Privacy policy
Last updated: July 2026. This policy honestly and briefly describes what data no404 actually processes — nothing more, nothing less.
1. Controller
[NAME]
[ADDRESS]
Email: [EMAIL]
2. Hosting and server location
This website is delivered through a dedicated server at a European hosting provider. When you visit the site, the server necessarily processes your IP address and connection data (Art. 6 (1)(f) GDPR — legitimate interest in stable operation). To pick the language version (German/English) on your first visit, we determine the country of origin of your IP; the country is not stored.
3. Server logs
Our server logs requests (timestamp, requested URL, status code, IP address, user agent) for troubleshooting and abuse prevention. Logs are not merged with other data sources and are deleted regularly (Art. 6 (1)(f) GDPR).
4. Cookies
no404 only sets technically necessary cookies — no tracking, no ad cookies, no analytics services:
- n4s (session cookie): keeps you logged in; expires after 30 days.
- n4lang (language cookie): remembers your chosen language (de/en); expires after 1 year.
Legal basis: Section 25 (2) no. 2 TDDDG (strictly necessary) and Art. 6 (1)(b) GDPR.
5. Registration and user account
When you sign up we store your email address, your password exclusively as a hash (Argon2id or scrypt — the password itself is never stored), your language choice and the timestamps of registration and login. To protect your account, sessions record IP address and user agent (Art. 6 (1)(b) and (f) GDPR).
6. Scan data
When you scan a domain we store the domain, the URLs found (from the public archive at archive.org) and the live-checked status codes in your account. This data concerns publicly reachable web addresses; it is only visible to you and is deleted along with your account (Art. 6 (1)(b) GDPR).
7. Bot protection
To protect forms (sign-up, login, quick check) we use technical measures against automated abuse. These process browser characteristics, connection data and the IP address. No advertising profiles are created (Art. 6 (1)(f) GDPR — protection against automated abuse).
8. Email delivery
Transactional emails (confirmation link, password reset) are sent via our own SMTP server. Your email address is processed for this; no third-party marketing services are used and no open trackers are embedded (Art. 6 (1)(b) GDPR).
9. Your rights under the GDPR
You have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection (Art. 21). You may also lodge a complaint with a data protection supervisory authority (Art. 77). Just write to [EMAIL] — we'll take care of it.
10. Retention and deletion
Account data is kept for as long as your account exists. If you delete your account (or ask us to), account, scan and session data are removed. Server logs are deleted on a rolling basis.