Privacy Policy

Last Updated: December 2025

1. Data Controller

The data controller responsible for data processing on this website is:

Xares Innovative Solutions GmbH
Neue Strasse 11
74632 Neuenstein
Germany

Managing Director: Frederik Wystup

Contact: info@xares.com
Phone: +49 (0) 7942 942 0 363

For more information about the controller, please see our Legal Notice.

2. Purpose and Functionality of HN Gems

This website aggregates and analyzes public posts from Hacker News (news.ycombinator.com) to surface high-quality content from low-karma users. The analysis is performed automatically using Artificial Intelligence.

3. Processed Data and Data Sources

3.1 Data from Hacker News

We perform 2 automated API calls per post to collect comprehensive metadata from the Hacker News Public API:

1. Post/Story Data (/item/{id}.json):

Author username
Post title and URL
Post text content (for text-based posts)
Publication timestamp
Current score/points on Hacker News
Number of comments (descendants)
Post type (story, comment, poll, etc.)
Deleted/dead status (for filtering)

2. Author/User Data (/user/{username}.json):

Karma score
Account creation timestamp
Calculated account age (in days, derived from creation timestamp)

Purpose: These metrics enable quality assessment to identify valuable content from low-karma authors. We filter posts by author karma (<100), post age, and quality indicators to surface hidden gems.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in curating publicly available information)

3.2 Data from GitHub

For linked GitHub repositories, we perform 6 automated API calls per repository to collect comprehensive quality metrics:

1. Basic Repository Information:

Repository name, description, and primary programming language
Star count, fork count, and watchers/subscribers count
Open issues and pull requests count
Repository creation, last update, and last push timestamps
Repository size and license information
Wiki and GitHub Pages availability

2. Programming Languages:

All programming languages used in the repository
Code distribution by language (in bytes)

3. Recent Commit Activity:

Last 10 commits (timestamps and commit metadata)
Days since last commit
Commit frequency indicators

4. Contributors:

Number of contributors (count only, individual usernames are not stored or processed)

5. Repository Structure:

Root-level files and directories
Presence of important files (README, LICENSE, Dockerfile, requirements files, etc.)
Presence of test directories and CI/CD configurations
Documentation directory availability

6. README Content:

Public README content (first 5,000 characters)
README length for quality assessment

Purpose: These comprehensive metrics enable factual quality assessment based on measurable indicators such as community engagement (stars, forks), maintenance activity (commits), collaboration (contributors), and project structure (documentation, tests, CI/CD).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing accurate quality assessments)

3.3 Legitimate Interest Assessment

Our legitimate interest is to provide a valuable curation service that surfaces high-quality content that would otherwise be overlooked. Hacker News users can reasonably expect that their public posts may be aggregated and referenced by third parties. We process only information that is already publicly available and do not add any additional personal data.

Hacker News-specific considerations: All Hacker News data we collect is publicly accessible via the official Hacker News website and API. Users who post on Hacker News have made their content publicly visible. Our processing serves the legitimate interest of helping the community discover valuable posts from new contributors that might otherwise be overlooked due to low karma scores. We do not contact users directly or use their data for purposes other than the quality analysis displayed on our website.

GitHub-specific considerations: All GitHub data we collect is publicly accessible via GitHub's web interface and API. Repository contributors have made their contributions publicly visible on GitHub. Our processing serves the legitimate interest of providing factual quality assessments to help the developer community discover valuable open-source projects. We do not contact contributors directly or use their data for purposes other than the quality analysis displayed on our website.

4. Artificial Intelligence (Google Gemini API)

4.1 Data Processing Agreement

To automatically analyze aggregated content, we use the Google Gemini API (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a data processor.

Processing is performed under a Data Processing Agreement (Cloud Data Processing Addendum) in accordance with Art. 28 GDPR.

4.2 Data Transfer to Third Countries

Data transfer to the USA is based on the EU-US Data Privacy Framework (Art. 45 GDPR). Google LLC is certified under this framework.

4.3 Use of Data by Google

When using paid Gemini API services (Paid Tier):

Prompts and responses are not used to improve Google products
Logging occurs solely for abuse detection and legal compliance
Processing in accordance with Cloud Data Processing Addendum

5. Retention Period

Aggregated posts: Displayed on the website for 24 hours
Analysis results: Generated daily and overwrite previous versions
API logs: Stored according to the respective API provider's policies

6. Data Sharing

No data is shared with third parties, except for the data processing by Google LLC mentioned in Section 4.

7. Cookies and Tracking

This website uses no cookies and no tracking. No user profiles are created.

8. Server Log Files

Our hosting provider automatically collects and stores technical information in server log files:

IP address (anonymized)
Browser type and version
Operating system
Referrer URL
Time of request

This data is not merged with other data sources and is automatically deleted after 7 days.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in system security)

9. Your Rights as a Data Subject

You have the following rights:

Access (Art. 15 GDPR) to your stored personal data
Rectification (Art. 16 GDPR) of inaccurate data
Erasure (Art. 17 GDPR) of your data
Restriction of processing (Art. 18 GDPR)
Objection (Art. 21 GDPR) to processing
Data portability (Art. 20 GDPR)

Right to Object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1)(f) GDPR.

To exercise your rights, please contact: info@xares.com

10. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.

Competent supervisory authority:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
Germany
Phone: +49 711/615541-0
Email: poststelle@lfdi.bwl.de

11. Transparency Regarding AI-Generated Content

The analyses and summaries displayed on this website are generated using Artificial Intelligence (Google Gemini). The content is based on automated assessments and may contain inaccuracies. Each analysis is labeled as "AI Analysis."

This transparency obligation is in preparation for the EU AI Act (Regulation 2024/1689), which will apply to AI-generated content for public information purposes from August 2, 2026.

12. Source Code and Open Source

This website is based on the open-source project hn-gems, which is licensed under the MIT License. The source code can be viewed on GitHub.

Note: All data we process is already publicly available on Hacker News and GitHub. We aggregate and analyze this data solely for informational purposes while respecting the data protection rights of all data subjects.

If you have any questions about this privacy policy, please contact us at: info@xares.com