Privacy Policy
Effective date: 7 July 2026 — this policy explains what information Gipfelstürmer Social collects, why we collect it, and the choices you have over it.
Gipfelstürmer Social is a free social casino platform operated by Gipfelstürmer Werbeagentur GmbH, Industriestraße 4, 70565 Stuttgart, Germany. Our games are entertainment only: they use a fictional balance called Summit Coins, they never pay out real money or prizes of any monetary value, and they are intended exclusively for visitors who are eighteen years of age or older. Because we designed the platform to run without a game backend, the amount of personal information we handle is deliberately small, and much of what would normally sit on a company server instead stays inside your own browser. This Privacy Policy describes, in plain language, every category of information that passes through our hands, how long we keep it, whom we share it with, and the rights you can exercise at any time. It applies to the website gipfelsturmerwerbeagentur.com and to every page, game, and form published under that domain. It does not apply to third-party websites that we may link to, and we encourage you to read the privacy notices of any external site before providing information to it. By using our website you acknowledge that you have read this policy; where the law requires consent for a specific processing activity, we ask for that consent separately and you may withdraw it at any time.
1. Information Collection
We collect information in three ways: information you actively give us, information generated automatically while you browse, and information stored locally on your device by our scripts. Understanding the difference between these three channels is the key to understanding this entire policy, so we set them out here before going into detail.
1.1 Information you provide directly
You provide information directly when you type it into a form on our site. In practice this happens in only two places: the contact form on our contact page, and the optional local account screen where you choose a username. We never ask for government identifiers, payment details, or financial information, because nothing on Gipfelstürmer Social can be purchased. There are no in-game purchases, no deposits, and no withdrawals, so the classes of sensitive data typically associated with gambling websites simply do not exist here.
1.2 Information collected automatically
Like almost every website, our hosting infrastructure records basic technical data when your browser requests a page. This includes your IP address, the date and time of the request, the page requested, the referring page, and a user-agent string describing your browser and operating system. This data is generated by the web server itself and is used for security monitoring, error diagnosis, and aggregate traffic measurement. Section 3 of this policy describes usage data in more detail.
1.3 Information stored on your device
A defining feature of our platform is that player accounts and Summit Coins balances are stored locally in your browser using localStorage. We operate no game backend and no account database. When you create a local profile, pick a username, or spin a reel, the resulting data is written to your own device and never transmitted to us. We cannot read it, back it up, restore it, or delete it remotely. If you clear your browser data, your local profile and balance disappear permanently, and we have no copy to recover. Our Cookie Policy, available at /cookies, lists every localStorage key we use and what each one contains.
2. Personal Data
Personal data means any information relating to an identified or identifiable person. Given the local-first design of Gipfelstürmer Social, the personal data that actually reaches our organisation is limited to the items below.
2.1 Email address
We receive your email address only when you submit our contact form or write to us directly. We use it for one purpose: to reply to you. Contact form submissions are delivered as email messages to our support inbox, and the conversation lives in that inbox like any ordinary email exchange. We do not add contact form senders to marketing lists, we do not sell or rent email addresses, and we do not use them for profiling of any kind.
2.2 Username
If you choose to create a local profile, the username you pick is stored in your browser's localStorage under the keys described in our Cookie Policy. That username never leaves your device. Because we cannot see it, we also cannot moderate it, so please choose something you are comfortable seeing on your own screen. If you would like to change or remove it, you can do so from the account screen or by clearing site data in your browser settings.
2.3 Contact form data
The contact form asks for a name, an email address, and a message. The name field exists so we can address you politely; you may use a pseudonym if you prefer. The message field is free text, and we ask you not to include sensitive information such as health data, financial details, or identification numbers, because a support request about a browser game never requires them. Everything you submit through the form is treated as confidential correspondence and is accessible only to the small team that handles support.
2.4 What we deliberately do not collect
We do not collect real names as a requirement of play, dates of birth, postal addresses of visitors, telephone numbers, payment card details, bank information, government identification, precise geolocation, biometric data, or any special category of data under European law. Our age requirement of eighteen years is enforced through a self-declaration gate rather than identity verification, which means we never see or store documents proving your age.
