Privacy Policy

1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any information that can be used to identify you personally. Detailed information on data protection can be found in this Privacy Policy.

Data Collection on This Website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find the operator's contact details in the section "Information about the controller" in this Privacy Policy.

How do we collect your data?
Some data is collected when you provide it to us. This may include data you enter when signing in with GitHub.

Other data is collected automatically by our server systems when you visit the website. This is limited to technical data that your browser automatically transmits, such as browser type, operating system, access time, and referrer URL. This collection is purely server-side. We do not use client-side tracking scripts, analytics cookies, or visitor IDs.

What do we use your data for?
Some data is collected to ensure the website is provided without errors. Server-side access data is used in aggregated form to understand website usage. If you use dev-drill, we process your exercise results and training progress to generate personalized AI-supported exercises. dev-drill does not analyze your GitHub commits, pull requests, or code reviews.

What rights do you have regarding your data?
You have the right at any time to receive information free of charge about the origin, recipients, and purpose of your stored personal data. You also have the right to request correction or deletion of this data. If you have given consent to data processing, you may revoke that consent at any time for the future. You also have the right, in certain circumstances, to request restriction of the processing of your personal data. In addition, you have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time if you have questions about data protection or your rights.

2. Hosting

We host the content of our website with the following provider:

Vercel

This website is hosted by Vercel Inc. Personal data collected on this website may be stored on Vercel's servers. This may include IP addresses, metadata, communication data, and website access information.

External hosting is used for the purpose of fulfilling contracts with our prospective and existing customers (Article 6(1)(b) GDPR) and in the interest of secure, fast, and efficient provision of our online services by a professional provider (Article 6(1)(f) GDPR).

3. General Information and Mandatory Disclosures

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this Privacy Policy.

When you use this website, various items of personal data are collected. Personal data is data that can be used to identify you personally. This Privacy Policy explains what data we collect, what we use it for, and how and why that happens.

Please note that data transmission over the internet, for example when communicating by email, may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Information about the Controller

The controller responsible for data processing on this website is:

Sebastian Sigl
Roquettestr. 34
01157 Dresden
Germany

Email: hello@dev-drill.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

Storage Duration

Unless a more specific storage period is stated in this Privacy Policy, your personal data will remain with us until the purpose for processing no longer applies. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible grounds for retaining it, for example retention obligations under tax or commercial law.

Legal Bases for Processing

If you have consented to data processing, we process your personal data on the basis of Article 6(1)(a) GDPR and, where special categories of personal data are concerned, Article 9(2)(a) GDPR. If your data is required for the performance of a contract or for pre-contractual measures, we process it on the basis of Article 6(1)(b) GDPR. We also process data where this is necessary to fulfill a legal obligation under Article 6(1)(c) GDPR. Processing may also take place on the basis of our legitimate interests under Article 6(1)(f) GDPR.

Withdrawal of Consent

Many data processing operations are only possible with your express consent. You may revoke previously granted consent at any time. The lawfulness of the processing carried out before the revocation remains unaffected.

Right to Object under Article 21 GDPR

Where processing is based on Article 6(1)(e) or (f) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data. This also applies to any profiling based on those provisions. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

Right to Lodge a Complaint

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged violation.

Competent supervisory authority:
Saxon Data Protection and Transparency Commissioner
Devrientstraße 5
01067 Dresden

Right to Data Portability

You have the right to receive data that we process automatically on the basis of your consent or in fulfillment of a contract in a commonly used, machine-readable format, either for yourself or for a third party. If you request direct transfer to another controller, this will only take place where technically feasible.

Access, Rectification, and Erasure

Within the scope of the applicable legal provisions, you have the right at any time to obtain information free of charge about your stored personal data, its origin, recipients, and the purpose of processing, and, where applicable, a right to rectification or erasure of this data. You may contact us at any time with questions about this or any other issue relating to personal data.

Right to Restriction of Processing

You have the right to request restriction of the processing of your personal data.

• If you contest the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request restriction of the processing of your personal data.
• If the processing of your personal data is unlawful, you may request restriction of processing instead of erasure.
• If we no longer need your personal data, but you require it for the establishment, exercise, or defense of legal claims, you may request restriction of processing instead of erasure.
• If you have objected under Article 21(1) GDPR, a balancing of your interests and ours must be carried out. Until it is determined whose interests prevail, you have the right to request restriction of the processing of your personal data.

SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the browser address line changing from "http://" to "https://" and by the lock icon in your browser bar.

4. Data Collection on This Website

Server-Side Access Data

This website does not use client-side tracking scripts, analytics cookies, or visitor IDs. Website usage analysis is performed exclusively on the server side. On each page request, the server records the requested path, browser type, and referrer URL. This data is not combined with other data sources and does not include individually assigned identifiers.

This data is collected on the basis of Article 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of the website.

Server Log Files

The hosting provider, Vercel, automatically collects and stores information in server log files that your browser transmits automatically. This includes:

• browser type and browser version
• operating system used
• referrer URL
• hostname of the accessing device
• time of the server request
• IP address

This data is not combined with other data sources.

Registration on This Website

You can register on this website via GitHub OAuth in order to use the training service. We use the data collected during registration solely for the purpose of providing the service.

The processing of the data entered during registration takes place for the purpose of fulfilling the contractual relationship established by the registration process (Article 6(1)(b) GDPR).

The data collected during registration is stored by us for as long as you are registered on the website and is then deleted. Statutory retention obligations remain unaffected.

5. External Services

GitHub OAuth

We offer the option to register and sign in on our website using your GitHub account. During registration or sign-in through GitHub, the following data may be transmitted to us and stored:

• GitHub username
• GitHub user ID
• email address, where public or shared
• profile image URL

dev-drill does not analyze your GitHub commits, pull requests, or code reviews. Exercise content is generated with AI based on general engineering knowledge, not on your GitHub code.

The legal basis for this processing is Article 6(1)(a) GDPR, where consent applies, and Article 6(1)(b) GDPR for contract performance.

Further information can be found in GitHub's Privacy Statement: https://docs.github.com/de/site-policy/privacy-policies/github-general-privacy-statement

AI-Generated Content (Amazon Bedrock)

dev-drill uses Amazon Bedrock to generate exercise content. Your exercise results and training progress are used to personalize difficulty and content. This processing is carried out on the basis of Article 6(1)(b) GDPR for contract performance.

6. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy so that it always complies with current legal requirements or reflects changes to our services. The version published on this page applies to your next visit.