Privacy Policy

1. Who is responsible?

This website (justiin.de) is operated as a personal online presence by a private individual. You can contact the operator via the details provided in the Connect section of this website.

2. What data is processed when you visit the site?

When you use the website, the hosting environment and any reverse proxy in front of it may automatically process technical data needed to deliver the service, including for example IP address, date and time of the request, requested resource, HTTP status, transferred data volume, referrer, and user agent. Processing serves the purposes of providing the website, ensuring stability and security, and troubleshooting.

Legal basis (GDPR): Art. 6(1)(f) GDPR (legitimate interests in operating and securing the website). Where logs are strictly necessary to make the service available, Art. 6(1)(b) GDPR may also apply.

Retention: Server logs are kept only as long as necessary for the purposes above, in line with the technical configuration of the self-hosted environment (typical rotation/deletion periods apply).

3. Local storage in your browser (no analytics cookies)

The site stores certain preferences locally in your browser using localStorage, not on the server:

• Theme: a single preference stored as theme with one of system, light, dark, or dynamic (time-based in Europe/Berlin). A separate internal key may be used by the theme library for hydration (__nt).
• Reduced motion: whether animations should be reduced (motion-reduced).

You can delete these entries at any time via your browser settings. This processing occurs only on your device.

Analytics / marketing: This project does not integrate third-party analytics or advertising trackers as part of the application code. If that changes, this policy will be updated and, where required, consent will be obtained before non-essential tracking begins.

4. API routes and third-party services

The site loads dynamic information through server-side API routes. Your browser calls these routes on this origin; the server then contacts configured backends to retrieve status and statistics for display. These endpoints are used to provide live widgets and do not collect user profiles or store user-submitted personal data through the API route payloads.

• Self-hosted endpoints: The server retrieves aggregated or statistical data from self-hosted services (for example ADS-B/aircraft statistics, BirdNET-Go analytics summaries, and Uptime Kuma public status APIs). Only summarized fields intended for display are sent to the browser.
• Steam Web API:The server requests recently played games from Valve's Steam Web API using a server-side API key and Steam ID. Valve processes requests according to its own terms and privacy information. The site forwards limited game metadata to the browser (for example game title and recent playtime).
• Reachability probe: /api/ping checks whether predefined internal hosts respond on certain ports when you view the lab section. The browser sends only an allowlisted server identifier; internal addresses are resolved on the server.

Legal basis (GDPR): Art. 6(1)(f) GDPR (displaying site content you request and operating the personal page). Where Steam or other third parties process personal data on their own behalf, their policies apply in addition.

5. External links

The "Connect" section links to third-party platforms (for example Discord, Telegram, Steam, GitHub). If you follow a link, that provider may process personal data (such as IP address, device information, and account-related data if you are logged in). This processing is governed solely by the respective provider's privacy policy.

6. Fonts and static assets

Fonts are loaded via next/font (bundled with the application). No additional runtime font requests to third parties are introduced by the app code for that purpose.

7. Your rights

If GDPR applies, you may have the right to access, rectification, erasure, restriction of processing, objection, and data portability, as well as the right to withdraw consent where processing is based on consent.

8. Security

Appropriate technical and organizational measures are applied in line with the self-hosted setup, including keeping secrets (such as API keys) on the server and not exposing internal network addresses to the client beyond what is necessary for the described features.

9. Changes

This policy may be updated when the website or its processing activities change. The "Last updated" date at the top will be revised accordingly.