Privacy Policy

Last updated: January 29, 2026

1. Data Controller (Verantwortlicher)

The data controller responsible for this website pursuant to Article 4(7) GDPR is:

CASE.DE GMBH
Wittestr. 60
53225 Bonn
Germany

Email: privacy@randomify.de
Website: https://randomify.de

2. Overview of Data Processing

This privacy policy explains how we collect, use, and protect your personal data when you use Randomify. We process personal data only in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

Types of data processed:

  • Account data (name, email address)
  • Social media connection data (Facebook/Instagram Page IDs, usernames)
  • Giveaway data (post information, participant data from comments)
  • Payment data (processed by Stripe; we do not store card details)
  • Usage data (IP address, browser type, access times)
  • Cookies and similar technologies

3. Legal Basis for Processing (Art. 6 GDPR)

We process your personal data based on the following legal grounds:

  • Contract performance (Art. 6(1)(b) GDPR): Processing necessary for providing our services, including account management and giveaway functionality.
  • Consent (Art. 6(1)(a) GDPR): When you connect your Facebook/Instagram account, you explicitly consent to the processing of your social media data.
  • Legitimate interests (Art. 6(1)(f) GDPR): For security purposes, fraud prevention, and improving our services.
  • Legal obligation (Art. 6(1)(c) GDPR): Where required by law, such as tax retention requirements.

4. Data Collection and Purpose

4.1 Account Registration

When you create an account, we collect your email address and optional name. This data is used to authenticate you, provide our services, and communicate with you about your account.

Retention: Until account deletion or 3 years after last activity.

4.2 Facebook/Instagram Connection

When you connect your Facebook account, we receive and store:

  • Your Facebook User ID and Page IDs
  • Page names and Instagram Business Account information
  • An encrypted access token (to fetch comments on your behalf)

We use this data solely to fetch comments from your posts for giveaway purposes. We do NOT access your private messages, friend lists, or post on your behalf.

Retention: Until you disconnect the account or delete your Randomify account.

4.3 Giveaway Participant Data

When you create a giveaway, we collect public comment data from your Facebook/Instagram posts, including:

  • Comment author IDs and display names
  • Comment timestamps

This data is used to determine eligible participants and select winners. Comment content is NOT stored.

Retention: Until the giveaway is deleted or 12 months after completion.

4.4 Payment Processing

When you subscribe to a paid plan, payment processing is handled by Stripe, Inc. We do NOT store your credit card number, CVV, or full card details on our servers. We only store:

  • Stripe Customer ID (to manage your subscription)
  • Subscription status and plan type
  • Billing period dates

Stripe processes your payment data in accordance with PCI-DSS standards. For more information, see Stripe's Privacy Policy.

Legal basis: Contract performance (Art. 6(1)(b) GDPR).

Retention: Until subscription ends + 7 years for tax/legal requirements.

4.5 Server Logs

Our servers automatically collect technical data including IP addresses, browser type, operating system, referring URLs, and access timestamps. This is necessary for security and troubleshooting.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR).

Retention: 30 days.

5. Cookies and Tracking

We use the following types of cookies:

  • Essential cookies: Required for authentication and security. These cannot be disabled.
  • Preference cookies: Store your settings (e.g., dark/light mode).

We do NOT use third-party analytics or advertising cookies. We do NOT track you across other websites.

6. Data Sharing and Third Parties

We do NOT sell your personal data. We may share data with:

  • Hosting providers: Our servers are hosted within the EU (Germany/Netherlands) by providers with appropriate data processing agreements.
  • Meta Platforms, Inc.: When you connect Facebook/Instagram, data is exchanged via Meta's APIs. Meta's privacy policy applies to data on their platform.
  • Stripe, Inc.: When you subscribe to a paid plan, payment data is processed by Stripe. Stripe is PCI-DSS Level 1 certified. See Stripe's Privacy Policy.

International transfers: Meta and Stripe are based in the USA. Data transfers are covered by their Data Processing Terms and Standard Contractual Clauses (SCCs).

7. Your Rights Under GDPR

Under the GDPR, you have the following rights:

  • Right of access (Art. 15): Request a copy of your personal data.
  • Right to rectification (Art. 16): Correct inaccurate data.
  • Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten").
  • Right to restriction (Art. 18): Limit how we process your data.
  • Right to data portability (Art. 20): Receive your data in a machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interests.
  • Right to withdraw consent (Art. 7(3)): Withdraw consent at any time (e.g., disconnect Facebook).

To exercise any of these rights, contact us at privacy@randomify.de. We will respond within 30 days.

8. Right to Lodge a Complaint

If you believe we have violated your data protection rights, you have the right to lodge a complaint with a supervisory authority. The competent authority for us is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestraße 2-4
40213 Düsseldorf
Germany
Website: www.ldi.nrw.de

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • TLS/SSL encryption for all data in transit
  • Encryption of sensitive data at rest (e.g., Facebook access tokens)
  • Regular security updates and monitoring
  • Access controls and authentication requirements
  • Servers located in the European Union

10. Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy, or as required by law. When data is no longer needed, it is securely deleted. Specific retention periods are noted in Section 4 above.

11. Minors

Randomify is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@randomify.de.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Contact

For questions about this privacy policy or to exercise your data protection rights, please contact us:

CASE.DE GMBH
Data Protection
Wittestr. 60
53225 Bonn
Germany

Email: privacy@randomify.de