Privacy Policy
Controller
Gerhard Benjamin Peter (sole proprietor)
Weidenhäuser Str. 73
35037 Marburg, Germany
Email: bp@ben-peter.com
What This Policy Covers
This policy describes how Web Resource Ledger (“WRL”, “the service”) collects, uses, stores, and protects personal data when you use the WRL API or web interface at api.webresourceledger.com.
Data We Collect
Account Data (GitHub OAuth)
When you sign in with GitHub, we receive and store:
- GitHub user ID — a stable numeric identifier assigned by GitHub
- GitHub username — your current GitHub display name (updated on each login)
We request the read:user scope from GitHub. We do not receive or store your GitHub email address, repositories, or any data beyond your public profile identity. The GitHub access token used during login is discarded immediately after fetching your identity — it is never stored.
Session Data
When you log in, we create a server-side session:
- A session cookie (
__Host-wrl_session) is set in your browser. It is HttpOnly, Secure, SameSite=Lax, and expires after 7 days. - Only a SHA-256 hash of the session value is stored on our servers. The raw session value exists only in your browser cookie.
This cookie is strictly necessary for authentication. It is not used for tracking or advertising.
API Keys
When you create an API key, we store a SHA-256 hash of the key for authentication. The raw key is shown once at creation and never stored.
IP Addresses
We do not store your raw IP address. For rate limiting and abuse prevention, we compute a pseudonymized identifier from your IP address using HMAC-SHA-256 with a daily rotating key. This identifier:
- Cannot be reversed to recover your IP address
- Changes every 24 hours (a different IP hash is produced each day)
- Is used in operational logs for abuse detection
This constitutes pseudonymized data under GDPR Article 4(5).
Capture Data
Each capture you submit records:
- The URL you requested to capture
- Timestamps (creation, completion)
- Capture artifacts (screenshot, rendered HTML, HTTP headers, signed WACZ bundle)
- The resolved IP address of the target website (not your IP — this is the IP address of the server hosting the page you captured)
Capture data is attributed to your tenant ID, not to your personal identity directly.
Terms of Service Acceptance
We record when you accepted the Terms of Service and which version you accepted.
Usage Data
We track monthly capture counts and storage usage per tenant for quota enforcement. This is operational data tied to your tenant ID.
Legal Basis for Processing
| Data | Legal Basis | GDPR Article |
|---|---|---|
| GitHub identity | Contract performance (providing the service you signed up for) | Art. 6(1)(b) |
| Session data | Contract performance (authenticating your requests) | Art. 6(1)(b) |
| API key hashes | Contract performance (authenticating your API requests) | Art. 6(1)(b) |
| Pseudonymized IP | Legitimate interest (abuse prevention, service security) | Art. 6(1)(f) |
| Capture data | Contract performance (the core service you requested) | Art. 6(1)(b) |
| Usage counters | Contract performance (quota enforcement) | Art. 6(1)(b) |
Data Retention
| Data | Retention |
|---|---|
| Account data (GitHub ID, username) | Until you request deletion or the service is discontinued |
| Sessions | 7 days from creation, then automatically deleted |
| API key hashes | Until you revoke the key or request account deletion |
| Pseudonymized IP hashes | In operational logs for up to 90 days |
| Capture data | Indefinitely, unless removed by the operator or upon your deletion request |
| Usage counters | Retained for the current and previous billing periods |
Third-Party Processors
| Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Cloudflare | Infrastructure (Workers, D1 database, KV storage, R2 object storage, Browser Rendering) | All service data | Global (Cloudflare network) |
| GitHub | Authentication (OAuth identity provider) | GitHub user ID and username during login only | USA |
| Coralogix | Operational logging and monitoring | Pseudonymized IP, tenant ID, event metadata (no raw personal data) | EU (eu2 region) |
| DigiCert | RFC 3161 timestamping | SHA-256 hash of capture bundle only (no personal data) | USA |
| Stripe | Payment processing (when applicable) | Payment and billing information you provide to Stripe | USA |
We maintain data processing agreements with our infrastructure providers as required by GDPR Article 28.
Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Access (Art. 15) — request a copy of the personal data we hold about you
- Rectification (Art. 16) — request correction of inaccurate data (note: your GitHub username is automatically updated on each login)
- Erasure (Art. 17) — request deletion of your account and associated data
- Restriction (Art. 18) — request that we limit processing of your data
- Portability (Art. 20) — request your data in a structured, machine-readable format
- Object (Art. 21) — object to processing based on legitimate interest (pseudonymized IP processing)
To exercise any of these rights, email bp@ben-peter.com with the subject line “Data Request”. Include your GitHub username so we can locate your account. We will respond within 30 days.
Account Deletion
You may request complete deletion of your account and all associated data. Upon receiving a verified deletion request, we will:
- Delete your GitHub user record and all sessions
- Revoke all API keys
- Delete all capture records and stored artifacts
- Remove your tenant record and usage data
Pseudonymized IP hashes in operational logs cannot be attributed back to you after deletion and will expire naturally within 90 days.
Data Security
We implement the following security measures:
- All API keys and session tokens are stored as SHA-256 hashes — raw values are never persisted
- Session cookies use HMAC signing, the
__Host-prefix, and the Secure, HttpOnly, SameSite=Lax attributes - Ed25519 cryptographic signatures ensure capture integrity
- IP addresses are pseudonymized with daily key rotation
- All data in transit is encrypted via TLS
- OAuth authentication uses PKCE (Proof Key for Code Exchange) to prevent authorization code interception
- Rate limiting protects against abuse at multiple levels
Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. The competent authority for the controller is:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 31 63
65021 Wiesbaden, Germany
https://datenschutz.hessen.de
International Data Transfers
Some of our processors (GitHub, DigiCert, Stripe) are based in the USA. Cloudflare processes data globally across its network. These transfers are conducted under appropriate safeguards, including the EU-US Data Privacy Framework and Standard Contractual Clauses where applicable.
Children
WRL is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at bp@ben-peter.com and we will delete it.
Changes to This Policy
We may update this policy from time to time. The effective date at the top reflects the most recent revision. We will not reduce your rights under this policy without your explicit consent.
Disclaimer
This document is a reasonable-effort privacy policy for a small, early-stage project. It is not professional legal advice. If your situation requires legal certainty, consult a qualified attorney.