WEBKNOSSOS is a team-based open-source tool for exploring and collaboratively annotating 3D image datasets. Viewing datasets is possible without a registration. However, if users want to create annotations or perform any other changes to the system, they need to have a registered account. Personal data is processed in WEBKNOSSOS. This privacy statement describes the data that is processed, the rights data subjects have, what external services are used and other privacy-related information.


    "WEBKNOSSOS" is the application that can be used for viewing and annotating 3D image datasets.
    An "instance" of WEBKNOSSOS is one installation of the application on a server with one domain name attached (e.g.
    Persons that use WEBKNOSSOS are "users" or "you" (in GDPR terms "data subjects").
    "Anonymous users" are users that do not have a registered account with WEBKNOSSOS.
    "Registered users" have an account. WEBKNOSSOS processes personal data of users.
    An instance that the user uses is referred to as the "service".
    The "controller" is the person or legal entity that is responsible for the processing of personal data within the meaning of GDPR (see GDPR Art. 4 (7) for full definition).
    A research group or research lab or other entity that uses WEBKNOSSOS for their team is technically represented as an "organization" in WEBKNOSSOS. The organization or their representative is the data controller of the information within their instance of webKnossos.
    WEBKNOSSOS may be provided as a hosted service. In that case, the hosting provider is a "processor" within the meaning of GDPR (see GDPR Art. 4 (8) for full definition). The processor performs data processing on behalf of the controller.
    "We" generally means the controller.

Data controller and processor

scalable minds GmbH

Großbeerenstraße 15
14482 Potsdam

District Court Potsdam, HRB 25763
Managing Directors: Tom Bocklisch, Tom Herold, Norman Rzepka
USt-Id. DE283513495


Your Data

In order to provide the WEBKNOSSOS application, several external services are used. Some personal data of users may be transmitted to these services as described below.

    Google Analytics (with the anonymizer function) is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about which features were used, or how often and for what duration a feature has been used. Web analytics are used for the optimization and maintenance of a website. The legal basis for using Google Analytics is a legitimate interest to provide and improve the service. Read more below.
    Airbrake is an error reporting tool. System errors that occur in the application are logged in Airbrake. When an error occurs the IP address of the user, as well as the user account information of registered users, are transmitted to Airbrake. The purpose of error reporting is to resolve errors and therefore to ensure uninterrupted service. Airbrake is operated by Airbrake Technologies, Inc., 535 Mission Street, 14th floor, San Francisco, CA 94105, USA. After 30 days data is automatically deleted from the service. The legal basis for using Airbrake is a legitimate interest to provide and improve the service.
    Amplitude is a product analytics tool. Features that are used by registered users are logged in Amplitude. With each event, pseudonymized user identifiers are transmitted to Amplitude. The purpose of product analytics is to optimize and maintain the service. Amplitude is operated by Amplitude Inc., 631 Howard St., Floor 5, San Francisco, CA 94105, USA. After 30 days data is automatically deleted from the service. The legal basis for using Amplitude is a legitimate interest to provide and improve the service.
    Request logs are collected that contain a series of general data and information when a data subject or automated systems calls up WEBKNOSSOS. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems. This data is used for resolving errors and therefore to ensure uninterrupted service. Logs are automatically deleted after 30 days. The legal basis for collecting logs is a legitimate interest to provide and improve the service.

For registered users we store and process the following pieces of personal data:
● First/Last name● Email address● Organization affiliation● Encrypted password● Activity times● Application configurations
This data is attached to the user's account. It is used to identify the annotation data that was created by the user and for administrative purposes. The legal basis is user consent (upon signup).

Registered users may participate in discussions on the WEBKNOSSOS support platform. Posts and replies that they make there are visible to other webKnossos users (also from other WEBKNOSSOS instances). Their posts and replies may be removed at any time.

Registered users may choose to publish datasets or annotations they have created or uploaded or are maintaining. This data will then be publicly available to everybody on the internet. Personal data such as name, email address and organization affiliation may be made public as well in order to provide the attribution that is common within the scientific community. Users may unpublish their work at any time.

For scientific purposes, it may be required to retain personal information in order to provide attribution and accountability.

We do not sell, trade, share, or rent the personal data collected from our Service to third parties other than as outlined in this policy.

Your Rights

    If you wish to confirm, access, update/correct or request deletion of your personal data, you can do so by contacting us.
    You can always object to processing the of your personal data, please ask us to restrict processing of your personal data or request a data export. Again, you can do so by contacting us.
    You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.
    You can request an archive of the data we have stored about you. Again, to file for such a request, please contact us.

Legal Basis

Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Are we subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR.

Data security

The processor has implemented a number of technological and organizational measures in order to maintain the safety and integrity of your data.

    Servers are actively maintained and updated with state-of-the-art technologies and security patches to prevent malware and attackers.
    Unusual resource consumption is regularly monitored.
    Access control to the servers is implemented with encrypted challenge-response methods.
    Employees are granted access to the servers only if they need it.
    Regular and encrypted backups are implemented and monitored.
    Employees are required to attend regular privacy training in order to ensure responsible handling of personal data.
    Suppliers and integrated services are evaluated and inspected on a regular basis.


We reserve the right to update or modify this Privacy Policy from time to time without prior notice. Please review this document especially before you provide any information. This Privacy Policy was last updated on the date indicated below. Your continued use of the Services after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.

If you have any questions, comments or just want to say hi, feel free to write an email to moc.sdnimelbalacs%40ycavirp.

More information on the use of Google Analytics

For the web analytics through Google Analytics the processor uses the option "anonymizeIp". By means of this option, the IP address of the Internet connection of the data subject is abridged by Google and anonymized when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.

The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use to the application and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us.

Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.

The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by the data subject. With each visit to our Internet site, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.

The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.

In addition, the data subject has the possibility of objecting to a collection of data that are generated by Google Analytics, which is related to the use of this website, as well as the processing of this data by Google and the chance to preclude any such. For this purpose, the data subject must download a browser add-on under the link and install it. This browser add-on tells Google Analytics through a JavaScript, that any data and information about the visits of Internet pages may not be transmitted to Google Analytics. The installation of the browser add-ons is considered an objection by Google. If the information technology system of the data subject is later deleted, formatted, or newly installed, then the data subject must reinstall the browser add-ons to disable Google Analytics. If the browser add-on was uninstalled by the data subject or any other person who is attributable to their sphere of competence, or is disabled, it is possible to execute the reinstallation or reactivation of the browser add-ons.

Further information and the applicable data protection provisions of Google may be retrieved under and under Google Analytics is further explained under the following Link

Date: May 25, 2018