This Privacy Policy explains how asciify.art("we", "us", the "Service") processes personal data of visitors and users. We aim to collect as little personal data as possible and to process it lawfully, transparently, and securely under Regulation (EU) 2016/679 ("GDPR") and applicable Czech law.
1. Data controller
The data controller is Tomáš Grasl, operating the Service as a private individual. Contact: support@tomasgrasl.cz. We have not appointed a Data Protection Officer because we are not legally required to do so.
2. What data we process and why
2.1 Anonymous usage analytics (only with your consent)
If you accept analytics cookies, we use Google Analytics 4 to understand how the Service is used (page views, approximate location, device type, referrer). We configure Google Analytics with IP anonymisation. You can refuse or revoke consent at any time on the Cookie Policy page. No analytics data is collected before you give consent.
- Legal basis: your consent (GDPR Art. 6(1)(a)).
- Retention: up to 14 months in Google Analytics.
- Recipient: Google Ireland Limited (transfers to the USA covered by the EU–US Data Privacy Framework).
2.2 Server logs and security data
When you use the Service, our servers and our hosting provider may process your IP address, user-agent, request path, and timestamp. We also store IP addresses in our database for short periods to enforce per-IP rate limits on gallery submissions and to authenticate administrative sessions.
- Legal basis: our legitimate interest in keeping the Service secure, preventing abuse, and ensuring availability (GDPR Art. 6(1)(f)).
- Retention: security logs typically up to 30 days; rate-limit records up to 24 hours; admin session records until logout or expiry.
2.3 Gallery submissions
If you choose to publish ASCII art to the Community Gallery, we store the artwork itself, an optional title you provide, your display settings, and a random anonymous submitter identifier (saved as a cookie in your browser so we can show you your own pending items). Submissions are public after moderation.
- Legal basis: performance of the service you requested (GDPR Art. 6(1)(b)) and our legitimate interest in moderating publicly displayed content (Art. 6(1)(f)).
- Retention: until you ask us to delete the item or we remove it for policy reasons.
2.4 Administrative login
Administrators of the Service log in using one-time codes sent by email. We process the email address, a hash of the one-time code, and the IP address from which the code was used. This applies only to designated administrators, not to ordinary visitors.
2.5 Communications
If you email us (e.g. support@tomasgrasl.cz), we process your email address and the content of your message to respond. Legal basis: legitimate interest in handling your inquiry (Art. 6(1)(f)). Retention: as long as needed for the matter, then deleted.
3. What we do NOT do
- We do not sell or rent personal data to anyone.
- We do not run advertising networks on this Service.
- We do not upload your images to a server when converting to ASCII. Image-to-ASCII conversion runs entirely in your browser.
- We do not knowingly collect data from children under 16. If you believe we have, please contact us and we will delete it.
4. Cookies and similar technologies
See our Cookie Policy for the full list. By default we set only essential cookies. Analytics cookies require your explicit opt-in.
5. Recipients and processors
The following processors may receive personal data on our behalf:
- Hostinger International Ltd — hosting infrastructure (EU).
- Google Ireland Limited — Google Analytics, only if you consent.
- Functional Software, Inc. (Sentry) — error monitoring (technical telemetry, may include IP addresses).
Each processor is bound by a data processing agreement and must process data only on our instructions. Where data is transferred outside the EEA, it is covered by adequacy decisions or Standard Contractual Clauses.
6. Your rights under GDPR
You have the right to:
- access your personal data and receive a copy;
- have inaccurate data corrected;
- have your data erased ("right to be forgotten");
- restrict or object to processing;
- data portability where applicable;
- withdraw consent at any time, without affecting prior lawfulness;
- lodge a complaint with the Czech Data Protection Authority (Úřad pro ochranu osobních údajů, www.uoou.cz) or your local supervisory authority.
To exercise any of these rights, email support@tomasgrasl.cz. We respond within one month.
7. Security
We use HTTPS for all traffic, hashed credentials and tokens for admin sessions, and reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or alteration. No system can be guaranteed 100 % secure.
8. Changes to this Policy
We may update this Policy. The current version always lives at this URL with the "Last updated" date above. Material changes will be highlighted on the homepage for a reasonable period.
9. Contact
Privacy questions, GDPR requests, or complaints: support@tomasgrasl.cz.