Privacy Policy

Information according to Art. 13 GDPR

1. Data controller

The data controller responsible for processing on this site is named in the Imprint.

2. What we collect

• Server access log: when you visit a page, our server records your IP address, the URL requested, the time, and the user-agent string. This data is automatically deleted after 14 days.
• Contact form: if you use the contact form, we store the name, email (optional, only if you provide it), subject, message body, your IP address (for rate-limiting), and a timestamp. After we reply, or after 90 days, the record is deleted.
• Session cookie: a technically necessary cookie used only by Django's CSRF protection. No analytics or tracking cookies are set.

3. What we do NOT collect

No analytics, no Google services, no Facebook pixel, no third-party advertising. We do not sell, share, or transmit personal data for profiling or marketing purposes.

4. Third parties

• hCaptcha (Intuition Machines, Inc.) — used on the contact form for spam prevention. When you complete the captcha, hCaptcha receives your IP and limited browser data. See their privacy policy.
• Hosting provider: server infrastructure is operated by a German hosting provider under a Data Processing Agreement (Auftragsverarbeitung) pursuant to Art. 28 GDPR.

5. Your rights

You have the following rights under Art. 15-22 GDPR:

• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure (Art. 17)
• Right to restrict processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21)

To exercise any of these rights, contact us at the email address in the Imprint. You also have the right to lodge a complaint with the competent data protection authority (e.g., the BfDI or the Landesbeauftragte for the state where you reside).

6. Cookies

We use only a technically necessary session cookie (CSRF protection). This is exempt from consent under § 25 TTDSG, and no cookie banner is required.