Back to norenly
Legal

Privacy

Here you will find the GDPR information about which personal data is processed at norenly, why that happens, and which rights you have.

Stand: 13. April 2026

Controller

Controller
Dominik Hintringer
Siemensstraße 60, 4030 Linz, Österreich
Privacy contact
help@norenly.com
Data protection officer
There is currently no separately named data protection officer publicly listed.

Which data may be processed

  • Access and device data: When you access the website, technically necessary server data may be processed, such as IP address, date and time, requested URL, referrer, and browser information.
  • Account and profile data: Handle, display name, password hash, optional profile details such as bio, location, activity window, pronouns, language, design settings, verification status, and security information.
  • Invite and access records: Invite codes, invite status, recovery codes in hashed form, and associated timestamps.
  • Contact data: An email address only if you provide it voluntarily.
  • Content data: Posts, answers, comments, replies, saved content, likes, reports, spaces, profile texts, podcast saved lists, podcast interactions, and other content entered by you.
  • Communication data: Content from messages, chat requests, moderation reports, and related status information.
  • Image and moderation data: Uploaded profile pictures, pending image versions where applicable, moderation labels, review status, scores, and admin decisions for approval or rejection.
  • Security, analytics, and personalization data: Session information, login data, technical safeguards, internal anonymized analytics events, an anonymous visitor token for feed logic, and daily moodboard selections.
  • Particularly sensitive content: Because users can freely write content, sensitive information such as health-related details or personal crisis information may also be included if you enter it yourself.

Purposes and legal bases

Platform operation
Provision of account, feed, profiles, spaces, messages, and community features. The legal basis is generally Art. 6(1)(b) GDPR.
Security & moderation
Protection against abuse, spam, bot use, inappropriate content, risky profile pictures, and security risks. The legal basis is usually Art. 6(1)(f) GDPR.
Recommendations & personalization
Improvement of the feed, podcast recommendations, moodboard boosts, saved content, and personal sorting. The legal basis is usually Art. 6(1)(b) and (f) GDPR.
Internal product analysis
Anonymous or pseudonymized reach and usage analysis for the stability, prioritization, and ongoing development of the platform. The legal basis is usually Art. 6(1)(f) GDPR.
Optional email features
Use of a voluntarily provided email address, for example for login or summaries, where this function is enabled. The legal basis is Art. 6(1)(a) or (b) GDPR.
Legal obligations
Compliance with legal retention, evidence, or security obligations. The legal basis is Art. 6(1)(c) GDPR.

Anonymity, visibility, and content

norenly is built so that not every use requires an email address and posts can be published anonymously or profile-linked depending on your settings. Guests can use certain features such as moodboard selection or content discovery even without a permanent account. Please still share only the information you truly want to share. Anonymous content can also contain personal or sensitive information if you write it yourself.

Recipients and third-party services used

  • jsDelivr / CDN delivery: For embedded frontend resources such as Remix Icons, emoji pickers, ALTCHA, and client-side NSFWJS/TensorFlow files. When loading such files, technical access data such as IP address and browser information may be transmitted to the delivery service.
  • cdnjs / Lottie Player: For delivering the animation library on the maintenance page. Technical access data may be transmitted to the CDN service when it loads.
  • OpenAI services: For automated moderation and AI-based context or thread analysis on detail pages. Depending on the function, text content entered by you or thread content may be processed. According to the current product logic, no handles, email addresses, or account data should be sent to the service for thread analysis.
  • vector.profanity.dev and PurgoMalum: As additional or fallback-based checking mechanisms for detecting inappropriate content, for example in posts, messages, bios, or space texts.
  • Sightengine: For server-side secondary review of profile pictures when the local pre-check is not clear enough.
  • Podcast and RSS sources: Podcast metadata, cover art, or audio files may come from external RSS feeds and their respective hosting providers. When such media is loaded or RSS sync runs, technical access data may be transmitted to the respective source.
  • Klipy: When GIF search is used, search terms and technical access data may be processed through the GIF infrastructure.
  • Technical infrastructure and hosting providers: Where they are technically necessary for operating the website, database, sessions, backups, or delivery.

If providers outside the EEA are used, data may be transferred to third countries. In that case, use only takes place on the basis of the legally permissible data protection mechanisms where required.

Automated content review

norenly uses automated filters and moderation mechanisms to detect inappropriate content early. Texts may already be blocked or flagged before submission. Profile pictures are currently checked in several stages: first locally in the browser with NSFWJS, then server-side with Sightengine if the result is unclear, and additionally manually by admins if no clear decision is possible there either. Clearly risky uploads may be blocked automatically; clearly harmless uploads may be approved automatically.

Internal analytics and recommendations

norenly uses an internal analytics and recommendation logic to better shape the feed, podcasts, mood categorization, and product areas. At the current stage, no external marketing trackers are used. Instead, internal events are processed with anonymous or pseudonymized identifiers, page context, and product context to understand reach, usage patterns, and priorities for further development.

Storage period

Personal data is stored only as long as necessary for operating norenly, ensuring platform security, handling reports, enforcing rules, or complying with legal obligations. Account, profile, podcast, and content data generally remain stored as long as the account exists or the content is available on the platform. After deletion or suspension, data may still be retained as long as this is necessary for evidence, security, abuse prevention, avatar or moderation histories, internal analytics, or legal obligations.

Cookies and local storage values

norenly uses technically necessary cookies and browser storage values, especially for session, language, security checks, consents, and the state of individual notices. Details can be found on the separate cookie page.

Your rights under the GDPR

  • Access to the data processed about you.
  • Correction of inaccurate data.
  • Deletion, unless legal obligations or overriding reasons prevent it.
  • Restriction of processing.
  • Data portability, where applicable.
  • Objection to processing based on legitimate interests.
  • Withdrawal of granted consent with effect for the future.

Right to complain

If you believe that the processing of your data violates data protection law, you may contact the competent supervisory authority. In Austria, this is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, dsb@dsb.gv.at.

Contact

For privacy requests, you can reach the controller at help@norenly.com.