Privacy Policy
Last updated: May 2025
Welcome to commonUX.org – a platform dedicated to the ethical, intelligent, and empowering exploration of User Experience (UX). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your information when you use our website.
I. Who We Are
commonUX.org is operated by an independent collective focused on responsible UX innovation. We offer educational content, community interaction, gamification features, and AI-assisted tools.
If you have questions about how we handle your data, you can contact us at:
II. What Data We Collect
We only collect data necessary for platform functionality and continuous improvement. This includes:
a) Data You Provide
- Registration Data: Username, email address, profile details
- User Profile Activity: XP points, quiz results, badges, comments
- Contact Information: When you email us or use a contact form
b) Data We Collect Automatically
- Technical Data: IP address, browser type, device info
- Usage Data: Page visits, time on site, clicks, scroll behavior
- Cookie Data: Preferences, session ID, login state
c) Optional Integrations
If you connect third-party services (e.g., Notion, GitHub), we may store limited metadata to personalize your experience.
d) Data Processing Services
e) Categories
III. How We Use Your Data
We process data for the following lawful purposes:
- To operate and maintain your user account
- To deliver gamification and AI services (e.g., XP tracking, chatbots)
- To improve platform usability and content relevance
- To communicate important updates or policy changes
- To prevent abuse and ensure platform security
We do not use your data for advertising or sell your data to third parties.
IV. Legal Basis for Data Processing
Legal Basis: Consent (Art. 6 para. 1 lit. a GDPR)
We process your data based on your explicit consent. You may withdraw this consent at any time with future effect.
Alternative bases where applicable:
- Contract (Art. 6 para. 1 lit. b GDPR): Where data processing is necessary for the performance of a contract, such as for user login, account management, or delivering a purchased service.
- Legitimate Interest (Art. 6 para. 1 lit. f GDPR): Used only in strictly limited cases where we have a clear and balanced legitimate interest (e.g. security monitoring). Not used for analytics unless explicitly permitted under local regulations.
Under the GDPR, our legal basis includes:
- Consent: For analytics, cookies, and optional features
- Contractual necessity: To provide you with an account and services
- Legitimate interest: To improve functionality and security
You may withdraw your consent at any time.
V. Cookies & Tracking
We use cookies for:
- Session management and login
- Saving user preferences
- UX performance analytics (via tools like Matomo or Google Analytics)
- Gamification progress tracking (via GamiPress)
You can manage cookies in your browser settings or via our cookie banner.
a) Tracking Services
b) Cookie Overview
We use cookies and similar technologies to improve your experience. Below is an overview of the cookies used on this site:
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
usercentrics_consent | Stores the user’s consent preferences | 1 year | Essential |
IDE | Used by Google DoubleClick for ad targeting | 13 months | Marketing |
test_cookie | Tests if the browser supports cookies | 1 day | Marketing |
YSC | Registers a unique ID for YouTube videos | Session | Functional |
VISITOR_INFO1_LIVE | Estimates YouTube user bandwidth | 6 months | Functional |
__cf_bm | Cloudflare Bot Protection | 30 minutes | Essential |
vuid | Vimeo analytics tracking | 2 years | Functional |
_ga | Google Analytics – Used to distinguish users | 2 years | Functional |
_gid | Google Analytics – Used to distinguish users | 24 hours | Functional |
1P_JAR | Google Ads – Ad personalization | 1 month | Marketing |
CONSENT | Google cookie consent tracking | 2 years | Essential |
NID | Google – Stores user preferences | 6 months | Marketing |
wp-settings-time | WordPress settings for logged-in users | 1 year | Functional |
wp-settings | WordPress user interface customization | 1 year | Functional |
tk_ai | WordPress – Jetpack analytics | Session | Functional |
_GRECAPTCHA | Google reCAPTCHA – Spam protection | 6 months | Functional |
VI. Data Sharing
We may share your data with trusted partners only when necessary:
- Hosting & Infrastructure Providers (e.g., Hetzner, AWS)
- Analytics Providers (anonymized data)
- Plugin Services (e.g., Ultimate Member, GamiPress)
All providers are GDPR-compliant and bound by confidentiality.
a) International Data Transfers & Safe Guards
Some of our service providers are based outside the European Economic Area (EEA). In such cases, we ensure that an adequate level of data protection is maintained by implementing appropriate safeguards, such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission,
- Adequacy decisions under Article 45 GDPR,
- Additional technical and organizational measures to protect your data.
Data transferred outside the EU is protected under Standard Contractual Clauses approved by the European Commission.
You can request a copy of the applicable safeguards by contacting us at: join@commonux.org.
VII. Your Rights
As a user, you have the right to:
- Access your personal data
- Correct or delete your data
- Restrict or object to processing
- Data portability
- Withdraw consent at any time
- Lodge a complaint with a supervisory authority (e.g., DSB Austria)
You can withdraw your consent at any time by contacting us at join@commonux.org or by adjusting your preferences in the cookie settings.
VIII. Data Retention
We retain your data only as long as needed:
- User accounts: Stored until deletion or inactivity >12 months
- Analytics data: Retained in aggregate/anonymized form
- AI interaction logs: Stored for model improvement (pseudonymized)
IX. Data Security
We implement best-practice security:
- Encrypted connections (SSL/TLS)
- Role-based access controls
- Regular vulnerability checks
- Daily encrypted backups
X. AI & Profiling
Our digital solutions and consulting services may incorporate artificial intelligence (“AI”) technology, provided and operated by ProBotica. While we strive for the highest standards of accuracy, reliability, and security, all AI-generated content, responses, and recommendations are intended for informational and supportive purposes only. AI services do not constitute professional advice (including legal, financial, or medical guidance), and should not be solely relied upon for critical decision-making.
Some features (e.g. chatbots) use AI to enhance your experience. These systems:
- Do not make legally binding decisions
- Are continuously monitored for fairness and bias
- May use anonymized interaction data to improve system quality
XI. Children’s Privacy
Our website is not intended for children under 16. We do not knowingly collect data from minors.
XI. International Transfers
All data is processed in the EU or in countries with adequate protection standards. If data is transferred outside the EU, we ensure it is covered by appropriate safeguards (e.g., Standard Contractual Clauses).
XII. Changes to This Policy
We may update this policy to reflect legal or technical changes. Major changes will be communicated via email or site notifications.
XIII. Data Protection Contact
For privacy-related inquiries:
commonUX.org
Email: join@commonux.org
Subject: Privacy-Related Request + Your Name
Location: Linz, Austria (non-commercial private platform)
Last updated: May 2025
This privacy policy may be updated in line with legal or technical changes. We encourage you to review this page regularly.