Privacy Policy

Last updated: June 25, 2025.

Personal data (usually referred to just as "data" below) will only be processed by us to the extent necessary and for the purpose of providing functionality of Drawpile and this website.

Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the "GDPR"), "processing" refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.

Responsible

Drawpile gUG (haftungsbeschränkt)
Adolfstraße 1
65185 Wiesbaden
Germany

General Manager: Carsten Hartenfels
E-Mail: privacy@drawpile.org

Scope of this policy

This privacy policy only pertains to this website drawpile.net and the public Drawpile server at pub.drawpile.net. For community servers or other external servers, refer to their policies instead.

Types of processed data

  • Contact data (e.g. your E-Mail address, if you want to use an account on this website)
  • Content data (e.g. the things you enter into this website)
  • Usage data (e.g. response times, performance)
  • Communication data (e.g. device information, IP addresses, server logs)

Drawpile the software only transmits communication data necessary to function, such as application version, device information or IP addresses, or data you voluntarily enter into it, such as usernames or chat messages.

Cookies

Cookies are small pieces of information stored in your web browser when you visit websites. This website uses only cookies necessary for its functionality, specifically:

  • A login and username cookie when you log into your account on this website.
  • A security cookie to prevent cross-site request forgery attacks.

There's no third-party, tracking or advertising cookies here.

Purpose of processing

  • Provide functionality, such as letting you draw together with others online or letting you create an account.
  • Problem tracing, such as looking through server logs to find where errors occurred.
  • Security measures, such as abuse prevention.

Duration of storage

Data is stored to the extent necessary to fulfill its purpose or legal obligations. It is deleted thereafter.

Rights of users and data subjects

Users and data subjects have the right:

  • to confirm whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR),
  • to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
  • to the immediate deletion of data concerning them (cf. also Art. 17 DSGVO), or, alternatively, if further processing is necessary as stipulated in Art. 17 No. 3 GDPR, to restrict said processing per Art. 18 GDPR;
  • to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art. 20 GDPR);
  • to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR).

In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 No. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.

Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller's future processing of their data pursuant to Art. 6 No. 1 lit. f) GDPR.