3. Usage Data
Usage data is technical information generated automatically when you interact with the website. It is collected by our hosting provider's web server and, where you have consented, by our analytics tooling.
3.1 Server logs
Standard server logs record the IP address of each request, a timestamp, the requested resource, the HTTP status code returned, the size of the response, the referring URL, and the user-agent string. We use these logs to detect abuse such as automated scraping or denial-of-service attempts, to diagnose broken links and server errors, and to understand overall load so we can size our hosting appropriately. Server logs are rotated and deleted on a short schedule described in Section 9.
3.2 Device and browser information
The user-agent string tells us in broad terms which browser and operating system you use. We look at this data in aggregate to decide which browsers we must test our games against. We do not attempt to fingerprint individual devices, and we do not combine user-agent data with other signals to single out a specific visitor.
3.3 Gameplay data stays local
It is worth repeating in this section that gameplay itself produces no usage data on our side. Spins, wins, losses of Summit Coins, session lengths inside a game, and every other in-game event are computed by JavaScript running in your browser and recorded, if at all, only in your local storage. There is no telemetry pipeline sending gameplay events to us, because there is no server for them to be sent to.
4. Cookies
We use a small number of cookies and, more prominently, browser localStorage. A cookie is a small text file placed on your device by a website; localStorage is a similar browser feature that holds data without transmitting it with every request. Our full Cookie Policy at /cookies explains each item we set, its purpose, and its lifetime, so this section provides only a summary.
4.1 Categories in brief
- Essential storage keeps the site working: it remembers that you confirmed you are over eighteen and records your cookie banner choice so we do not ask again on every page.
- Functional storage powers the local account system: your username, your Summit Coins balance, and your session marker all live here, on your device only.
- Analytics cookies, set only if you accept them, help us understand which pages are popular and where visitors encounter problems.
4.2 Your control
When you first visit, a banner lets you choose between accepting all cookies or keeping only the essential ones. You can revisit that choice at any time through the cookie settings link in the footer, and you can also delete or block cookies entirely through your browser. Blocking essential storage will prevent the age gate and the local account system from working, which effectively disables the games, but the informational pages of the site will remain readable.
5. Analytics
We use privacy-conscious analytics to measure how the website is used. Analytics runs only if you consent through the cookie banner; choosing essential-only means no analytics script loads at all.
5.1 What analytics measures
When enabled, analytics records page views, the approximate region a visit comes from (derived from a truncated IP address, never precise location), the type of device and browser, the referring website, and simple interaction events such as clicking through to a game page. This tells us which games attract interest, which help articles are actually read, and whether visitors on small screens encounter layout problems.
5.2 What analytics does not do
Our analytics configuration does not build advertising profiles, does not follow you across other websites, and does not record what you type. IP addresses are truncated or anonymised before storage. We do not use session-replay tools that film your screen, and we do not link analytics identifiers to your contact form correspondence. Reports we look at are aggregated: we see that a certain number of visitors from Australia read a page, not that a specific person did.
5.3 Opting out
You can decline analytics in the cookie banner when you first arrive, withdraw consent later through the cookie settings link in the footer, or use browser features and extensions that block analytics scripts. Declining analytics has no effect on your ability to use any part of the website, including all games.
6. Communications
Our communication with you is deliberately minimal and always initiated by you.
6.1 Support correspondence
When you send a message through the contact form, it arrives in our support inbox as an email, and we reply from that inbox. We aim to answer within two business days. The content of your message determines how it is handled: technical reports may be shared internally with the person who maintains the affected page, while privacy requests are routed to the person responsible for data protection. We keep support threads only as long as Section 9 describes.
6.2 No marketing email
We do not operate a newsletter, we do not send promotional email, and we will never email you out of the blue. Any message claiming to be from Gipfelstürmer Social that offers real-money prizes, requests payment details, or asks for your password is fraudulent, because we offer no prizes, take no payments, and hold no passwords. If you receive such a message, please forward it to us so we can act on it.
6.3 In-browser notices
Occasionally we display notices inside the website itself, for example to announce a new game or a change to this policy. These notices are part of the page content, require no personal data, and involve no push notifications; we do not request browser notification permission.
