WeKeKeWeKeKe
Privacy
Back to WeKeKe
Privacy

Privacy Policy

How WeKeKe collects, stores, protects, and responds to requests about personal data across authentication, account security, analytics, and support.

Last Updated: January 31, 2026WeKeKe public operations
Primary contact
wekekeprivacy@gmail.com
Primary jurisdiction
Germany / EU / EEA
Operating principle
Minimal identity collection for account access, security, and lawful operation.

Language availability: This legal page is currently maintained in English. Localized versions are in progress.

Applicable to EU/EEA Residents: This policy complies with the General Data Protection Regulation (GDPR) and ePrivacy Directive. If you are a resident of the EU/EEA, the rights described in Section 5 apply to you.

1. Data Controller Information

Company Name: WeKeKe

Email: wekekeprivacy@gmail.com

Address: Raffineriestraße 46, 06112, Halle (Saale), Germany

Data Protection Officer: wekekeprivacy@gmail.com

2. What Personal Data Do We Collect?

When you sign in with Google (FedCM)

When you authenticate through FedCM, we collect:

  • Email address (your Google account email)
  • Full name (from your Google profile)
  • Profile picture URL (optional, if available)
  • Google account unique identifier (sub claim)

Automatically collected information

  • IP address (for security and abuse prevention)
  • Device type and browser information
  • Pages visited and features used (analytics)
  • Login timestamps and authentication events

Legal basis for collection

Lawful basis under GDPR Article 6:

  • Consent: You explicitly consent by clicking "Sign in with Google" and accepting the FedCM dialog.
  • Legitimate interest: Preventing fraud, maintaining account security, and improving service quality.
  • Necessity: Data required to create and manage your account.

3. How We Use Your Data

  • Account creation and management: Create your account, manage login credentials, and recover access.
  • Security: Prevent fraud, detect unauthorized access, and maintain system security.
  • Communication: Send critical account notifications, security alerts, and password resets.
  • Legal compliance: Comply with tax, employment, and legal obligations.
  • Analytics with consent: Understand how you use our service to improve features.

What we do not do

  • We do not sell or trade your data to third parties.
  • We do not use your data for targeted advertising.
  • We do not share your data with marketing partners.
  • We do not use your data for price discrimination.
  • We do not track you across other websites when using FedCM.

4. Google Integration and Data Sharing

FedCM (Federated Credential Management)

When you sign in with Google, we use the browser's FedCM API for a privacy-preserving authentication experience.

  • Privacy-first: Google does not track you across websites when using FedCM.
  • No third-party cookies: FedCM explicitly blocks cross-site cookie tracking.
  • Explicit consent: Each login requires your manual approval in the FedCM dialog.
  • Minimal data: Only essential identity information is shared.

Data shared with Google

Your use of Google Sign-In is governed by Google's Privacy Policy. We share only the minimum data necessary for authentication. Google processes your data according to its own privacy practices.

5. Your Rights (GDPR Articles 12-22)

If you are a resident of the EU or EEA, you have the following rights regarding your personal data.

Right of access (Article 15)

Request a copy of all personal data we hold about you in a machine-readable format.

Right of rectification (Article 16)

Request correction of inaccurate or incomplete data.

Right to erasure (Article 17)

Request deletion of your data, except where we have a legal obligation to retain it.

Right to restrict processing (Article 18)

Request that we limit how we use your data while you dispute accuracy or legal basis.

Right to data portability (Article 20)

Receive your data in a structured, machine-readable format and transfer it elsewhere.

Right to object (Article 21)

Object to processing for marketing, analytics, or other legitimate interests.

How to exercise your rights

Email wekekeprivacy@gmail.com with the subject line "GDPR Request: [Type of Request]" and include:

  • Your full name and email address
  • Type of request (access, rectification, erasure, and so on)
  • Specific data you are requesting
  • Copy of ID verification (for example, the last 4 digits of an ID number)

Response time: We respond within 30 days, extendable to 90 days for complex requests.

6. Data Retention

  • Account data: Retained while your account is active.
  • After account deletion: Permanently deleted within 30 days, with a 30-day recovery window if applicable.
  • Backup data: Retained for up to 90 days for disaster recovery, then purged.
  • Security logs: Retained for 90 days for fraud detection and abuse prevention.
  • Analytics: Aggregated data without personal identifiers retained for 12 months.
  • Legal holds: Data may be retained longer where law requires it.

7. International Data Transfers

Transfers outside the EU / EEA

If we transfer your data outside the EU or EEA, including to cloud infrastructure, we use Standard Contractual Clauses approved by the European Commission to help ensure GDPR compliance.

Google transfers

Google has certified its adequacy under the EU-US Data Privacy Framework. Your data may be transferred to US-based servers when using Google Sign-In.

8. Security Measures

  • HTTPS encryption: All data in transit is encrypted with TLS 1.3.
  • Password hashing: Passwords are hashed with bcrypt and are not stored in plaintext.
  • Token security: Authentication tokens are encrypted and stored securely.
  • Database encryption: Data at rest is encrypted using AES-256.
  • Access controls: Role-based access control limits who can access data.
  • Audit logs: All data access is logged and monitored.
  • Regular security audits: Third-party security assessments are conducted annually.
  • Incident response: 72-hour breach notification where GDPR requires it.

9. Cookies and Local Storage

Essential cookies (no consent required)

  • Authentication token: Keeps you logged in and expires after 30 days of inactivity.
  • CSRF token: Prevents cross-site request forgery attacks.
  • Session ID: Tracks your current session.

Non-essential cookies (requires consent)

  • Analytics cookies: Analytics tooling in anonymized form, where enabled.
  • Preference cookies: Theme or display preferences.

FedCM and cookies

FedCM explicitly prevents third-party cookies and cross-site tracking. Even when Google sets first-party cookies for its own services, those cookies are not available for cross-site tracking through FedCM.

How to control cookies

You can control cookies in your browser settings. Disabling essential cookies may prevent login functionality. Non-essential cookies can be disabled without affecting core features.

10. Third-Party Services

We use the following third-party services, each with its own privacy practices:

We are not responsible for the privacy practices of third-party services. Review their policies before use.

11. Data Breaches and Incident Response

GDPR Article 33: If we discover a personal data breach, we will:

  1. Notify affected users within 72 hours of discovery where required.
  2. Notify the relevant supervisory authority.
  3. Provide clear information about what data was compromised.
  4. Recommend protective measures where appropriate.

In Germany, breaches may be reported to the German Federal Data Protection Commissioner (BfDI) or the relevant regional data protection authority.

12. EU Data Protection Authorities

If you believe your rights have been violated or you want to file a complaint, you can contact your national data protection authority.

Complaints are free and you do not need a lawyer to submit one.

13. Changes to This Policy

We may update this Privacy Policy at any time. Material changes will be communicated by email or by prominent notice on our website. Your continued use of the service constitutes acceptance of the updated policy.

14. Contact and Support

Questions about this Privacy Policy?

We respond to general privacy inquiries within 10 business days.

By using our service, you consent to this Privacy Policy. Last updated January 31, 2026. Version 1.0.