Privacy Policy

Data Controller

IMIO Labs e.U.

Heckenweg 18

4813 Altmünster

Österreich

Email:

1. Overview

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

2. Notice for Minors

Our platform is intended for users aged 14 and older. If you are under 14 years old, you require the consent of your parent or legal guardian to use our services and for the processing of your personal data in accordance with Art. 8 GDPR. By using our services, you confirm that you are either at least 14 years old or have obtained the required consent from your parent or legal guardian.

3. Data Collection

When you use our website, certain data is automatically collected:

Types of data collected:

• Account information (display name, email address) when creating an account • Public profile information (display name, bio, profile picture if provided) • User-generated content (uploaded math problems, submitted solutions, comments) • Usage data (viewed problems, solved problems, time spent, performance metrics, solution attempts, failed attempts) • Social interactions (friend lists, friend requests) • Technical data (IP address, browser type, operating system, access times)

4. Publicly Visible Data

Please note: The following data is publicly visible to all website visitors:

• Your display name • Your bio (if filled out) • Your statistics and performance metrics • Math problems you have uploaded • Your solutions to problems • Your comments • Your position on the leaderboard Your email address is not publicly visible and will not be shared with other users.

5. Legal Basis for Processing

We process your personal data based on the following legal grounds under Art. 6 GDPR:

• Art. 6(1)(b) GDPR (Contract performance): Processing to provide our services, account management, authentication • Art. 6(1)(f) GDPR (Legitimate interest): Processing to ensure security, prevent fraud and abuse, improve our services • Art. 6(1)(a) GDPR (Consent): Processing of optional profile information (bio), newsletter (if activated)

6. Cookies and Tracking

Our website uses only technically necessary cookies to ensure functionality. These include: • Session cookies for authentication (deleted after logout) • Cookies to store your language preference We do not use analytics cookies or third-party tracking technologies. You can configure your browser to reject cookies, but this may limit the functionality of the website.

7. Third-Party Services and Data Recipients

We use the following third-party services and share data with the following recipients:

• Google OAuth (for authentication) - Google Ireland Limited, Ireland (EU) • GitHub OAuth (for authentication) - GitHub Inc., USA - data transfer based on Standard Contractual Clauses • Mailjet (email delivery for account confirmation and password reset) - Sinch Mailjet SAS, France / Sinch Inc., USA - data transfer based on Standard Contractual Clauses and EU-US Data Privacy Framework • Hetzner Online GmbH (hosting) - Germany (EU) All third-party providers are contractually obligated to treat your data confidentially and use it only for the agreed purposes.

8. Purpose of Data Processing

We use your data for the following purposes:

• Providing and improving our services • User authentication and account management • Tracking your progress and statistics • Enabling social interactions (friendships, leaderboard) • Communicating with you about your account (account confirmation, password reset) • Ensuring security and preventing fraud and abuse • Storing and analyzing solution attempts to improve the learning platform

9. Data Storage and Deletion

We store your personal data as long as your account is active. Upon deletion of your account, your personal data (email address, IP addresses, authentication data) will be deleted immediately, no later than within 30 days, unless legal retention obligations exist. Public content you have created (uploaded math problems, solutions, comments) will be anonymized and your account will be displayed as "Deleted User" to preserve the integrity of the platform. Upon request, this content can also be completely deleted.

10. Data Security

We implement technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security measures include: • SSL/TLS encryption for data transmission • Secure password hashing procedures • Regular security updates • Access restrictions to personal data • Server hosting in secure data centers in the EU (Hetzner, Germany) • Regular backups Our security measures are continuously improved in line with technological developments.

11. Your Rights

Under the GDPR, you have the following rights:

• Right to access your stored personal data (Art. 15 GDPR) • Right to rectification of inaccurate data (Art. 16 GDPR) • Right to erasure ("right to be forgotten", Art. 17 GDPR) • Right to restriction of processing (Art. 18 GDPR) • Right to data portability (Art. 20 GDPR) • Right to object to processing (Art. 21 GDPR) • Right to withdraw consent (Art. 7(3) GDPR) • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR) To exercise your rights or if you have questions, please contact us by email. Account deletion can be requested via email.

12. Supervisory Authority

You have the right to lodge a complaint with the competent data protection supervisory authority:

Austrian Data Protection Authority Barichgasse 40-42 1030 Vienna Austria Phone: +43 1 52 152-0 Email: dsb@dsb.gv.at Website: www.dsb.gv.at

13. Contact

For questions about data protection, to exercise your rights, or to request account deletion, please contact us at:

IMIO Labs e.U.

Email:

14. Changes to this Privacy Policy

We reserve the right to amend this privacy policy to adapt it to changed legal situations or changes to our services. The current version can always be found on this page.

Last updated: February 2026