X
Combos
Login Sign Up

Privacy Policy

Last updated: March 2026

1. Data Controller

The data controller responsible for processing your personal data is:

Stefan Bauer
Bajuwarenhof 31
85459 Berglern
Germany

Email: mail@xcombos.com

2. Data We Collect

We collect and process the following personal data:

  • Account Information: Name, email address, username, and password when you register
  • Profile Information: Optional profile picture, bio, and XPeng vehicle model
  • Content: X-Combos you create, comments, likes, and bookmarks
  • Technical Data: IP address, browser type, device information, and access times (via server logs)

3. Purpose and Legal Basis

We process your data for the following purposes:

  • Contract Performance (Art. 6(1)(b) GDPR): To provide our services, manage your account, and enable you to create and share X-Combos
  • Legitimate Interests (Art. 6(1)(f) GDPR): To ensure website security, prevent fraud, and improve our services
  • Consent (Art. 6(1)(a) GDPR): For optional features where you have given explicit consent

4. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. You can delete your account at any time, which will result in the deletion of your personal data, except where we are required to retain it for legal purposes.

5. Data Sharing

We do not sell your personal data. We may share your data with:

  • Hosting Provider: Our website is hosted on servers that process data on our behalf
  • Gravatar: If you don't upload a profile picture, we use Gravatar to display an avatar based on your email hash

6. Your Rights

Under the GDPR, you have the following rights:

  • Right of Access (Art. 15 GDPR): You can request information about your personal data
  • Right to Rectification (Art. 16 GDPR): You can request correction of inaccurate data
  • Right to Erasure (Art. 17 GDPR): You can request deletion of your data
  • Right to Restriction (Art. 18 GDPR): You can request restriction of processing
  • Right to Data Portability (Art. 20 GDPR): You can request your data in a portable format
  • Right to Object (Art. 21 GDPR): You can object to processing based on legitimate interests

To exercise these rights, please contact us using the contact information above.

7. Cookies

We use essential cookies that are necessary for the website to function properly. These include session cookies for authentication and CSRF protection. We do not use tracking or advertising cookies.

8. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption of data in transit (HTTPS) and secure password hashing.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes by posting a notice on our website. Your continued use of the service after such modifications constitutes your acknowledgment of the modified policy.

10. Right to Lodge a Complaint

If you believe that the processing of your personal data infringes data protection law, you have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

The supervisory authority for Bavaria is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany