Privacy Policy

1. Introduction & Data Controller

Bence Szekeres ("@ableproman", "I", "me", or "my") is dedicated to protecting the privacy and security of your personal data. This Privacy Policy outlines my practices regarding the collection, processing, use, and disclosure of personal data when you interact with my portfolio website at ableproman.hu and all associated applications, utilities, games, and services (collectively, the "Services").

Under the General Data Protection Regulation (GDPR) and other applicable European and Hungarian data protection acts, Bence Szekeres (located in Szeged, Hungary) acts as the Data Controller for the processing activities described in this policy. If you have any inquiries regarding data protection, you can contact me directly at support [at] ableproman [dot] hu.

2. Our Core "Privacy First" Philosophy

The design ethos of my digital projects relies on a "Privacy First" standard. Most of my Services run entirely inside your browser's isolated client-side environment.

For client-side utilities (such as the nutritional helper "Kalorie"), your personal data, logs, targets, and configurations are saved directly within your browser's local sandbox (LocalStorage or IndexedDB). This data is never sent to external servers or accessible by me. To completely wipe this data, you can simply clear your browser's cache or storage.

For services requiring server integration (such as multiplayer lobbies or session synchronization), processing is handled strictly on my own self-hosted server where my domain is hosted. I do not store user database files on third-party cloud database providers, nor do I collect or retain persistent user email lists on any database server.

3. Legal Bases for Data Processing (GDPR Compliance)

Under Article 6 of the General Data Protection Regulation (GDPR), I process your personal data under the following legal bases:

• Consent (Art. 6(1)(a) GDPR): When you explicitly choose to send feedback or a rating through the mailto dispatch link, you provide consent to send your email transmission to my support inbox.
• Performance of a Contract (Art. 6(1)(b) GDPR): When participating in real-time matchmaking or synchronized sessions on my self-hosted server, processing ephemeral lobby IDs or temporary session state data is necessary to execute the requested multiplayer gameplay or active synchronization.
• Legitimate Interests (Art. 6(1)(f) GDPR): Processing server logs to defend our self-hosted infrastructure against security exploits, block malicious request flows, and monitor server loading metrics.

4. Categories of Data Processed & No Email Storage

I believe in strict data minimization. I do not store emails or build profile databases containing your contact details. The data processed includes:

A. Feedback & Rating Interactions: The rating system on my portfolio page is completely email-based. When you submit a rating, no feedback is saved to a public database or displayed publicly on the portfolio. Instead, the page opens your device's native email application via a secure `mailto:` link, transmitting your review directly to support [at] ableproman [dot] hu as a standard email message. These emails are read as direct feedback and are not logged, compiled, or written to any user directory databases.

B. Transient Session & Lobby Tokens: For interactive applications requiring active synchronization or real-time multiplayer coordination (such as Tic Tac Toe matchmaking lobbies):

• Temporary session IDs or state matrices are written purely to volatile server memory on my self-hosted server.
• These coordinates do not contain, require, or request your email address, physical location, or real-world identity.
• Lobby allocations are automatically wiped from active server memory once a session disconnects or completes.

C. System Logs (Self-Hosted Server): Standard, temporary technical logs are processed by my web server strictly to keep the infrastructure stable:

• Truncated or anonymized IP addresses (to mitigate network attacks and maintain structural security).
• Basic technical headers (browser agent information, device types, operating system reference).
• Request timestamps.

5. Data Retention Policies

I retain data only for as long as is strictly necessary to fulfill the operational security of our self-hosted platform:

• Feedback Emails: Retained inside our secure, private support mailbox solely to answer your questions or process your feature suggestions, and purged periodically when no longer useful.
• Multiplayer Lobby Context: Pursued dynamically and erased immediately upon disconnection or within hours of inactive gameplay.
• Technical Web Server Logs: Automatically rotated and permanently deleted within thirty (30) days, unless flagged for active security investigation.

6. Cookies and Local Storage Disclosures

My Services utilize standard browser storage structures to maintain state locally. I do not employ third-party tracking, analytical advertising cookies, or behavioral pixels.

• LocalStorage / IndexedDB (Client-side): Used natively to preserve your private configurations (such as saved calorie parameters in Kalorie, history, or canvas states) on your own device.
• Interface Preferences (user_theme): We save your chosen visual preference ('dark' or 'light') in LocalStorage to maintain styling consistency across profile pages and stop layout flashing.

7. Data Processors & Third-Party Limitations

I will never sell, lease, trade, or distribute your email transmissions or log metrics to marketing agencies, analytical processors, or third-party tracking networks. All server communication and operations take place completely on my self-hosted Hungarian server infrastructure. No third-party cloud database platforms (such as Firebase, AWS, or Supabase) are utilized to hold, manage, or store app database files.

8. Technical Security Measures

I employ standard technical safeguards to preserve the security of your transactions:

• All browser interactions and backend synchronization requests are secured via SSL/TLS encryption (HTTPS).
• Self-hosted server layers are regularly maintained and updated with structural access firewalls.

9. Your GDPR Rights as a Data Subject

As an EU resident, you possess legal rights under Chapter III of the GDPR:

• Right of Access (Art. 15 GDPR): Request confirmation whether your technical logs or email inquiries are being processed.
• Right to Rectification (Art. 16 GDPR): Request corrections of incomplete or incorrect details in direct email queries.
• Right to Erasure / "To Be Forgotten" (Art. 17 GDPR): Request deletion of any standard correspondence emails or logs.
• Right to Withdraw Consent (Art. 7(3) GDPR): Withdraw consent for email conversations at any time.

To exercise your rights, please send your request directly to support [at] ableproman [dot] hu. I will address your request within one (1) month as required by law.

10. Children's Privacy

My Services do not target, solicit, or knowingly communicate with children under thirteen (13) years of age. Since I do not operate email account registries, profile registries, or mailing lists, I do not collect children's personal records.

11. Competent Supervisory Authority

If you believe that my handling of your standard log files or mail communications infringes GDPR provisions, you have the right to file a complaint with a supervisory authority.

The competent authority in Hungary is:

Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
Address: H-1055 Budapest, Falk Miksa utca 9-11.
Mailing Address: 1363 Budapest, Pf. 9.
Phone: +36 1 391 1400
Email: ugyfelszolgalat@naih.hu
Website: naih.hu

12. Revisions & Contact

This Privacy Policy may be updated from time to time. Updates will be published on this page with an adjusted date indicator at the top. For legal questions, feel free to reach out.

Email: support [at] ableproman [dot] hu
Legal Venue: Szeged, Hungary