7. Data Security
We take proportionate technical and organisational measures to protect the limited personal data we handle.
7.1 Technical measures
The website is served exclusively over HTTPS, so everything you submit through the contact form is encrypted in transit between your browser and our server. Our support inbox is protected by strong authentication, and access to hosting infrastructure is limited to the people who administer it. Server software is kept up to date, and logs are monitored for signs of intrusion.
7.2 Organisational measures
Only staff with a genuine need can read support correspondence. We keep the number of tools that touch personal data small, and we review this policy and our internal practices whenever the website changes in a way that affects data handling.
7.3 The security benefit of local storage
Because accounts and balances exist only in your browser, a breach of our infrastructure could not expose player account databases — there are none. The flip side is that the security of your local profile depends on the security of your own device. We recommend keeping your browser updated and being cautious about shared computers: anyone with access to your browser profile can see and alter your local Gipfelstürmer Social data.
7.4 Incident response
No system is perfectly secure. If we ever suffer a breach affecting personal data, we will assess it promptly, notify the competent supervisory authority where legally required, and inform affected individuals without undue delay if the breach is likely to put their rights at risk.
8. User Rights
Because we are a German company, the EU General Data Protection Regulation (GDPR) applies to our processing of personal data. Because our audience is in Australia, we also aim to honour the spirit of the Australian Privacy Principles set out in the Privacy Act 1988 (Cth), which cover similar ground: openness about data handling, access and correction rights, and secure storage.
8.1 Your GDPR rights
- Access: you may ask us to confirm whether we process personal data about you and to receive a copy of it.
- Rectification: you may ask us to correct inaccurate data, for example a misspelled email address in a support thread.
- Erasure: you may ask us to delete your data, and we will do so unless a legal obligation requires us to keep it.
- Restriction: you may ask us to pause processing while a dispute about the data is resolved.
- Portability: you may ask for data you provided to us in a structured, machine-readable format.
- Objection: you may object to processing based on our legitimate interests, and we will stop unless compelling grounds exist.
- Withdrawal of consent: where processing rests on consent, such as analytics, you may withdraw it at any time without affecting past processing.
8.2 Rights for Australian visitors
The Australian Privacy Principles give individuals comparable rights of access and correction and require organisations to handle personal information openly and securely. If you are in Australia, you may exercise any of the rights above by contacting us in exactly the same way; we do not distinguish between visitors by jurisdiction when honouring requests. You may also complain to the Office of the Australian Information Commissioner, although we would appreciate the chance to resolve your concern directly first.
8.3 How to exercise your rights
Email us at the address in Section 13 with a description of your request. We will respond within one month. We may ask you to confirm control of the email address concerned, which is normally the only verification needed given how little data we hold. Requests are free of charge unless they are manifestly unfounded or excessive. Please note that data stored only in your browser — your username, Summit Coins balance, and session marker — is outside our reach; you exercise complete control over it yourself through your browser settings, which is faster than any request to us could ever be.
8.4 Complaints
If you believe we have mishandled your data, you may lodge a complaint with a data protection supervisory authority. For us the lead authority is the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg, Germany. Australian visitors may alternatively contact the Office of the Australian Information Commissioner as noted above.
9. Data Retention
We keep personal data only as long as it serves the purpose it was collected for, and then we delete it.
9.1 Retention periods
- Support correspondence, including contact form submissions, is kept for up to twenty-four months after the thread is closed, so we can refer back if the same issue resurfaces, and is then deleted.
- Server logs containing IP addresses are kept for up to thirty days for security purposes and then deleted or fully anonymised.
- Analytics data is stored in aggregated or anonymised form and, where any identifier persists, is deleted after no more than fourteen months.
- Cookie consent records are kept as long as needed to demonstrate that consent was given, and no longer than required by law.
9.2 Data on your device
localStorage entries written by our scripts have no server-side counterpart and therefore no retention schedule on our side. They persist on your device until you delete them, your browser clears them, or our Cookie Policy's stated lifetimes expire. You may remove them at any moment through your browser's site data settings.
9.3 Legal holds
If a legal obligation, dispute, or authority request requires us to preserve specific data beyond the periods above, we retain only what is necessary, restrict access to it, and delete it once the obligation ends.
