Privacy Policy

Last updated: 5 July 2026

Protecting your personal data matters to us. Skriza is currently in a closed beta. This website provides information and the ability to apply for the beta; no public user account is available yet. We process as little data as possible and host exclusively within the EU.

1. Controller

The controller for data processing on this website is:

Yusuf Senel, Von-Hünefeld-Str. 8, 40764 Langenfeld, Deutschland

Email: [email protected]

2. Hosting and server log files

This website runs on servers within the European Union. When you access the site, your browser automatically transmits information stored in server log files: a shortened IP address, date and time of access, the page requested, the browser and operating system used, and the referring page.

Purpose: ensuring reliable operation, system security and technical administration. Legal basis is Art. 6(1)(f) GDPR (legitimate interest in secure, stable operation). Log files are deleted after a short period unless needed to investigate security incidents.

Hosting: This website is hosted by netcup GmbH, Daimlerstraße 25, 76185 Karlsruhe, Germany; the server location is Germany. Processing takes place under a data-processing agreement pursuant to Art. 28 GDPR.

Delivery and protection (Cloudflare): To deliver the website securely and quickly, we use the content delivery network of Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. Cloudflare routes the connections and protects the site against attacks (e.g. DDoS). This may involve a transfer of connection data to the USA, safeguarded by appropriate guarantees (EU Standard Contractual Clauses). Legal basis is Art. 6(1)(f) GDPR (secure, stable operation). Further information: https://www.cloudflare.com/en-gb/privacypolicy/.

3. Beta application

If you use the beta application form, we process the data you provide: name, email address and — optionally — your reason/message.

Purpose: handling your application, managing the waiting list and contacting you regarding the beta. Legal basis is Art. 6(1)(a) GDPR (consent by submitting) and Art. 6(1)(b) GDPR (pre-contractual measures). Data is deleted once the purpose no longer applies or you withdraw your consent, at the latest when the beta ends.

4. Cookies and local storage

We use only technically necessary storage. Your preferred language and theme (light/dark) are stored locally in your browser to make the site usable. If you sign in as a beta tester, a technically necessary session cookie is set.

We set analytics cookies only with your explicit consent given via our cookie banner; they are off by default. Your choice is stored in an essential consent cookie and can be changed or withdrawn at any time via “Cookie settings” in the footer. Legal basis for essential storage is § 25(2) TDDDG and Art. 6(1)(f) GDPR; for analytics cookies § 25(1) TDDDG together with Art. 6(1)(a) GDPR (consent).

With your consent we process in particular: pages visited and time on site, referrer, device type, operating system and browser, screen resolution and language, plus — derived from your IP address via our internal service — country and network operator (ASN). Your IP address itself is not stored. To count returning visits we use a daily-rotating, non-reversible identifier; analysis is aggregated.

5. Disclosure of data

Your data is not shared with third parties for advertising or tracking. Where we use service providers (e.g. hosting), this is based on a data-processing agreement under Art. 28 GDPR and exclusively within the EU.

6. Your rights

Under the GDPR you have the following rights:

  • Access to the data stored about you (Art. 15)
  • Rectification of inaccurate data (Art. 16)
  • Erasure (Art. 17) and restriction of processing (Art. 18)
  • Data portability (Art. 20)
  • Objection to processing (Art. 21)
  • Withdrawal of consent with effect for the future (Art. 7(3))

7. Right to complain

You have the right to lodge a complaint with a data-protection supervisory authority — in particular the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW).

8. Encryption

For security this website uses TLS/SSL encryption, recognisable by “https://” in your browser's address bar.

9. Bot protection (Skriza Shield)

To protect against automated access, spam and abuse we use our own data-minimal bot-protection system, “Skriza Shield” — no Google, no cookies, no cross-site tracking.

We process: a shortened or hashed IP address (to detect abuse patterns and apply time-limited blocks), technical request signals, and — only during an interactive check — anonymous interaction motion data (e.g. the timing and path of a rotation). This motion data is used solely for the immediate “human or bot” decision and then discarded; it is not stored permanently and not linked to a profile.

If your access was temporarily blocked, you can verify you're human via an appeal page. You may optionally provide an email address; we assess its trustworthiness by domain (e.g. established provider vs. disposable address) and store the request for manual review. We use the email address solely to handle this unblock request.

The legal basis is our legitimate interest in the security, integrity and availability of our systems and in preventing fraud and abuse (Art. 6(1)(f) GDPR; see Recitals 47 and 49 GDPR, under which preventing abuse and ensuring network and information security constitute a legitimate interest).

Abuse and block data (hashed IP, counters) are kept only briefly — typically minutes to a few hours — and deleted automatically. Appeal records with an email address are kept only as long as necessary for the review and for evidentiary and security purposes. You have, in particular, the right to object to this processing.

10. Updates

The current version published on this website applies. As Skriza develops and opens to users, this policy will be updated.