Privacy Policy
Last updated: 2026-02-27
1. Data Controller
LottoLab operates the website lottolab.online. For contact details, see our Legal Notice (Impressum).
2. Data We Collect
| Data Type | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Email, display name | Account creation, authentication | Contract (Art. 6(1)(b)) |
| Password (hashed) | Authentication | Contract |
| IP address | Rate limiting, security | Legitimate interest (Art. 6(1)(f)) |
| Generated combinations | Generation history | Contract |
| Analytics (GA4) | Service improvement | Consent (Art. 6(1)(a)) |
3. Cookies
- Essential: Session ID, language preference, cookie consent.
- Analytics: Google Analytics 4 โ only with explicit consent.
4. Data Retention
- Account data: until account deletion.
- Login attempt logs: 30 days.
5. Your Rights (GDPR)
You have the right to: access, rectify, erase, restrict, port, and object to processing of your data.
6. Data Security
We use HTTPS, bcrypt password hashing, CSRF protection, and rate limiting.
7. Third Parties
- Google Analytics 4: Anonymized usage data (consent only). We do not sell personal data.
8. Children
The Service is not intended for persons under 18.