10. International Transfers
Gipfelstürmer Werbeagentur GmbH is established in Germany, and our website is hosted within the European Union. When you visit from Australia, your requests naturally travel across borders to reach our servers, and our replies travel back; this is an inherent property of you contacting an EU-based website rather than a transfer initiated by us.
10.1 Transfers we initiate
Where we use service providers that process personal data outside the European Economic Area — for example, if an analytics or email provider operates infrastructure elsewhere — we rely on recognised safeguards: an adequacy decision of the European Commission where one exists for the destination country, or the Commission's Standard Contractual Clauses supplemented by technical measures such as encryption. We keep the list of such providers short, and Section 11 describes the categories involved.
10.2 What this means for Australian visitors
Data you send us is protected by European data protection law regardless of the fact that you are in Australia, and in most respects the GDPR offers protection at least as strong as the Australian Privacy Principles. You lose no rights by contacting a European operator; if anything, you gain the ability to invoke GDPR rights that have no direct Australian equivalent, such as data portability.
11. Third Parties
We do not sell, rent, or trade personal data, and we share it only with the narrow categories of recipients listed here.
11.1 Service providers
- Our hosting provider operates the servers that deliver the website and generates the server logs described in Section 3. It processes data only on our documented instructions under a data processing agreement.
- Our email provider transmits and stores support correspondence, including messages that arrive from the contact form.
- Our analytics provider, active only with your consent, processes the truncated usage data described in Section 5.
11.2 Embedded content
The contact page includes an embedded map so visitors can see the location of our registered office in Stuttgart. When the map loads, your browser connects directly to the map provider, which may set its own cookies and receive your IP address. Our Cookie Policy describes this embed and how to avoid it if you prefer.
11.3 Legal disclosures
We will disclose personal data to courts, law enforcement, or regulators when a valid legal obligation compels us to, and only to the extent compelled. We assess every such request and push back on those that are overbroad.
11.4 Business changes
If our company is ever merged, acquired, or restructured, the limited personal data we hold may pass to the successor entity under the same protections promised here, and we would inform you of any change of controller.
12. Children's Privacy
Gipfelstürmer Social is strictly for adults. Although our games involve no real money and pay no prizes, they simulate casino-style play, and we consider such content unsuitable for minors without exception.
12.1 The eighteen-plus rule
You must be at least eighteen years old to use this website. An age gate asks every new visitor to confirm this before the games become accessible, and the confirmation is stored locally on the device so it need not be repeated on every visit. We do not knowingly collect personal data from anyone under eighteen, and nothing on the site is designed to appeal to children.
12.2 If a minor has used the site
If you are a parent or guardian and believe a minor in your care has used Gipfelstürmer Social or submitted personal data through our contact form, please email us. We will delete any correspondence from the minor promptly. Data held in the browser — the local profile and Summit Coins balance — can be removed immediately by clearing the site's data in the browser the minor used, and we encourage you to do so.
12.3 Tools for households
We support the use of parental control software and device-level content filters, and our site does not attempt to circumvent them. Because play requires no download and no payment, supervision of shared family devices is the most effective safeguard, and we recommend keeping browsers on children's devices restricted from gambling-themed content generally.
13. Contact Details
The controller responsible for personal data processed in connection with this website is:
Gipfelstürmer Werbeagentur GmbH
Industriestraße 4
70565 Stuttgart
Germany
Email: xarubesaqi637@gmail.com
13.1 Privacy enquiries
For any question about this policy, to exercise a right described in Section 8, or to report a concern, write to the email address above with the subject line "Privacy". We answer privacy enquiries within one month, and sooner where we can. Postal enquiries to the Stuttgart address are also accepted, though email is faster.
13.2 Changes to this policy
We may update this Privacy Policy when the website, the law, or our practices change. The effective date at the top of the page always reflects the current version, and material changes will be announced by a notice on the site before they take effect. Continued use of Gipfelstürmer Social after a change takes effect means the updated policy applies, but it never retroactively reduces rights you exercised under an earlier version. We recommend reviewing this page from time to time, together with our Cookie Policy and Terms of Service, so that your picture of how the platform works stays complete and current.