Privacy Policy

Last updated: April 2026

1. Data Controller

Elisabeth Goletzko
Rauental 53, 42289 Wuppertal, Germany
Email: support@7fz.de

2. Data We Collect

2.1 Registration and Account

During registration we collect:

• Name — for personalizing the interface
• Email address — as login identifier and for password reset
• Password — stored as a bcrypt hash (not in plain text)

2.2 reMarkable Connection

When linking your reMarkable, we store a device token encrypted with AES-256-CBC in our database. This token enables the upload of documents to your reMarkable. We do not have access to the contents of your reMarkable.

2.3 Calendar URLs

You provide iCal URLs (e.g., from Google Calendar). We store these URLs and retrieve them server-side to generate PDFs. Calendar contents are not stored permanently — they are only retrieved and processed at the time of PDF generation.

2.4 News Feeds

Your selected RSS feed URLs are stored. Article contents are processed upon retrieval and are not stored permanently.

2.5 Weather

Your chosen city name is stored to retrieve weather data via the Open-Meteo API. No location data is collected — only the manually entered city name.

2.6 Login Attempts

For failed login attempts, we temporarily store the email address and IP address (max. 15 minutes) to protect against brute-force attacks. Successful logins delete these entries.

2.7 Server Log Files

The web server automatically collects: IP address, browser type, access time, page visited. This data is not merged with other data sources.

3. Purpose of Data Processing

• Provision of the service (PDF generation and upload to reMarkable)
• Authentication and account security
• Protection against abuse (login rate limiting)
• Password reset via email

4. Legal Basis

Processing is based on Art. 6(1)(b) GDPR (performance of a contract) for the provision of the service and Art. 6(1)(f) GDPR (legitimate interest) for the security of the service.

5. Third-Party Services

The following external services are used:

• reMarkable Cloud API (reMarkable AS, Norway) — for uploading documents to your device. An encrypted token and the PDF content are transmitted.
• Open-Meteo (open-meteo.com) — for weather data. Only geographic coordinates are transmitted, no personal data.
• Nager.Date API — for public holiday data. Only country/region codes are transmitted.
• Gutendex / Internet Archive / arXiv — for library search. Only search terms are transmitted.

We do not use Google Analytics, Facebook Pixel, or any other tracking services.

6. Cookies

We exclusively use technically necessary session cookies for authentication and CSRF protection. No tracking cookies, advertising cookies, or third-party cookies are set.

7. Data Retention

• Account data — until the account is deleted by the user
• Login attempts — automatically deleted after 15 minutes
• Calendar/news content — not stored permanently
• Server logs — max. 30 days

8. Your Rights

You have the right at any time to:

• Access — request information about what data we have stored about you
• Rectification — correction of inaccurate data
• Erasure — deletion of your data (delete account under Account Settings)
• Data portability — export of your data (JSON export under Account)
• Objection — object to the processing of your data
• Complaint — file a complaint with the competent data protection supervisory authority (State Commissioner for Data Protection NRW)

Contact for data protection inquiries: support@7fz.de

9. Data Security

• Passwords: bcrypt hash (irreversible)
• Device tokens: AES-256-CBC encryption
• CSRF protection on all forms
• Login rate limiting (max. 5 attempts / 15 min.)
• SSRF protection for URL validation (no internal addresses)
• HTTPS encryption (in production)

10. Changes

We reserve the right to update this Privacy Policy. The current version is always available at this URL.

Datenschutz · Impressum