Privacy policy - lake.lindt.one
← All lakes

Privacy policy

This page describes how lake.lindt.one collects, uses and protects your personal data, in accordance with the Swiss Federal Data Protection Act (FADP) and the European regulation (GDPR).

Data controller

The site lake.lindt.one is a non-commercial personal project. For any questions regarding personal data, contact: dpo@lindt.one

Data collected

  • Preferences and dashboards: stored locally in the browser. If you have an account, an encrypted copy is synchronized to the server.
  • Geolocation: used to display the nearest lake. If you have allowed geolocation, your coordinates and IP address are stored for statistical purposes. This data is not linked to your account. You can disable geolocation in your browser or deny the permission to prevent any collection.
  • Analytics (Matomo): audience analysis hosted in Switzerland, without data transfer to third parties. IP addresses are anonymized.
  • Error logs: technical errors are recorded temporarily (90 days) to improve the service. They may contain: the visited URL, the error message, the IP address, the browser type and, if you are logged in, your user identifier.
  • Promotions and campaigns: when an internal promotion is displayed, an anonymous identifier (hash) is recorded to avoid showing it multiple times. Events (display, click, dismissal) are retained for 90 days. The deduplication table is kept longer to ensure proper operation.

Additional data (logged-in users)

  • User account (optional): email address and password (hashed with Argon2id). No other personal information is required.
  • Sessions: each session records the IP address and browser type for security purposes (unauthorized access detection). An audit log records security events (login, password change) for 90 days.
  • Device tracking: a unique identifier (UUID) is assigned to your browser and stored for 2 years via a cookie. This allows recognizing your devices for preference synchronization and geolocation status.
  • Push notifications: if you enable notifications, the push service endpoint, encryption keys and device name are stored on the server. You can disable them at any time from your profile. Maximum 5 devices per account.

Cookies

The site uses cookies strictly necessary for operation (session, language, preferences). No advertising or third-party tracking cookies are used. Matomo uses an anonymous audience cookie.

Your rights

You can at any time: export your data (from your profile), delete your account (permanent deletion after 30 days), and request data rectification by email.

Data retention

Deleted accounts are purged after 30 days. Sessions expire after 30 days of inactivity. Email tokens expire after 24 hours. Error and audit logs are deleted after 90 days. Promotional events are deleted after 90 days. The device identifier is kept for 2 years.

Hosting

The site is hosted in Switzerland. No data is transferred outside of Switzerland or the European Economic Area.

Contact

For any questions about your data protection: dpo@lindt.one