Smallest

Privacy Policy

Smallest.Social is operated by Xaido GmbH & Co. KG, a Cologne-based software company. We believe privacy should be simple and transparent. This policy explains how we handle your data with care and respect.

Last updated: August 26, 2025

1. Data Controller

Smallest.Social c/o Xaido GmbH & Co. KG
Cologne, Germany
Email: privacy@smallest.social

2. What Data We Collect

2.1 Widget Service Data

  • Site User ID: Anonymous visitor identifier stored in your browser's local storage for pseudo-authentication on embedding websites
  • Visitor Hash: SHA1 hash of your IP address and browser user agent for visitor tracking
  • Technical Data: Essential request headers (user-agent, referer, origin, accept-language)
  • Interaction Data: Widget reactions and interactions you make on embedded widgets
  • Site Path: URL path where widget is embedded

2.2 Website Analytics

  • Landing Page Analytics: We use Plausible Analytics on our landing pages only, which collects anonymous, aggregated data without cookies or personal tracking
  • Widget Endpoints: No third-party analytics or tracking on widget delivery or API endpoints

2.3 Newsletter Subscription (Optional)

  • Name and Email: Only collected if you voluntarily subscribe to our newsletter

3. Legal Basis for Processing

  • Legitimate Interest (Art. 6(1)(f) GDPR): Widget functionality, visitor tracking, and service analytics
  • Consent (Art. 6(1)(a) GDPR): Newsletter subscription

4. How We Use Your Data

  • Provide embedded social widget functionality
  • Prevent duplicate reactions and ensure data integrity
  • Aggregate anonymous statistics for widget performance
  • Improve our service through anonymous analytics
  • Send newsletter updates (only if subscribed)

5. Data Retention

  • Widget Data: Retained for service functionality; anonymized after reasonable period
  • Newsletter Data: Until you unsubscribe
  • Analytics: Anonymous data retained indefinitely

6. Data Sharing

We do not sell, trade, or rent your personal information. Data may be shared with:

  • Self-hosted Infrastructure: All databases are self-hosted in European Union
  • Plausible Analytics: Privacy-focused analytics service (landing pages only)

7. Your Rights (GDPR)

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Data Portability: Receive your data in structured format
  • Right to Withdraw Consent: Unsubscribe from newsletter anytime

8. Privacy-by-Design Principles

  • No Cookies: Our widget service does not set any cookies
  • No Cross-Site Tracking: We do not track users across different websites
  • Data Minimization: We collect only essential technical headers required for functionality
  • Pseudo-Anonymous: UUID4 identifiers are not personally identifiable
  • EU Infrastructure: All data processing occurs within the European Union

9. Data Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

10. International Data Transfers

All data is processed and stored within European Union on self-hosted infrastructure. No international data transfers occur.

11. Changes to This Policy

We may update this privacy policy periodically. Changes will be posted on this page with an updated date.

12. Contact Us

For privacy-related questions or to exercise your rights:

Email: privacy@smallest.social

Subject: Privacy Policy Inquiry