Privacy Policy

Last updated: November 22, 2025

1. Controller and Data Protection Officer

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Patrick Wegner
Am Campus 2
48565 Steinfurt
Germany
Email: contact@r6-replay.com

2. Overview of Data Processing

This privacy policy explains what personal data we collect, how we process it, and what rights you have regarding your data. We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR).

3. Data We Collect

3.1 Account Data

When you create an account, we collect:

  • Email address
  • Name and display name (if provided)
  • User ID (automatically generated)
  • Authentication credentials (securely hashed)

Legal basis: Contract performance (Art. 6(1)(b) GDPR) and your consent (Art. 6(1)(a) GDPR).

3.2 Uploaded Replay Files

When you upload Rainbow Six Siege replay files, we collect and store:

  • The replay file itself (binary data)
  • Parsed match data (rounds, players, statistics, events)
  • Upload timestamp and file metadata

Legal basis: Contract performance (Art. 6(1)(b) GDPR) - providing the analysis service you requested.

Important: By uploading replay files, you grant us the right to use this data for service improvement, analytics, and public aggregated statistics. See our Terms of Service for details on data usage rights.

3.3 Usage and Log Data

We automatically collect technical and usage information:

  • IP address (pseudonymized)
  • Browser type and version
  • Operating system
  • Pages visited and interaction data
  • Date and time of access
  • Error logs and performance metrics

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) - ensuring system security, stability, and improving our service.

3.4 Analytics Data (PostHog)

We use PostHog (EU cloud) for product analytics and user behavior analysis:

  • User interactions and feature usage
  • Session recordings (if enabled)
  • Custom events (uploads, errors, feedback)
  • Technical device information

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) - understanding user behavior to improve our service.

Data location: PostHog EU Cloud (GDPR-compliant, servers in the European Union).

4. How We Use Your Data

We process your personal data for the following purposes:

  • Service provision: Account management, replay file analysis, displaying results
  • Service improvement: Analyzing usage patterns, identifying bugs, developing new features
  • Security: Detecting and preventing abuse, fraud, and security incidents
  • Communication: Responding to support requests and service notifications
  • Aggregated analytics: Creating public statistics from replay data (anonymized)

5. Data Storage and Retention

Storage location: All data is stored exclusively on servers located in Germany. We use self-hosted infrastructure to maintain full control over your data.

Retention periods:

  • Account data: Until you request account deletion
  • Replay files: Until you delete them or request account deletion
  • Log data: 90 days for security and debugging purposes
  • Analytics data: Retained in PostHog according to their EU retention policies

After deletion requests, we remove personal identifiers but may retain aggregated, anonymized statistics for service improvement.

6. Data Sharing and Third Parties

We do not sell your personal data to third parties. We only share data with:

  • PostHog (EU Cloud): Analytics and product insights. PostHog is GDPR-compliant and processes data within the EU. PostHog Privacy Policy
  • Infrastructure providers: Our hosting provider in Germany (for server infrastructure)

All third-party processors are contractually bound to comply with GDPR requirements through Data Processing Agreements (DPAs).

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR): Request a copy of your data
  • Right to rectification (Art. 16 GDPR): Correct inaccurate data
  • Right to erasure (Art. 17 GDPR): Request deletion of your data
  • Right to restriction (Art. 18 GDPR): Limit how we process your data
  • Right to data portability (Art. 20 GDPR): Receive your data in a machine-readable format
  • Right to object (Art. 21 GDPR): Object to processing based on legitimate interest
  • Right to withdraw consent (Art. 7(3) GDPR): Withdraw consent at any time

To exercise any of these rights, please contact us at: contact@r6-replay.com

We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. Account and Data Deletion

You can request complete deletion of your account and associated personal data by sending an email to contact@r6-replay.com.

Upon deletion request, we will:

  • Delete your account and authentication credentials
  • Remove your personal information (name, email, user metadata)
  • Delete uploaded replay files and associated match data
  • Remove personally identifiable information from logs

Aggregated, anonymized statistics derived from your replay files may be retained for service improvement and public analytics, as agreed in the Terms of Service.

9. Cookies and Local Storage

We use the following browser storage mechanisms:

  • Essential cookies: Session management and authentication (required for service operation)
  • Analytics cookies: PostHog tracking for usage analysis (can be blocked via browser settings)
  • Preference cookies: Theme selection and UI preferences

You can control cookie usage through your browser settings. Note that blocking essential cookies may limit service functionality.

10. Security Measures

We implement appropriate technical and organizational measures to protect your data:

  • Encrypted data transmission (HTTPS/TLS)
  • Secure password hashing (bcrypt/scrypt)
  • Regular security updates and monitoring
  • Access controls and authentication
  • Isolated microservices architecture
  • Regular backups with encryption

However, no internet transmission is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Children's Privacy

This service is intended for players of Rainbow Six Siege who meet the game's age requirements (typically 16+ or 18+ depending on region). We do not knowingly collect data from children under the legal age to play Rainbow Six Siege.

If you believe a child has provided us with personal data without proper consent, please contact us immediately.

12. International Data Transfers

All personal data is stored and processed exclusively within Germany and the European Union. We do not transfer personal data outside the EU/EEA.

13. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify users of significant changes via email or prominent notice on the website.

Continued use of the service after policy updates constitutes acceptance of the revised policy.

14. Contact Us

If you have questions about this privacy policy or our data practices, please contact:

Patrick Wegner
Email: contact@r6-replay.com
Address: Am Campus 2, 48565 Steinfurt, Germany