Ugrás a tartalomhoz
The Danube Lens

Privacy Policy

How we handle your data.

Last updated: 25 May 2026

1. Data controller

The Danube Lens is the controller of personal data processed through this site. To exercise any of your rights, please use our contact form.

2. Purpose of the site

The Danube Lens publishes independent macro and geopolitical analysis from a Central European vantage point. Readers can sign in to comment and engage with the published articles.

3. Data we process

  • Technical data: IP address, browser type and version, operating system, visit timestamps, pages viewed. Logged automatically by our hosting provider for service operation and security.
  • Account data: if you sign in with Google to comment, we receive your name, email address and profile picture from Google.
  • Comments: the text, author and timestamp of any comment you post.
  • Votes and reports: upvotes/downvotes and reports you submit on comments, linked to your account.
  • Contact-form submissions: any name, email and message you provide via the contact form, plus a hashed IP for anti-abuse.
  • Cookies: see section 4.

4. Cookies

The Danube Lens currently uses only essential cookies (sign-in session and site preferences). We do not use advertising or analytics cookies on this site. If we add analytics in future, we will do so only with your consent and update this notice.

5. Legal bases (GDPR Art. 6)

  • Technical data: legitimate interest (Art. 6(1)(f)) — secure operation of the site.
  • Account and user content: performance of a contract (Art. 6(1)(b)) — providing the commenting service you sign up for.
  • Contact-form submissions: legitimate interest (Art. 6(1)(f)) — responding to your enquiry.
  • Non-essential cookies (if added later): consent (Art. 6(1)(a)).

6. Processors and third parties

We rely on the following processors acting on our instructions:

  • Vercel Inc. (USA) — application hosting and CDN.
  • Supabase Inc. (USA) — database, authentication and storage.
  • Google LLC (Ireland/USA) — sign-in (OAuth).
  • Cloudflare Inc. (USA) — anti-bot protection (Turnstile) on the contact form.

Some processors operate outside the EU. Transfers rely on EU Commission-approved Standard Contractual Clauses (SCCs). We do not sell or share personal data with third parties for marketing.

7. Use of AI

Our analysis is AI-assisted: large language models help draft, audit and polish analytical text, with human editorial review. The AI processes publicly available information and does not make automated decisions affecting visitors' rights.

8. Retention

  • Technical logs: up to 30 days.
  • Account data: until you delete your account.
  • Comments, votes and reports: until you delete your account or until removed by moderation.
  • Contact-form submissions: until your enquiry is resolved, then for a reasonable period for record-keeping.

9. Your rights

Under the GDPR you may request:

  • Access to the personal data we hold about you.
  • Rectification of inaccurate data.
  • Erasure of your data.
  • Restriction of processing.
  • To object to processing based on legitimate interest.
  • Data portability.

To exercise any right, please use our contact form. We respond within 30 days.

10. Complaints

If you believe your rights have been infringed, you may lodge a complaint with the data protection authority in your country of residence.

11. Changes

We may update this policy from time to time. Material changes will be reflected by the “Last updated” date above.