Privacy Policy

Information on data processing in accordance with GDPR

Last updated: February 24, 2026

Data Controller

Emilio Irmscher
Max-Saupe-Straße 41
09131 Chemnitz, Germany
Email: contact@columbus-aeo.com

Overview of Processing

The following overview summarizes the types of data processed and the purposes of processing.

Types of Data Processed

  • Master data (e.g., name, address)
  • Contact data (e.g., email, phone numbers)
  • Content data (e.g., form inputs)
  • Usage data (e.g., pages visited, access time)
  • Meta/communication data (e.g., IP addresses)
  • Payment data (e.g., bank details, invoices)

Purposes of Processing

  • Provision of contractual services
  • Communication
  • Security measures
  • Reach measurement
  • Management and response to inquiries

Legal Basis

Below is an overview of the GDPR legal bases on which we process personal data:

  • Consent (Art. 6(1)(a) GDPR)
  • Contract Performance (Art. 6(1)(b) GDPR)
  • Legal Obligation (Art. 6(1)(c) GDPR)
  • Legitimate Interests (Art. 6(1)(f) GDPR)

Your Rights

As a data subject under GDPR, you have various rights:

  • Right to Object: You have the right to object to processing at any time.
  • Right to Withdraw Consent: You have the right to withdraw consent at any time.
  • Right to Access: You have the right to information about processed data.
  • Right to Rectification: You have the right to correct inaccurate data.
  • Right to Erasure: You have the right to have your data deleted.
  • Right to Complain: You have the right to lodge a complaint with a supervisory authority.

Cookies

We use cookies and similar technologies to ensure the functionality of our platform. Necessary cookies are set based on legitimate interests. For analytics cookies, we obtain your consent.

Types of Cookies

  • Essential Cookies: These cookies are required for the website to function properly (e.g., session management, authentication).
  • Analytics Cookies: Help us understand how visitors interact with our website.
  • Marketing Cookies: Used to display personalized advertisements.

Manage Cookie Preferences

You can adjust your cookie preferences at any time using the button below:

Tester and Player Data (Play-to-Earn)

For participants in our tester network and the Play-to-Earn game "PromptWars", we additionally process the following data:

Tester/Player Profiles

  • Data: Name, email, country, timezone, date of birth
  • Legal basis: Contract performance (Art. 6(1)(b) GDPR)
  • Recipients: Supabase (processor)
  • Retention: Duration of account + 30 days after deletion request

AI Platform Connections

  • Data: Connected AI platforms, platform IDs, daily prompt allowances
  • Legal basis: Contract performance (Art. 6(1)(b) GDPR)
  • Recipients: Supabase (processor)
  • Retention: Duration of account; deleted on disconnection

Earnings & Payout History

  • Data: Amounts, dates, cycle records, payout status
  • Legal basis: Contract performance (Art. 6(1)(b) GDPR) + Legal obligation (Art. 6(1)(c) GDPR) for tax records
  • Recipients: Supabase (processor), Stripe (payout processing)
  • Retention: 8 years from end of calendar year (AO §147(3), HGB §257(4) — German tax retention)

Stripe Connect / Identity Verification

  • Data: Government-issued ID, bank details, address (collected by Stripe)
  • Legal basis: Legal obligation (Art. 6(1)(c) GDPR) — KYC/AML compliance
  • Recipients: Stripe (independent controller for its own KYC obligations)
  • Note: Users are redirected to Stripe for verification; Stripe has its own privacy policy

Minecraft Account Links

  • Data: Minecraft UUID, username
  • Legal basis: Contract performance (Art. 6(1)(b) GDPR)
  • Recipients: Supabase (processor)
  • Retention: Duration of account; deleted on unlink

Gaming Activity

  • Data: Kills, playtime, faction membership, points, vault values, leaderboard position
  • Legal basis: Contract performance (Art. 6(1)(b) GDPR)
  • Recipients: Supabase (processor)
  • Retention: Current season + 1 year for historical statistics

Technical Data (Tester App)

  • Data: IP address, device info, heartbeat signals
  • Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — security, fraud prevention
  • Recipients: Supabase (processor)
  • Retention: 90 days maximum

Third-Party Data Sharing (Tester/Player)

We share tester/player data with the following third parties:

  • Stripe: Name, DOB, address, government ID, bank details, payout amounts — Contract performance + Legal obligation
  • Supabase: All platform data — Contract performance (processor)
  • AI Platforms: No personal data is shared by us; testers use their own accounts
  • Mojang/Microsoft: Minecraft UUID obtained via account linking — Contract performance

Payment Processing

For payments, we use the payment service provider Stripe. Processing is carried out in accordance with their privacy policy.

Hosting

Our platform is hosted with the following providers:

  • Supabase: Database and backend infrastructure (EU region)
  • Vercel: Frontend hosting

Data Protection Authority

Responsible supervisory authority:
State Data Protection Commissioner of Saxony
Bernhard-von-Lindenau-Platz 1
01067 Dresden, Germany

Contact for Privacy Questions

Emilio Irmscher
Email: contact@columbus-aeo.com

Legal NoticeTerms of ServiceBack to Home