1 Visiting the website

Server logs are generated (e.g., IP address, timestamp, requested URL, user agent, possible error codes) to ensure uptime and troubleshoot issues.

3.2 Accounts, login, and profiles

For registration, login, profiles, or admin functions we process the details you provide (username, email address, password hash, optional profile picture, linktree ID) plus authentication data (session tokens). These are required to enable and secure access.

3.3 Password reset emails

When you request a password reset, we store a reset token hash, expiry time, and send a reset link to the email address on the account. The email is delivered via our mail provider (SMTP). Reset tokens are single-use.

3.4 Linktree and public profiles

For Linktree/profile pages we store the links, descriptions, avatars, or other content you voluntarily publish.

3.5 GIF API, uploads, and media

When adding GIFs or using the API we process content and metadata (title, tags, file URL, possibly user ID) plus technical logs to prevent abuse. Uploaded avatars/icons are stored to provide your profile features.

3.6 Marketplace templates (optional)

Marketplace templates you create or save are stored in a database service (Google Firestore) so they can be listed, managed, and applied to your Linktree.

3.7 Discord integration (optional)

If you link Discord, we process your Discord ID, username/global name, avatar data, access/refresh tokens, and selected profile/badge metadata to show presence or badges on your profile.

3.8 Global Chat

Messages in the chat are processed to provide the service, for moderation, and for security. Abuse and spam protection can trigger server-side checks.

3.9 Health data (optional)

If you use the health tracking feature, we process the values you provide. This can include health-related data, which is processed only with your explicit consent.

3.10 Contact

If you contact us by email or the contact form, we process your message and the contact details you provide to handle your request. Contact form messages are forwarded to a Discord webhook for delivery.

3.11 Cookies and local storage

We use a session cookie (taoma_token) to keep you logged in. We use local/session storage for technical purposes (e.g., redirect targets after login, visitor counter de-duplication). No advertising or tracking cookies are used.

External resources are integrated locally or as data-minimizing as possible.

4. Legal Bases

Art. 6(1)(b) GDPR - contract performance and pre-contractual steps (e.g., account, Linktree, API, chat).
Art. 6(1)(f) GDPR - legitimate interests (operation, security, fraud and abuse prevention, troubleshooting).
Art. 6(1)(a) GDPR - consent (e.g., voluntary content, newsletters if offered, optional integrations).
Art. 9(2)(a) GDPR - explicit consent for health data.
Art. 6(1)(c) GDPR - legal obligations where applicable.

5. Storage Period

Log data is usually kept short-term and used for security and diagnostics.
Account and content data remain until you delete them or remove your account.
Password reset tokens expire automatically after a short time and are single-use.
Statutory retention duties remain unaffected.

6. Recipients and International Transfers

We only share data when necessary for contract performance, security, or to comply with legal duties. This can include our email provider (SMTP) for password reset emails, Discord for contact delivery and optional account linking, and Google Firestore for marketplace templates. Transfers to third countries occur only where adequate safeguards exist. No tracking or advertising providers are currently used.

7. Security

Data is transmitted via TLS/HTTPS. Access to administrative areas is protected by roles. Passwords are stored as hashes. Regular updates and (where implemented) backups support availability and integrity.

8. Your Rights

Access, rectification, erasure, and restriction of processing.
Data portability (Art. 20 GDPR).
Objection to processing based on Art. 6(1)(f) GDPR.
Withdrawal of consent with future effect.
Right to lodge a complaint with a data protection authority.

Email taoma.m@proton.me if you want to exercise any of these rights.

9. Obligation to Provide Data

You only need to provide the data required for each feature. Without essential details (e.g., login credentials) protected areas cannot be used.

10. Automated Decisions

No automated decision-making or profiling under Art. 22 GDPR takes place.

11. Changes

We will update this Privacy Policy when new features, legal requirements, or technical changes require it. The current version published here is authoritative.