VMDB
VMDB
Home Games Submit Report FAQ Login Register

Privacy Policy

In accordance with GDPR and BDSG

1. Controller

The controller responsible for data processing on this website is the operator named in the Imprint.

2. Data Collected

We collect and process the following personal data:

  • Registration: Username and email address
  • VM Reports: Technical details about game compatibility (VM type, operating system, hardware)
  • Last login: Date and time of the most recent successful login (stored per account, visible to superadmins only)
  • Anonymous usage: IP addresses are processed temporarily to prevent abuse (e.g. duplicate votes or flags) and are not used for tracking or profiling.
  • Server & firewall logs: IP address, browser type, access time, and connection metadata (technically necessary for security and operations)

3. Purpose of Processing

  • Providing and operating the VMDB platform
  • Managing user accounts and contributions
  • System and user security — detecting unauthorized access and inactive accounts (last login timestamp visible to superadmins only)
  • Sending transactional email notifications (e.g. admin messages, email verification)
  • Preventing abuse (duplicate votes and flags)
  • Technical security and stability of the service

4. Legal Basis

Processing is carried out on the basis of Art. 6(1)(b) GDPR (performance of a contract) for user accounts, and Art. 6(1)(f) GDPR (legitimate interests) for ensuring IT security, detecting abuse, and the stable operation of the platform. All data is transmitted encrypted via HTTPS/TLS.

5. Retention Period

Personal data is deleted as soon as it is no longer needed for the purpose for which it was collected. Account data is removed upon account deletion.

For security and operational reasons, server and firewall logs may temporarily store technical data such as IP addresses. These logs are used solely for system security, abuse prevention, and troubleshooting, and are automatically deleted after a limited period (typically 7–30 days). They are not used for tracking or profiling users.

6. Hosting

This website is self-hosted on a private server operated by the controller at the address stated in the Imprint (Hamburg, Germany). No third-party hosting provider is involved. The server is located within the European Union.

7. Cookies & Local Storage

This website uses the following browser storage:

  • Session & CSRF cookie (technically necessary) — required for user authentication and protection against cross-site request forgery attacks. These cookies expire when you close your browser or after a defined idle period and are essential for the secure and correct operation of this website. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure operation).
  • Cookie consent preference (technically necessary) — stored in localStorage to remember your cookie choice (vmdb_cookie_consent).
  • My Setup (functional, only with your consent) — stores your VM configuration locally in localStorage (vmdb_setup). No data is transmitted to our servers unless you are logged in. Legal basis: Art. 6(1)(a) GDPR (consent).
  • Dismissed notifications (functional, only with your consent) — tracks which admin broadcast messages you have dismissed locally (vmdb_dismissed_notifications). Legal basis: Art. 6(1)(a) GDPR (consent).

You can manage your preferences at any time via the link in the footer, or by clearing your browser's local storage.

8. Third-Party Services

Fonts: All fonts (Inter, JetBrains Mono) are self-hosted and served directly from our own server. No connection to Google Fonts or any other external font service is made.

Steam Store API: When adding games, the public Steam Store API is queried. Requests are routed through our server — no personal data is transmitted to Steam.

9. Your Rights

You have the right to:

  • Access your stored data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of your data — via Account Settings or by contacting us (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability — download a machine-readable copy of all your personal data at any time directly in your Account Settings (after login) (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)

To exercise your rights, contact us at: contact@vmdb.it

10. Anonymous Usage Metrics

VMDB collects minimal, privacy-friendly usage metrics to understand how the platform is used and to improve its functionality. The following aggregated counters are recorded:

  • Page views: Which pages are visited (by route name, e.g. game detail, search results)
  • Game views: How often individual game pages are opened (by game slug)
  • Searches: Total number of searches performed per day
  • Reports submitted: Total number of compatibility reports created per day
  • Registrations: Total number of new accounts created per day

All metrics are stored as aggregated counts only. No IP addresses or personal data are recorded in the database. No third-party analytics tools are used. The data is used exclusively for internal platform monitoring and is not shared with any third party.

Session deduplication: To avoid counting repeated visits to the same page within a single browser session (e.g. pressing F5) as separate views, a temporary deduplication key is derived from your Laravel session ID using a one-way SHA-256 hash, salted with the current date and a server-side secret. This hash cannot be reversed to identify you or your session. It is stored only in the server-side cache — never in the database — and expires automatically at midnight. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in accurate, non-inflated usage statistics).

11. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.