Privacy Policy

Last updated: June 9, 2025

Verantwortlicher (Data Controller)

Laurence Gaspar Bourbon
Marie-Elisabeth-Lüders-Weg 4
50354 Hürth
Deutschland

E-Mail: contact.driftscript@gmail.com

Our Commitment to Privacy

At DriftScript, we are committed to protecting your privacy. This Privacy Policy explains how we handle data when you use our secure temporary message service.

Message Privacy

DriftScript is designed with message privacy as a fundamental principle. In relation to the messages you send, we do not collect or store:

• Personal identification information
• IP addresses of message senders or recipients
• Message content (messages are encrypted client-side before transmission)

Message Data Handling

Messages on DriftScript are:

• Encrypted end-to-end using AES-256-CBC encryption
• Stored temporarily based on the expiration time you select (ranging from 15 minutes to 30 days)
• Automatically deleted after being read once
• Securely wiped using the 'shred' command (with 7 passes by default) to prevent recovery
• Protected with CSRF tokens to prevent unauthorized access
• Optionally protected with an additional password

Technical Data

For the service to function, we store:

• Encrypted message content (only until it's read or expires)
• Temporary CSRF tokens (for form submission security)
• Expiration timestamps (to determine when to delete messages)

This data is stored on servers located in Germany (Hetzner data center in Nürnberg) and is subject to German and EU data protection laws.

Our website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. For the purpose of ensuring secure and efficient operation of our service, Hetzner may automatically collect standard server log file information transmitted by your browser. This typically includes IP address, date and time of request, requested resource, browser type/version, operating system, and referrer URL. This data is processed based on legitimate interests (Art. 6(1)(f) GDPR) for security analysis and operational stability. This data is generally not merged with other data sources and is stored temporarily according to Hetzner's retention policies. We have concluded a Data Processing Agreement (Auftragsverarbeitungsvertrag - AVV) with Hetzner in accordance with Art. 28 GDPR. For more details, please refer to Hetzner's Privacy Policy.

Our application itself does not maintain persistent operational or error logs containing user data.

Cookies

DriftScript uses technically essential mechanisms for secure operation, such as temporary session handling for CSRF protection. These are necessary for the service explicitly requested by you and do not require consent under § 25 Abs. 2 TTDSG.

For third-party services such as Google AdSense, cookies and similar technologies are used for advertising purposes. As required by § 25 Abs. 1 TTDSG and the GDPR, these non-essential cookies are only set after obtaining your explicit consent through our Usercentrics consent management platform.

Third-Party Services and Advertising

To support the free provision of DriftScript, we display advertisements provided by third parties, such as Google AdSense. These services are implemented with proper consent management to protect your privacy rights.

Google AdSense

Google AdSense (service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) is used to display advertisements. Google AdSense uses cookies (e.g., DoubleClick cookie) and potentially web beacons or similar technologies to collect information about your interaction with the ads and our website. This may include your IP address (which Google may anonymize), browser information, and website usage data.

Purposes: This data is used by Google to serve personalized ads based on your interests, control the frequency of ads shown, measure ad performance, and improve its advertising services.

Legal Basis: The use of Google AdSense cookies and the associated processing of personal data for personalized advertising and measurement will be based solely on your explicit consent (Art. 6(1)(a) GDPR and § 25 Abs. 1 TTDSG), obtained via our cookie consent banner *before* any cookies are set or data is processed for these purposes.

Data Transfers: Data collected by Google may be transferred to and processed on servers in the United States or other countries outside the EU/EEA. Google implements safeguards for such transfers, details of which can be found in their privacy policy.

User Control & Opt-Out: You will be able to manage your consent preferences through our cookie consent banner at any time. You can also manage Google's use of cookies for personalized advertising through Google's Ad Settings: https://myadcenter.google.com/. For more information on Google's data practices, please review Google's Privacy Policy and how Google uses data when you use partners' sites or apps.

Data Protection Rights (GDPR)

Under the General Data Protection Regulation (GDPR), users who are EU citizens have certain data protection rights that apply to personal data. Since DriftScript:

• Does not collect or store any personal data
• Uses end-to-end encryption where message content is not accessible to us
• Does not store any metadata that could identify users
• Operates as a "zero-knowledge" service

Regarding the technical data processed by our service or hosting provider (e.g., CSRF session data, server logs), you have the right to request information, access, rectification, or erasure, where legally permissible and technically feasible. You also have the right to restrict processing or object to processing based on legitimate interests, and the right to lodge a complaint with a supervisory authority.

Please note that due to the end-to-end encrypted and zero-knowledge nature of our message service, we do not have access to message content or associated user metadata. Therefore, rights concerning specific message content (like access or portability) cannot be fulfilled by us. To exercise your rights regarding any technical data we or our hoster might process, please contact the Data Controller listed above.

Cookie Consent Management (TTDSG & GDPR)

In accordance with § 25 TTDSG and the GDPR, we have implemented a consent management solution (Usercentrics) that manages cookies and similar technologies. This consent banner allows you to provide or withdraw your explicit consent for specific data processing purposes in a granular manner. Your preferences are respected, and non-essential cookies are only set after obtaining your prior consent.

Data Security

We implement robust security measures to protect any temporary data stored on our servers:

• HTTPS with strict TLS enforcement
• Content Security Policy headers
• XSS protection
• Secure server configuration
• Regular security updates
• Limited access to server infrastructure
• Encryption of stored data using zuluCrypt

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

Contact Us

If you have any questions about our Privacy Policy, please contact us at the Data Controller address listed above.