Privacy Policy
Last updated: 23 February 2026
CueProof is operated by House of Vargr, an individual developer based in Slovenia, European Union. This policy explains what personal data we collect, why, and what rights you have.
1. Who We Are (Data Controller)
For the purposes of the EU General Data Protection Regulation (GDPR), the data controller is:
House of Vargr
Slovenia, European Union
Contact: [CONTACT EMAIL]
Supervisory authority: Informacijski pooblaščenec RS
2. What We Collect and Why
2.1 Without signing in
Anonymous use requires no account. Your cue sets are stored only in your own browser and never sent to our servers. We store no personal data about you server-side. We do collect anonymous usage events (e.g. "report viewed", which discipline) to understand how the tool is used — these contain no identifying information.
2.2 Cookies
We use only essential and functional cookies — no advertising or tracking cookies of any kind.
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| cueproof_session | Keeps you signed in during your current session | 1 hour | Essential |
| cueproof_refresh | Keeps you signed in between visits without re-authenticating | 30 days | Essential |
| cueproof_oauth_state | Protects the sign-in flow against cross-site request forgery | 10 minutes | Essential |
| PARAGLIDE_LOCALE | Remembers your language preference | ~1 year | Functional |
Essential cookies are necessary for the Service to function and cannot be disabled. The functional language cookie can be cleared via your browser settings without affecting core functionality.
2.3 When you sign in with Google
Signing in unlocks cloud storage for your cue sets. We request only the minimum information needed from Google: your account identifier, email address, and display name. We do not request access to your Google Drive, Gmail, contacts, calendar, or any other Google service.
We store this alongside your cue sets in our database.
2.4 Data you enter
We store the cue sets you create: discipline, class, language, cue words, dog name, and any configuration options you choose. If you rate a collision pair (thumbs up/down), we store that rating and the associated cue words.
2.5 Pronunciation lookups
To compute phonetic similarity, we may look up pronunciations via the public Wiktionary API. Only the cue word text is sent — no account information. Results are cached to avoid repeat lookups.
2.6 What we do not collect
- — No payment data (CueProof is free, no payment processing)
- — No device fingerprinting
- — No advertising or third-party tracking of any kind
- — No microphone or camera access
3. Legal Basis (GDPR Art. 6)
We process your personal data on the following bases:
- • Contractual necessity (Art. 6(1)(b)) — storing your account and cue sets so you can use the Service.
- • Legitimate interests (Art. 6(1)(f)) — anonymous usage analytics to improve the product; security measures to protect the Service. These interests do not override your rights — you may object at any time (see §5).
4. Who We Share Data With
We do not sell your data. We use the following service providers who process data on our behalf:
| Provider | Role | Data involved |
|---|---|---|
| Cloudflare, Inc. (US) | Hosting and database | All data stored in our database |
| Google LLC (US) | Sign-in (OAuth) | Account identifier, email, name |
| Wikimedia Foundation (US) | Public Wiktionary API | Cue word text only — no personal data |
Transfers to US-based providers are governed by Standard Contractual Clauses under GDPR Art. 46.
5. How Long We Keep Your Data
Your account, cue sets, and all associated data are retained until you delete your account. Session cookies expire automatically after a short period. When your account is deleted, all personal data is permanently removed from our database — including cue sets, ratings, and usage events linked to you.
Anonymous browser drafts (created without signing in) are stored only in your browser and are outside our control.
6. Your Rights (GDPR Art. 15–22)
You have the right to:
- • Access — request a copy of your personal data.
- • Rectification — correct inaccurate data.
- • Erasure — delete your account and all associated data. You can do this self-service via the Delete account option in your account menu (top-right avatar). This permanently removes your cue sets, ratings, and history from our servers.
- • Portability — receive your cue sets in machine-readable format.
- • Object — object to processing based on legitimate interests.
- • Restriction — limit processing while a dispute is resolved.
To exercise any right other than erasure (which is self-service as above), contact us at [CONTACT EMAIL]. We will respond within 30 days. If you are not satisfied, you may lodge a complaint with:
Informacijski pooblaščenec RS
Dunajska cesta 22, 1000 Ljubljana, Slovenia
7. Security
We use industry-standard security measures: encrypted connections, signed and short-lived session tokens, and secure credential storage. No system is perfectly secure. In the event of a breach likely to affect your rights, we will notify the Informacijski pooblaščenec within 72 hours as required by GDPR Art. 33.
8. Minimum Age
CueProof is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, contact us at [CONTACT EMAIL] and we will delete it.
9. Changes to This Policy
We will post material changes on this page and update the date above. For significant changes affecting your rights, we will notify signed-in users by email at least 14 days in advance.
10. Contact
Privacy questions or rights requests: [CONTACT EMAIL]