BRD

Legal

Privacy Statement

Last updated: May 16, 2026

Who Runs This Website

BadRooki is a personal website for blog posts, developer tools, and comments. The website is run from the Netherlands. You can contact me at [email protected].

Data I Try Not To Collect

I do not want this website to collect more personal data than it needs. For user accounts, I use OAuth login providers instead of passwords. This website does not store your email address, phone number, password, or payment details for account login.

Data Processed By This Website

  • OAuth account data: the provider name, the provider user ID, and a generated username. This is needed so you can log in again.
  • Profile data: your username and the account settings shown in your profile.
  • Comments and likes: comments you post, comment metadata such as timestamps, reply relationships, and likes.
  • Contact requests: if you use the contact form, the email address, subject, and message you submit are stored so I can respond.
  • Technical and anti-abuse data: IP address, user agent, request timing, rate-limit counters, session cookies, CSRF tokens, and similar technical data may be processed to keep the website working and reduce spam.
  • Tool storage data: some tools may use server storage only when needed for the tool to function, for example to share or retrieve a saved tool result. Technical limits may use IP-based checks to prevent abuse.

Why This Data Is Used

  • To let you log in with an OAuth provider and keep your account separate from others.
  • To let authenticated users post, view, reply to, like, and remove comments.
  • To let you delete your account and remove or redact your comments.
  • To operate contact requests when you choose to send one.
  • To protect the website from spam, abuse, automated requests, and technical misuse.
  • To keep the website secure, debug problems, and maintain normal server operation.

Legal Basis

The main legal bases are performance of the service you request, legitimate interests in running and protecting the website, and consent where a feature specifically asks for it. Contact form data is processed so I can respond to the message you chose to send.

OAuth Providers

If you log in with GitHub, GitLab, Bitbucket, Google, Microsoft, or another OAuth provider, you are redirected to that provider. Their own privacy rules apply to their login page and account systems. After login, this website stores only the provider identity needed to recognize your account here.

Cookies And Sessions

This website uses functional cookies and session storage for login sessions, security, CSRF protection, and normal website operation. These are not used to build advertising profiles.

Retention

Account data is kept while your account exists. Comments are kept until you remove them, delete your account, or moderation requires action. If a comment has replies, it may be redacted instead of fully removed so the conversation remains understandable. Contact requests are kept only as long as reasonably needed to handle the request and maintain a useful record. Technical logs and anti-abuse data are kept only as long as needed for security, troubleshooting, and abuse prevention.

Your Choices And Rights

  • You can delete your own comments from your profile.
  • You can delete your account from your profile.
  • You can ask for access, deletion, restriction, or a copy of your personal data.
  • You can object to processing where the law gives you that right.
  • You can contact the Dutch data protection authority, the Autoriteit Persoonsgegevens, if you believe your privacy rights are not respected.

Sharing Data

I do not sell user data. Data is shared only where necessary to run the website, such as hosting, email delivery, OAuth login providers, security tooling, or where required by law.

Changes

I may update this statement when the website changes. The date at the top shows when this page was last updated.