Privacy

What we store, why, and for how long. This page describes the actual behaviour of the running service — there are no hidden trackers or analytics.

Controller

Operator details have not been configured. See Impressum.

What we store

When you create or join a session, we save the following on the operator's own server (a single SQLite database file, no third-party storage):

  • A 6-character random session ID (visible in the URL).
  • For each member: the name you typed, the U-/S-Bahn station you picked, and the station's coordinates from a fixed local lookup. We do not read your device's location.
  • A timestamp for when each member joined.
  • A small HttpOnly cookie (mim_member_<sessionId>) that remembers which member you are in this session. It is not used for tracking across sessions.

Sessions are automatically deleted 7 days after creation. There is no way to recover one once it has expired.

What we do not store

  • No accounts, no passwords, no email addresses.
  • No analytics, no tracking pixels, no first-party scripts that profile you.
  • No IP-address logging at the application level. The operator's web server may keep short-lived access logs for operational purposes (request paths and response codes); these are not linked to anything else we store.

Map tiles (third party)

Once you've joined a session and the joined view loads, your browser fetches map tiles from Mapbox (api.mapbox.com). Mapbox therefore sees your IP address and the geographic region you're viewing on the map. We don't pass them anything else from your session — your name, station, and the rest of the session payload stay on this server.

We have explicitly disabled Mapbox's anonymous telemetry pings (events.mapbox.com) and resource-timing collection. Mapbox's servers therefore only see the tile requests themselves, not session-level usage events.

If you object to this, don't open a session in the joined view; the home page and the unjoined "before you join" view of a session do not load Mapbox.

Venue search (third party)

Once at least two members have joined a session, this server calls the Google Places Nearby Search API to find candidate venues around the group's geographic midpoint. This is a server-side call — your browser does not talk to Google directly.

What goes to Google: a midpoint coordinate (latitude / longitude), a search radius (800 m, or 3 km on a wider fallback), and the venue categories we're filtering for (cafés, bars, restaurants, bakeries, parks). The operator's API key identifies the project to Google; Google therefore sees this server's outbound IP address, not individual users' IPs.

What does not go to Google: your name, the station you picked, the names of the other members, the session ID, your IP address, or any cookie. Only the aggregated midpoint leaves this server — and the midpoint is derived from everyone's stations together, so it identifies no single member.

The Google Maps deeplinks on each result card ("Open in Maps") are plain links built from the venue's Google Place ID. Clicking one opens Google Maps in a new tab; at that point Google sees your IP because you are the one fetching their page — the same as any outbound link.

Transit times (third party)

To estimate how long each member would actually need on Berlin public transit, this server calls the VBB transport.rest API — a community-run open-source wrapper over the official BVG schedule and live-departure data. This is a server-side call; your browser never talks to that service directly.

What goes to transport.rest: pairs of VBB station identifiers (the same identifiers BVG itself publishes as part of the public Berlin transit network), and the departure time we're querying for (always "now" — there is no UI for picking a later meet-up time). The operator's server is what makes the request, so the upstream operator sees this server's outbound IP, not individual users' IPs.

What does not go to transport.rest: your name, the names of the other members, the session ID, your IP address, or any cookie. Station identifiers are public infrastructure references and are not personal data on their own.

If the upstream service is unreachable for any reason, we fall back to a coarse offline estimator based on geographic distance — no outbound call is made in that case. The results page badges "approximate travel times" when this fallback is active.

Legal basis

Art. 6(1)(b) GDPR — processing necessary for the service you have requested (showing your name and station to the others in the same session so the group can pick a meeting spot together).

Your rights

Under GDPR you have the right to access, correct, or delete the data we hold about you, and to lodge a complaint with a supervisory authority. Because sessions auto-delete after 7 days and contain only the data you typed in yourself, the practical exercise of these rights is usually as simple as closing the tab and waiting.

For anything that needs the operator's involvement, contact us via the email above.

← Back to MeetInTheMiddle