FastStats
0
Legal

Privacy Policy

This Privacy Policy explains how TheNextLvl Productions collects, uses, and protects personal data when you use faststats.dev.

Last updated: 13 February 2026

1. Controller Information
Data Controller
TheNextLvl Productions
Sole proprietorship
Location
Germany, Baden-Württemberg
Contact
Email: [email protected]
Imprint
Further legal and contact information is available via the Imprint.
2. Scope of This Policy

This Privacy Policy applies to:

  • The faststats.dev website
  • The logged-in application and dashboard
  • Publicly accessible views of unrestricted applications

It does not apply to third-party websites or services linked from faststats.dev.

3. Data We Collect
3.1 Account Data

When you create an account, we collect:

  • Email address
  • Username
  • Password (stored only in encrypted/hashed form)
3.2 Usage and Analytics Data

We use PostHog Cloud (EU region) to analyze usage of the Service. Through PostHog, we process:

  • Device and browser information
  • Usage events (e.g. page views, feature usage)
  • Session recordings
  • Identified user behavior linked to an account

Important clarifications:

  • We do not store or access IP addresses
  • We do not collect advertising identifiers
  • We do not sell or share data for advertising purposes
3.3 User-Submitted Service Data

Users submit application data to faststats.dev server-to-server, not via client-side user input. This data is processed solely to provide the Service.

Developer-submitted content is managed and controlled by the developers themselves. While our Terms of Service remain fully applicable, the legal obligation for ensuring compliance with applicable data protection laws rests with the developer. FastStats will take action if it becomes aware of any violations.

4. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential service functionality
  • Analytics and product improvement (via PostHog)
Cookie Consent
  • For unauthenticated users, analytics cookies are optional
  • For authenticated users, certain cookies are required for the Service to function
  • A cookie consent banner is provided where required by law
5. Purposes and Legal Bases of Processing

We process personal data for the following purposes:

PurposeLegal Basis (GDPR)
Account creation and authenticationArt. 6(1)(b) GDPR (contract)
Providing and operating the ServiceArt. 6(1)(b) GDPR
Analytics and product improvementArt. 6(1)(a) GDPR (consent) and/or Art. 6(1)(f) GDPR (legitimate interest)
Security and abuse preventionArt. 6(1)(f) GDPR
Legal complianceArt. 6(1)(c) GDPR
6. Data Sharing and Sub-Processors

We do not sell personal data and do not share it for advertising purposes.

We use the following sub-processors to operate the Service:

  • PostHog Cloud (EU) – analytics, session recordings, error tracking
  • Cloudflare – hosting, security, and content delivery
  • Railway – application hosting
  • Fly.io (EU) – backup hosting for the data collector
  • Emailthing (Cloudflare Workers-based) – transactional email delivery
  • OVH (EU) – VPS hosting and data storage
  • PlanetScale (EU) – managed PostgreSQL database hosting
  • Polar – subscription and billing management (receives username, email address, and aggregated usage counts such as number of events, errors, replays, or vitals; no actual analytics data is shared)
  • xAi via OpenRouter – AI-powered chart generation (receives only data source names and chart configuration; your actual analytics data is not sent and is not used for model training)

Most processing takes place within the European Union (Amsterdam region). AI chart generation via xAi/OpenRouter may involve processing outside the EU; appropriate safeguards are in place (see Section 7).

7. International Data Transfers

The majority of personal data is processed within the European Union. AI chart generation via Google/OpenRouter may involve processing in the United States; only data source names and chart configuration edits are transmitted, and no actual analytics data is sent. Google is certified under the EU–U.S. Data Privacy Framework, and Standard Contractual Clauses (SCCs) apply where required.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, including legal, accounting, or technical requirements.

You may delete your account at any time, which will result in the deletion of associated personal data unless retention is legally required.

9. User Rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Request deletion of your personal data
  • Restrict or object to processing
  • Data portability
How to Exercise Your Rights
  • Account data access and deletion can be managed directly in the account settings
  • Username and email address can be corrected in the settings
  • Additional requests may be submitted via [email protected]

You also have the right to lodge a complaint with a supervisory authority.

10. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encrypted password storage
  • Access controls
  • Secure infrastructure and hosting providers

No system can guarantee absolute security, but we take data protection seriously.

11. Children's Privacy

The Service is not specifically intended for children. We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date will be revised accordingly.

If changes are significant, we will notify users via:

  • The website
  • Email
  • Our Discord server
13. Contact

If you have any questions or concerns about this Privacy Policy or data processing, please contact:

[email protected]

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.