Definitions

For the purposes of this Privacy Policy:

• Personal Data is any information relating to an identified or identifiable natural person (Art. 4(1) GDPR).
• Usage Data refers to data collected automatically when using the Service, such as your IP address, browser type and the time of a page visit.
• Cookies are small files placed on your device by a website.
• Service refers to this website.
• Service Provider (processor) means any natural or legal person who processes data on my behalf within the meaning of Art. 28 GDPR.
• You means the individual accessing or using the Service.

Data I Collect and Legal Bases

1. Server log files (Usage Data). When you visit the website, my hosting provider automatically collects information that your browser transmits, in particular: IP address, date and time of the request, browser type and version, operating system, referrer URL and the pages accessed. This data is processed to deliver the website reliably and securely and to detect and prevent misuse. Legal basis: my legitimate interest in a functioning, secure website pursuant to Art. 6(1)(f) GDPR.

2. Newsletter / waitlist. If you enter your e-mail address to join the waitlist, I process that address to send you the requested updates. I use a double opt-in procedure: after signing up you receive a confirmation e-mail and are only added once you click the confirmation link. Legal basis: your consent pursuant to Art. 6(1)(a) and Art. 7 GDPR. You can withdraw your consent at any time with effect for the future — via the unsubscribe link in every e-mail or by contacting me — without affecting the lawfulness of processing carried out before the withdrawal (Art. 7(3) GDPR).

3. Contacting me. If you contact me by e-mail, I process your e-mail address and the content of your message in order to handle your request. Legal basis: Art. 6(1)(f) GDPR (my interest in answering enquiries) and, where your request concerns a contract, Art. 6(1)(b) GDPR.

Cookies and Tracking

This website uses only technically necessary storage. A session cookie is set when the site operator signs in to the protected admin area; it is strictly necessary for that login function. In addition, your browser's local storage may be used to remember interface state (for example, that you have already seen the welcome screen). This information stays on your device. Legal basis: § 25(2) no. 2 TDDDG and Art. 6(1)(f) GDPR.

I do not use analytics, advertising or tracking cookies, and I do not track your behaviour across websites. For that reason no cookie-consent banner is required.

Processors and Hosting

To operate this website I use carefully selected service providers who process personal data on my behalf as processors under a data-processing agreement pursuant to Art. 28 GDPR:

• Hosting: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA — operates the server infrastructure on which this website runs and processes the server log files described above.
• Domain & DNS: IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany — domain registration and name-server services.
• E-mail / newsletter delivery: Resend (Resend, Inc., 2261 Market Street #5039, San Francisco, CA 94114, USA) — processes the e-mail addresses of waitlist subscribers to store the audience and send confirmation and newsletter e-mails.
• Database: Supabase (Supabase, Inc.) — hosts the content of this website, such as blog posts and certificates.

International Data Transfers

Some of the providers named above are based in or process data in the United States. Where personal data is transferred to a third country, the transfer is safeguarded in accordance with Art. 44 et seq. GDPR — in particular on the basis of the EU-U.S. Data Privacy Framework and/or the European Commission's Standard Contractual Clauses (Art. 46 GDPR).

Retention

I store personal data only for as long as necessary for the purposes described above or as required by statutory retention obligations (Art. 5(1)(e) GDPR):

• Server log files: processed by my hosting provider (Vercel) and retained only for a short period in accordance with Vercel's log-retention policy; I do not keep separate copies.
• Newsletter — confirmed subscribers: your e-mail address is stored until you unsubscribe or withdraw your consent.
• Newsletter — unconfirmed sign-ups: the confirmation link expires after 24 hours, and pending entries that have not been confirmed are deleted at the latest after 30 days.
• E-mail correspondence: stored for as long as needed to handle your request and then deleted, unless statutory retention periods apply.

Your Rights

Under the GDPR you have the following rights regarding your personal data. To exercise them, simply contact me using the details above:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure / 'right to be forgotten' (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR)
• Right to withdraw consent at any time (Art. 7(3) GDPR)

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The authority responsible for me is: Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI BW), Lautenschlagerstraße 20, 70173 Stuttgart, Germany.

Children's Privacy

This Service is not directed to children under the age of 16. I do not knowingly collect personal data from children under 16 (Art. 8 GDPR). If you are a parent or guardian and believe your child has provided me with personal data, please contact me and I will delete it.

Security of Your Personal Data

I take appropriate technical and organisational measures to protect your personal data in accordance with Art. 32 GDPR — for example, encrypted (TLS) transmission of this website. However, no method of transmission over the internet or electronic storage is 100% secure, so I cannot guarantee its absolute security.

Links to Other Websites

This Service may contain links to other websites that are not operated by me. If you click a third-party link you will be directed to that site. I have no control over, and assume no responsibility for, the content or privacy practices of any third-party sites. I advise you to review the privacy policy of every site you visit.

Changes to this Privacy Policy

I may update this Privacy Policy from time to time. