Privacy Policy

LifeProtocol.club
Last updated: August 2025

GDPR & DSA: This Policy explains how we process personal data under the GDPR and how processing supports our DSA obligations (moderation, reporting, transparency).

1. Introduction

This Privacy Policy explains how r6lab Radoslaw Jozefowicz ("Company", "we", "us") collects, uses, shares and protects your personal data when you visit or use LifeProtocol.club (the "Service"). It also describes your rights under the General Data Protection Regulation (GDPR).

2. Data Controller

Controller: r6lab Radoslaw Jozefowicz, Poland.
E-mail: privacy@lifeprotocol.club
The Company is not required to appoint a Data Protection Officer under Article 37 GDPR.

3. Categories of Personal Data We Collect

Account Data: e-mail address, display name, profile image (optional), authentication identifiers.
Content Data: protocols, comments, images, and other user-generated content (which may include personal data you choose to share).
Usage Data: IP address, device and browser information, pages visited, timestamps, error logs.
Cookie & Analytics Data: first-party authentication cookies; optional analytics (e.g. self-hosted Matomo, IP anonymised).
Moderation Data: content reports, moderation decisions, appeal requests, and related metadata for DSA compliance.
Newsletter Data (optional): e-mail address and subscription preferences.

4. How We Collect Data

a) Directly from you when you create an account, upload content, subscribe to the newsletter, or contact us.
b) Automatically through cookies and similar technologies.
c) From community interactions (e.g. reports, moderation, appeals) as part of DSA processes.

5. Purposes and Legal Bases

Account setup and providing the Service – Art. 6(1)(b) GDPR (contract).
Community features and content hosting – Art. 6(1)(b) GDPR.
Content moderation and DSA compliance – Art. 6(1)(c) GDPR (legal obligation) and Art. 6(1)(f) GDPR (legitimate interest).
Security, fraud prevention, diagnostics – Art. 6(1)(f) GDPR (legitimate interest).
Analytics – Art. 6(1)(a) GDPR (consent). You can withdraw at any time via preferences/cookie banner.
Newsletter / marketing – Art. 6(1)(a) GDPR (consent). Unsubscribe anytime.

6. Data Sharing and Recipients

We share personal data only when necessary and under Article 28 GDPR-compliant agreements where applicable:

Infrastructure & hosting: e.g., AWS (storage and hosting).
E-mail service provider: for transactional and newsletter e-mails (if enabled).
Analytics (optional): self-hosted Matomo or equivalent with IP anonymisation.
Safety/AI services (if used for moderation): third-party providers assisting with detecting harmful content.
Legal requests: we may disclose data where required by law or valid authority request, following due process and minimisation principles.

7. International Transfers

Where data is transferred outside the EEA, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) with supplementary measures where necessary.

8. Data Retention

• Account data – retained for the lifetime of the account plus up to 24 months.
• User-generated content – until you delete it or the account is removed.
• Moderation and appeal records – up to 6 years for DSA and legal compliance.
• Transparency reports – aggregated and may be retained indefinitely.
• Logs – typically up to 90 days for security.
• Newsletter data – until you unsubscribe or request deletion.

9. Cookies & Similar Technologies

We use essential cookies for authentication and basic functionality. Analytics cookies (if enabled) collect anonymised usage statistics only with your consent. You can manage preferences via the cookie banner (when displayed).

10. Data Security

We apply TLS encryption, access controls, hashed passwords, least-privilege access, and regular reviews to protect personal data.

11. Your GDPR Rights

You have the right to access, rectify, erase, restrict processing, data portability, and object to processing based on legitimate interests. Where processing is based on consent, you may withdraw it at any time.

12. How to Exercise Your Rights and Response Times

To exercise your rights, e-mail privacy@lifeprotocol.club. We respond without undue delay and within one month of receipt (extendable by two further months for complex requests, per Article 12 GDPR). We may need to verify your identity.

13. Children's Privacy

The Service is not directed to children under 16. We do not knowingly process children’s personal data. If such data is identified, we will delete it promptly.

14. Updates to This Policy

We may update this Policy to reflect legal or operational changes. Material changes will be communicated in-app or by e-mail. Continued use after the effective date constitutes acceptance.

15. Contact and DSA Single Point of Contact

General: contact@lifeprotocol.club

Privacy (GDPR): privacy@lifeprotocol.club

Content moderation: contact@lifeprotocol.club

DSA Single Point of Contact: contact@lifeprotocol.club

© LifeProtocol.club. All rights reserved.