Privacy Policy

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

2. Data We Collect

When you use L'Ottobahn, we process the following data:

• Guest user ID — a randomly generated identifier assigned to your session
• Username — a randomly generated display name (e.g. "Gleisläufer42")
• Predictions — your delay predictions, including train, station, predicted delay, and timestamp
• Scores and achievements — XP points, leaderboard rank, achievement progress
• Analytics events — page views, feature interactions (only with your consent)
• Session cookie — an essential HTTP cookie for maintaining your session

3. Purposes of Processing

• Game functionality — processing predictions, calculating scores, maintaining leaderboards, tracking achievements
• Leaderboard — displaying aggregated player rankings
• Analytics — understanding how the service is used in order to improve it (consent-based only)

4. Legal Bases

• Game functionality and leaderboard: Art. 6(1)(b) GDPR — processing is necessary for the performance of the service you choose to use.
• Analytics: Art. 6(1)(a) GDPR — processing is based on your explicit consent, which you can grant or revoke at any time via the cookie settings.

5. Data Retention

Your guest session stores only a random anonymous identifier (UUID) and a randomly generated username — no email, phone number, or other personally identifiable information. Your session cookie expires after 30 days of inactivity (sliding window, refreshed on each visit). Server-side data (predictions, scores, achievements) is retained for up to 90 days after your last activity. After 90 days of inactivity, your account and all associated data are eligible for automatic deletion. You may also delete your data immediately at any time using the self-service button below (see section 6).

6. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR) — You may request information about whether and which personal data we process about you.
• Right to rectification (Art. 16 GDPR) — You may request correction of inaccurate data.
• Right to erasure (Art. 17 GDPR) — You may delete all your data instantly using the "Delete my data" button below, or contact us by email.
• Right to restriction (Art. 18 GDPR) — You may request restriction of processing.
• Right to data portability (Art. 20 GDPR) — You may request your data in a structured, machine-readable format.
• Right to object (Art. 21 GDPR) — You may object to processing based on legitimate interests.

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

To exercise any of these rights, please contact us at: otto@lottobahn.de

7. Cookies

We use the following cookies:

• Session cookie (essential) — Maintains your game session and authentication. This cookie is strictly necessary for the service to function and is exempt from consent requirements under §25(2) TTDSG.
• Consent preference (essential) — Stores your cookie consent choice in localStorage. Strictly necessary for respecting your privacy preferences.

Analytics events are only sent to our server if you have given explicit consent by clicking "Accept all" in the cookie banner. No third-party analytics services are used.

8. Third-Party Services

• Deutsche Bahn API — We retrieve public timetable data (train departures, delays, disruptions) from Deutsche Bahn's public API. No personal data is transmitted to Deutsche Bahn.
• Google Fonts — Fonts are loaded via Next.js font optimization, which downloads and self-hosts font files at build time. No requests are made to Google servers at runtime, and no data is transferred to Google.

9. Data Transfers Outside the EU

We do not transfer personal data outside the European Union. All servers are hosted by Contabo GmbH in Germany (EU). No data is stored or processed outside the EU.

10. Contact for Data Protection Inquiries

For questions about data protection or to exercise your rights, please contact: