Skip to main content
Pragmika
DEEN
Start →

Privacy Policy

Pragmika is a hobby project with a clear privacy stance. This page first explains what we deliberately do NOT collect, followed by the disclosures required under GDPR Article 13.

What we do not collect

  • Your answers never leave your browser, unless you give us explicit permission (opt-in detail snapshot).
  • No IP addresses beyond Vercel's anonymous bot-protection layer.
  • No cross-device identifiers, no tracking cookies.
  • No profile-building across sessions — we don't know who you are, and we don't want to know.
  • No advertising. No affiliate tracking. No re-targeting.

We take privacy seriously enough to say it out loud — not just to satisfy the law. What is collected in addition and on what legal basis is covered in the following mandatory disclosures.

What we collect

Pragmika collects only what is technically necessary or explicitly opted into:

  • Pageviews (anonymous, cookieless) via Vercel Analytics — aggregate counts, no IP identifier, no cross-device tracking. Legal basis: Art. 6 (1)(f) GDPR (legitimate interest — reach measurement without personal reference).
  • Custom event quiz_complete — after test completion: only the assigned persona slug (e.g. „empiriker", „ausgewogener"), NO answers, NO identifier. Purpose: aggregate distribution of thinking styles for threshold calibration. Legal basis: Art. 6 (1)(f) GDPR.
  • Custom event self_id_response — after the self-identification question on the result page ("How close is this to you?"): persona slug + 3-point scale value („sehr_nah" / „teilweise" / „eher_fremd"). Purpose: aggregate validity measurement of the persona descriptions. Legal basis: Art. 6 (1)(f) GDPR.
  • Server logs (Vercel) — technically necessary for infrastructure stability, automatically deleted after 30 days. Legal basis: Art. 6 (1)(f) GDPR.
  • Opt-in detail snapshot — ONLY upon active confirmation on the result page. Transmits your answers anonymously to a Postgres database (Neon) for research-validity analysis. Without a click: no data flow to Neon. Legal basis: Art. 6 (1)(a) GDPR (consent).
  • Chat evidence preservation (trigger case) — if our automated content check flags a request as potentially abusive, we store wording, IP hash, user agent, timestamp, and category. Details in the "Evidence Preservation for Abusive Chat Requests" section below. Legal basis: Art. 6 (1)(f) GDPR.
  • Chat rate limit — to prevent abuse we temporarily store (max. 1 h hourly limit, max. 24 h daily limit) a pseudonymised hash of your IP address (Upstash Redis, EU region). Automatic deletion after expiry. Legal basis: Art. 6 (1)(f) GDPR.

Cookies and local storage

We set no tracking cookies. There is no consent banner — under § 25 (2) TTDSG (German implementation of the ePrivacy Directive) consent is required only for non-essential storage operations.

What we technically require:

  • Paraglide locale cookie (PARAGLIDE_LOCALE) — stores your language preference (DE/EN). Lifetime: 1 year. Purpose: language-selection persistence across page views.
  • localStorage self_id_response — stores your answer to the self-identification question ("How close is this to you?") so you don't have to answer it again on your device. Lifetime: until browser cache is cleared. Never leaves your device.
  • localStorage snapshot_submitted_<persona> — flag that you have already sent the snapshot contribution on your result page (double-submit protection). Lifetime: until browser cache is cleared. Never leaves your device.

These storage operations are classified as "strictly necessary" under § 25 (2) no. 2 TTDSG (the function is unavailable without them or the expected user experience is disrupted). A consent requirement therefore does not apply.

Minimum age

Pragmika is content-wise designed for persons aged 16 years or older. We perform no technical age check because we deliberately do not collect identifiers (see "What we do not collect"). Persons under 16 should only use the test with the consent of their legal guardians (Art. 8 (1) GDPR).

The test addresses political thinking styles, ethical dilemmas, and societal conflicts. The content may be difficult to contextualise for younger users.

Snapshot data processing

When you explicitly click "Yes, contribute anonymously" on the result page, we transfer the following data to our Postgres database (Neon, USA):

  • Your 27 answers (integers 1–7 per question ID)
  • The computed score value + the assigned persona category

We deliberately do not record any identifier:

  • No IP address
  • No user agent
  • No session ID
  • No account reference (there are no accounts)

Consequence: Because no identifier is stored, there is no technical link between you and your contribution in the database. A later mapping and deletion of your contribution is therefore not possible. You are explicitly informed of this fact on the result page before the click.

Legal basis: Art. 6 (1)(a) GDPR (consent). Purpose: research-validity analysis for calibration of the test thresholds.

Without a click: no data flow to Neon.

Retention: indefinitely for research-validity purposes — because no identifier is stored, deletion on a per-person basis is technically not possible. When the research purpose is concluded (e.g. threshold calibration completed), database holdings are deleted collectively.

Processors

Groq, Inc. — 400 Castro Street, Suite 600, Mountain View, CA 94041, USA. Purpose: AI inference for the chat feature on result pages. DPA: https://console.groq.com/docs/legal/customer-data-processing-addendum (effective 2025-10-15). Transfer mechanism: EU SCCs Module 2 (Commission Decision 2021/914), no DPF. EU representative: DP-Dock GmbH, Ballindamm 39, 20095 Hamburg, Germany, groq@gdpr-rep.com. Sub-processor list: https://trust.groq.com/subprocessors.

Vercel Inc. — 440 N Barranca Ave #4133, Covina, CA 91723, USA. Purpose: hosting + bot-protection + server logs + Vercel Analytics (pageviews + custom events, see above). DPA: https://vercel.com/legal/dpa. Transfer mechanism: EU SCCs, additionally DPF-certified.

Neon, Inc. — 209 Havemeyer St., Brooklyn, NY 11211, USA. Purpose: Postgres database for opt-in detail snapshots (only upon active user confirmation on the result page, otherwise no data flow to Neon). DPA: https://neon.tech/legal/dpa. Transfer mechanism: EU SCCs.

Ko-fi Labs Ltd. — United Kingdom. Purpose: optional donations (only if a donation link is activated — pre-launch not active, listed here for completeness). DPA: https://ko-fi.com/manage/privacy. Transfer mechanism: UK-GDPR adequacy decision.

Retention per processor:

  • Groq (chat inference): no persistent storage of your requests at Groq (zero-data-retention request submitted 2026-05-27, reply pending; until then Groq's standard logging policy per DPA applies).
  • Vercel (hosting + analytics): server logs 30 days, Vercel Analytics aggregates retained anonymously without time limit.
  • Neon (snapshot DB): see "Snapshot data processing" section above.
  • Upstash Redis (rate-limit hashes): automatic TTL deletion after 1 h (hourly) and 24 h (daily) respectively.
  • Evidence-preservation data (chat trigger cases): category-specific 3 to 10 years — see "Evidence Preservation for Abusive Chat Requests" section below.

Evidence Preservation for Abusive Chat Requests

Pragmika offers a chat function on the result pages. For normal requests, nothing is stored — neither the wording nor the IP nor any other identifier.

If, however, a request is flagged as potentially abusive by our automated content check (categories per the Llama-Guard taxonomy S1–S13: e.g. threats of violence, instructions for criminal acts, sexualised content involving minors), we store the incident in order to defend ourselves legally and, where necessary, to be able to provide information to law-enforcement authorities.

What we store when a case is triggered:

  • the complete wording of your request and our response
  • a pseudonymised hash of your IP address (SHA-256 with a secret salt; in practice not recoverable to a specific IP without substantial effort)
  • the user-agent string of your browser
  • the timestamp of the incident
  • the triggered category (e.g. "S3 — Sex Crimes")

Purpose: Evidence preservation and legal defence in case Pragmika becomes involved in investigative or civil proceedings due to abusive use.

Legal basis: Art. 6 (1)(f) GDPR (legitimate interest — protection of the operator against claims arising from unlawful use by third parties). A balancing-of-interests assessment has been documented.

Retention (category-specific):

  • Category S3 (sexualised content involving minors): up to 10 years (civil-law statute of limitations plus criminal-law relevance)
  • all other categories (S1, S2, S4–S13): 3 to 5 years (standard limitation period plus evidence-preservation buffer)
  • after expiry: automatic deletion

Special case S4 — Child Sexual Exploitation Material (CSAM): Where there is well-founded suspicion, we report the incident directly to the German Federal Criminal Police Office (BKA). We do not store the content itself, but only the metadata required for the report (IP hash, timestamp, category classification from the automated check). Storing the content would itself be a criminal offence.

No trigger, no record: If your request passes the content check, nothing is stored. Even your IP hash only comes into existence in the trigger case.

Your rights under GDPR

You have the following rights under GDPR Articles 15 ff. against the controller:

  • Access (Art. 15) — which personal data we process relating to you.
  • Rectification (Art. 16) — correction of inaccurate data.
  • Erasure (Art. 17) — "right to be forgotten", insofar as no retention obligation conflicts.
  • Restriction of processing (Art. 18) — temporary halting of processing.
  • Data portability (Art. 20) — structured export of your data.
  • Objection (Art. 21) — against processing on the basis of legitimate interests.

Note: Since Pragmika operates largely without identifiers (see "What we do not collect"), there are typically no personal data relating to you that we could disclose or delete. The same applies to opt-in detail snapshots: we store no identifier, so a later mapping and deletion of your contribution is technically not possible (see the "Snapshot data processing" section above). You are informed of this before every click.

Right to lodge a complaint: You can lodge a complaint with a data-protection supervisory authority at any time — for users based in Germany, the competent authority is the Federal Commissioner for Data Protection and Freedom of Information (BfDI) and the respective state data-protection authority. EU users can complain to the data-protection authority of their member state.

Controller

Christian Kienle c/o Online-Impressum #8505 Europaring 90 53757 St. Augustin Germany contact@pragmika.com

Complete service-provider information at /impressum.

Last updated: 2026-05-29