Admin & Privacy
The accountability surface for v10r.dev — who collects what, why it's lawful, how long it's kept, and how to exercise your rights.
What we collect, and why it's lawful.
Four categories. The first applies to every visitor; the others only kick in when you explicitly opt in,
send feedback, or sign in. Every field below is sourced from the actual database schema in src/lib/server/db/schema/.
Pre-consent visit (default)
Every public page request, before you click anything on the cookie banner.
Art. 6(1)(f) Legitimate interest
| Field | Type | Example / note |
|---|---|---|
visitor_id | sha256(ip + user-agent) | v_a3f29c81d6e4b5f0 Hashed at request time. Raw IP is never written to the database. |
path | string | /showcases Pathname only. Query strings are dropped. |
timestamp | timestamptz | 2026-05-01 14:21:08+00 |
country | iso-2 (coarse) | DE From CDN edge headers; never the city or region. |
referrer | origin only | https://google.com Stripped to scheme + host. No path, no query. |
- Pre-consent traffic exists so the site can count visits and detect abuse — that is the legitimate interest.
- Device, browser, and full referrer fields are NULL until you give analytics consent.
- Bot and prefetch requests are filtered out before any row is written.
After "Accept all" or "Customize → Analytics"
Only after you actively grant analytics consent via the cookie banner.
Art. 6(1)(a) Consent
| Field | Type | Example / note |
|---|---|---|
all of the above | — | Pre-consent fields continue to apply. |
device | enum | desktop / mobile / tablet |
browser | string | Chrome 130 |
referrer (full) | string | https://news.ycombinator.com/item?id=... The full URL replaces the origin-only version. |
session_id | cookie _v10r_sid | s_b9a72c0f Lets us reconstruct the page-by-page journey. |
journey events | page transitions | Sent via sendBeacon on tab close. Deduplicated by event_id. |
- Consent is recorded with timestamp, IP-hash, and the exact tier — kept for 13 months as Art. 7(1) demonstrability.
- You can withdraw consent at any time through the banner; the SID cookie is cleared and journey collection stops on the next request.
Feedback you submit
Only when you fill in and submit the /feedback form.
Art. 6(1)(f) Legitimate interest (responding)
| Field | Type | Example / note |
|---|---|---|
subject | string (3–120) | Bug on the chat page |
body | string (10–4000) | … |
rating | smallint 1–5 (optional) | |
contact_email | email (optional) | Only if you provide one for follow-up. |
page_of_origin | string | /showcases/ai/chat |
session_id | string (nullable) | Set only if you had analytics consent at submit time. Lets the operator see which pages you visited before the message. |
- Honeypot + minimum-fill-time + rate limit reject obvious bots before storage.
- Feedback is kept until you ask to have it removed — there is no automatic expiry. Email the controller to delete a specific submission.
Account data (if you sign in)
Only if you create or use an account on the protected /app surface.
Art. 6(1)(b) Performance of contract
| Field | Type | Example / note |
|---|---|---|
email | string | Used to identify you and reach you for account events. |
password | argon2 hash | Plaintext is never written to disk. |
session_token | opaque, http-only cookie | Better Auth manages rotation and expiry. |
audit trail | login / logout / password change | Stored to support security investigations under Art. 32. |
- Account creation is optional — you can use the public site without ever signing in.