Sign in

Privacy Policy

Share

paddedroom.art

Last updated: 2 June 2026
---

Governing Language

These terms are provided in English. English is the controlling language for all purposes. If you are unable to read these terms in English, you should seek assistance before creating an account.

Who is the data controller


The data controller for paddedroom.art is the site operator (currently: Padded Room Art), reachable at compliance@paddedroom.art. The server is located in the Netherlands and this site operates under the EU General Data Protection Regulation (GDPR) and Dutch data protection law.

What data we collect and why

Account registration


When you register for a Free Tier account, we collect:

  • Your email address (used to send you a login link each time you sign in, and to notify you of changes to these terms or this policy)
  • A display name of your choosing
    Legal basis: Performance of a contract (Article 6(1)(b) GDPR). We cannot provide an account without a working email address.

Server and access logs


Our server logs HTTP requests made to this site. A log entry typically includes your IP address, the URL you requested, the HTTP status code returned, your browser's user-agent string, and a timestamp.
Legal basis: Legitimate interests (Article 6(1)(f) GDPR). These logs are necessary for diagnosing errors, detecting abuse, and maintaining the security of the site.
Log data is retained for 30 days and then deleted automatically.

Analytics


We collect anonymized usage data (page views, navigation paths, and general traffic patterns) to understand how the site is used. This data does not identify individual users.
Legal basis: Legitimate interests (Article 6(1)(f) GDPR), subject to your cookie consent where applicable.

What we do not collect


We do not collect payment card data (no paid tiers are active at this time). We do not use advertising tracking, social media pixels, or cross-site tracking of any kind. We do not sell personal data.

Data processors


We use the following third-party services to operate the site. Each has access only to the data necessary for their function and is contractually bound to handle it in accordance with the GDPR.

Zomro B.V.
Role: Virtual private server hosting. All site data, including the database containing registered user accounts, is stored on hardware operated by Zomro in the Netherlands.
Location: Netherlands (EU)
Privacy information: https://zomro.com/privacy-policy

Grafana Labs
Role: Infrastructure monitoring and log aggregation. Server logs (which may include IP addresses) are forwarded to Grafana Cloud for storage, search, and alerting. We use the EU Frankfurt region.
Location: EU (Frankfurt)
Privacy information: https://grafana.com/legal/privacy-policy/

Tinybird
Role: Analytics data pipeline. Anonymised traffic event data is sent to Tinybird for aggregation and reporting.
Location: EU
Privacy information: https://www.tinybird.co/privacy

Namecheap, Inc.
Role: Domain name registrar and DNS. Namecheap resolves paddedroom.art to our server's IP address. DNS queries do not contain personal data beyond the IP address of the resolver making the request.Location: United States (standard contractual clauses apply for EU transfers)
Privacy information: https://www.namecheap.com/legal/general/privacy-policy/

StatusCake
Role: Uptime monitoring. StatusCake sends periodic HTTP requests to paddedroom.art to verify the site is reachable. It does not receive or process any user personal data.
Location: United Kingdom
Privacy information: https://www.statuscake.com/privacy-policy/

Self-hosted components


Email delivery (Postfix) and workflow automation (Activepieces) run on our own server within the Zomro-hosted environment. These are not third-party data processors; they operate under our direct control within infrastructure already covered by the Zomro entry above.

International transfers


Most of our data processing takes place within the EU/EEA. Where a processor is outside the EU (Namecheap, StatusCake), we rely on standard contractual clauses or adequacy decisions as the transfer mechanism. Details are available on request at compliance@paddedroom.art.

Your rights under the GDPR


You have the right to:

  • Access the personal data we hold about you
  • Rectification of inaccurate data
  • Erasure ("right to be forgotten") of your personal data, subject to any legal retention obligations
  • Restriction of processing in certain circumstances
  • Data portability of data you provided to us in machine-readable format
  • Object to processing based on legitimate interests

To exercise any of these rights, email compliance@paddedroom.art. We will respond within 30 days. We may ask you to confirm your identity before acting on a request.

Right to erasure: what happens when you request deletion


When you request deletion of your account:
1. Your account is removed from the Ghost CMS database within 7 days.
2. Your email address is removed from our email delivery records within 7 days.
3. Your IP address may remain in server logs for the remainder of the 30-day log retention window before automatic deletion.
4. Anonymized analytics data (which cannot identify you) is not deleted, as it contains no personal data.

Cookies


This site uses cookies to keep you signed in after you authenticate with a login link. These cookies are strictly necessary for the site to function and do not require your consent under the ePrivacy Directive.
If we introduce analytics cookies or any non-essential cookies in the future, we will ask for your consent before setting them, via a cookie consent banner.

Data retention summary

Data type Retention period
Registered account (email, display name) Until you request deletion
Server access logs 30 days, then automatically deleted
Analytics events Retained in aggregated form; raw events deleted after 90 days

Right to complain


If you believe we have handled your personal data unlawfully, you have the right to lodge a complaint with a supervisory authority. Because our server is in the Netherlands, the lead supervisory authority is:
Autoriteit Persoonsgegevens (Dutch Data Protection Authority)
https://www.autoriteitpersoonsgegevens.nl/en
+31 70 888 8500
You may also complain to the data protection authority in your country of residence.

Changes to this policy


We distinguish between material and non-material changes.

Non-material changes: correcting links, rephrasing for clarity, updating a processor's privacy policy URL, these will be reflected by updating the "Last updated" date at the top of this page. No email notification will be sent for updates of this nature.

Material changes: adding a new data processor, collecting a new category of personal data, changing the legal basis for any processing activity, or altering your rights in any way; notifications shall be sent to registered users by email before the changes take effect. We will give at least 14 days' notice before a material change becomes effective.

We send these notifications on the basis of our legitimate interests under Article 6(1)(f) GDPR. We have a legitimate interest in ensuring that registered users hold accurate information about how their personal data is processed and what rights they have. Sending a notification email is the most reliable way to fulfil that interest, and it is not overridden by the interests of users, who benefit from receiving it.

If you object to a material change, you may request deletion of your account by contacting compliance@paddedroom.art before the change takes effect.