Privacy Policy | TAOMA Space

1. Controller

The controller for this website and its functions is TAOMA (Taoma M.), email: taoma.m@proton.me.

If you have privacy questions, contact us anytime at this address.

2. Core Principles

We only process data that is necessary to provide the features.
No advertising or tracking cookies; only technically required cookies or local storage.
No sharing with third parties without a legal basis. No selling of data.
Transport encryption (TLS/HTTPS) and role-based access in protected areas.

3. What Data We Process

3.1 Visiting the website

Server logs are generated (e.g., IP address, timestamp, requested URL, user agent, possible error codes) to ensure uptime and troubleshoot issues.

3.2 Account, login, and protected areas

For registration, login, profiles, or admin functions we process the details you provide (e.g., username, password hash) plus authentication data (tokens/session identifiers). These are required to enable and secure access.

3.3 Linktree and public profiles

For Linktree/profile pages we store the links, descriptions, avatars, or other content you voluntarily publish.

3.4 GIF API and uploads

When adding GIFs or using the API we process content and metadata (title, tags, file URL, possibly user ID) plus technical logs to prevent abuse.

3.5 Global Chat and communication

Messages in the chat are processed to provide the service, for moderation, and for security. Abuse and spam protection can trigger server-side checks.

3.6 Contact

If you contact us by email, we process your message and the contact details you provide to handle your request.

No third-party analytics tools are used. External resources are integrated locally or as data-minimizing as possible.

4. Legal Bases

Art. 6(1)(b) GDPR — contract performance and pre-contractual steps (e.g., account, Linktree, API, chat).
Art. 6(1)(f) GDPR — legitimate interests (operation, security, fraud and abuse prevention, troubleshooting).
Art. 6(1)(a) GDPR — consent (e.g., voluntary content, newsletters if offered, processing of special data).
Art. 6(1)(c) GDPR — legal obligations where applicable.

5. Storage Period

Log data is usually kept short-term and used for security and diagnostics.
Account and content data remain until you delete them or remove your account.
Statutory retention duties remain unaffected.

6. Recipients and International Transfers

We only share data when necessary for contract performance, security, or to comply with legal duties. Transfers to third countries occur only where adequate safeguards exist. No tracking or advertising providers are currently used.

7. Security

Data is transmitted via TLS/HTTPS. Access to administrative areas is protected by roles. Regular updates and (where implemented) backups support availability and integrity.

8. Your Rights

Access, rectification, erasure, and restriction of processing.
Data portability (Art. 20 GDPR).
Objection to processing based on Art. 6(1)(f) GDPR.
Withdrawal of consent with future effect.
Right to lodge a complaint with a data protection authority.

Email taoma.m@proton.me if you want to exercise any of these rights.

9. Obligation to Provide Data

You only need to provide the data required for each feature. Without essential details (e.g., login credentials) protected areas cannot be used.

10. Automated Decisions

No automated decision-making or profiling under Art. 22 GDPR takes place.

11. Changes

We will update this Privacy Policy when new features, legal requirements, or technical changes require it. The current version published here is authoritative.