Privacy Policy

The controller responsible for processing personal data in connection with this website is:

Kayoso Events Kay A. Schink Email: info@bearhood.de

This site is built with Next.js and published as static files (static export). When you open pages, your browser requests those files from a hosting provider. The provider may process technical data such as IP address, date and time of the request, and user agent, typically in server logs, based on its own terms and for security and operations.

Which hosting provider applies depends on how Bearhood is deployed (for example static hosting on a platform such as GitHub Pages). We do not operate separate first-party web analytics in the shipped application code.

When sign-in and community features are enabled, we use Supabase (Supabase Inc. and its infrastructure providers) as a service for authentication, database storage, and optional file storage.

Depending on your use of the site, Supabase may process in particular: account and authentication data (e.g. email address, password or magic-link flows, session tokens); profile information you provide (e.g. display name, avatar); and data related to event interactions supported by the app (e.g. likes, comments, saved/interested markers tied to your user id). Profile images may be stored in Supabase Storage and served via public URLs.

Processing is performed to provide the features you request (e.g. account, profile, and community interactions) and to secure the service. Further details on how Supabase processes data, subprocessors, and international transfers are described in Supabase’s own documentation and data processing agreements. We encourage you to review: https://supabase.com/privacy and related policies.

If Supabase is not configured for a given deployment, those features are unavailable and no such processing occurs through our integration.

Supabase authentication typically uses browser storage or similar mechanisms to keep you signed in. We also use the next-themes library, which commonly stores your light/dark theme preference locally in your browser.

When you first visit the site we ask for your consent before loading optional analytics. Your choice is stored in a small cookie named 'cc_cookie' so we remember it on future visits. This cookie is strictly necessary to record your consent and cannot be switched off; you can change your choice at any time via the 'Cookie settings' link in the footer.

You can delete site data through your browser settings; this may sign you out or reset UI preferences.

With your consent, we use Plausible Analytics to understand how visitors use the site. Plausible is a privacy-focused analytics service that we self-host; the service generates anonymous, aggregated metrics such as page views, referrers, and approximate country.

Plausible does not use cookies and does not store personal data. It does not track you across websites or devices and does not build advertising profiles. IP addresses are used only transiently to derive a country-level location and a daily rotating fingerprint, and are not stored. Further details: https://plausible.io/data-policy.

Legal basis: your consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG). You can withdraw consent at any time via the 'Cookie settings' link in the footer; withdrawal does not affect the lawfulness of processing carried out before.

If analytics consent is not granted, no Plausible script is loaded and no analytics processing takes place through our integration.

The newsletter signup area on the site currently validates your input in the browser and shows a confirmation message. It does not send your email address to Bearhood-operated servers as part of that flow in the present implementation. If we connect it to a mailing or marketing tool later, we will update this policy and, where required, obtain consent or another legal basis.

We link to external services (e.g. social networks, ticket platforms). Those sites have their own privacy policies. We are not responsible for their processing once you leave our site.

We retain personal data only as long as needed for the purposes described, including legal obligations. Account-related data in Supabase is subject to Supabase’s retention and your account actions (e.g. deletion requests via the service where available).

Where the GDPR or similar law applies, you may have the right to access, rectify, erase, restrict processing, object, and data portability, and to withdraw consent where processing is consent-based. You may also lodge a complaint with a supervisory authority.

To exercise rights against us, contact info@bearhood.de. Some requests (e.g. account deletion) may need to be carried out through the authentication provider’s tools where they hold the primary account record.

We may update this policy when our product or legal requirements change. The current version is always published on this page with an updated effective date (see below).

Last updated: April 21, 2026.