legal documents improved, gäste-pwa uploads optimiert: client-side compression/resize.

docs/content/legal/datenschutz-en.md

@@ -10,7 +10,7 @@ Schweriner Str. 15
 Germany  
 
 Email: info@fotospiel.app
-Website: [https://fotospiel.app](https://fotospiel.app)
+Website: [/en/](/en/)
 
 ---
 
@@ -21,9 +21,9 @@ Use of the Fotospiel App requires only the personal data necessary to host and p
 ---
 
 ## 3. Types of Data Processed
-- Organizer data: name, email address, payment information (via Paddle/Stripe), event details (title, date, photo tasks, photos)
+- Organizer data: name, email address, payment information (via Paddle), event details (title, date, photo tasks, photos)
 - Guest data: uploaded photos, display name (optional), likes/reactions
-- Technical data: IP address, browser type, timestamp, device information
+- Technical data: IP address, browser type, timestamp, device information, anonymous session identifier (session_id)
 - Communication data: messages sent via contact form or email
 
 ---
@@ -33,7 +33,7 @@ Use of the Fotospiel App requires only the personal data necessary to host and p
 |----------|--------------|-------------|
 | Providing the app and hosting events | Art. 6(1)(b) GDPR | Contract performance |
 | Storing and displaying photos | Art. 6(1)(b) GDPR | Core feature of the app |
-| Payment processing and invoicing | Art. 6(1)(b), (c) GDPR | Use of Paddle and Stripe services |
+| Payment processing and invoicing | Art. 6(1)(b), (c) GDPR | Use of Paddle services |
 | Web analytics via Matomo | Art. 6(1)(f) GDPR | Statistical analysis to improve the app |
 | Server logs and security | Art. 6(1)(f) GDPR | Ensuring system security |
 | Responding to inquiries | Art. 6(1)(f) or (b) GDPR | Communication with users |
@@ -48,13 +48,12 @@ All processing takes place within the EU.
 ---
 
 ## 6. Payment Processing
-Payments are handled by **Paddle (Europe) S.à r.l. et Cie, S.C.A.** and **Stripe Payments Europe, Ltd.**  
+Payments are handled by **Paddle.com Market Ltd.**  
 We do not store payment or credit card data.  
 Legal basis: Art. 6(1)(b) and (c) GDPR.
 
 Privacy policies:  
-- Paddle: https://www.paypal.com/de/webapps/mpp/ua/privacy-full  
-- Stripe: https://stripe.com/de/privacy
+- Paddle: https://www.paddle.com/legal/privacy
 
 ---
 
@@ -62,6 +61,7 @@ Privacy policies:
 We use **Matomo** (self-hosted) for anonymous usage analysis.  
 No data is shared with third parties.  
 IP addresses are anonymized.  
+In the guest areas of the app, an anonymous session identifier (**session_id**) is used and stored in a technically necessary cookie or in the browser’s local storage to associate uploads, likes, and tasks with a device or session. This identifier does not contain clear data such as names or email addresses and becomes invalid at the latest when the event or gallery storage period ends.  
 Only technically necessary cookies are used.  
 Legal basis: Art. 6(1)(f) GDPR.
 
@@ -87,7 +87,7 @@ No consent is required.
 
 ## 10. Data Disclosure
 Data is only shared with:
-- Payment providers (Paddle, Stripe)
+- Payment providers (Paddle)
 - Hosting provider (Hetzner)
 - Public authorities when legally required
 
@@ -120,4 +120,4 @@ We apply appropriate technical and organizational measures to secure your data,
 
 ## 14. Changes to this Privacy Policy
 We may update this Privacy Policy to reflect legal or functional changes.  
-The current version is always available at [https://fotospiel.app/privacy](https://fotospiel.app/privacy).
+The current version is always available at [/en/privacy](/en/privacy).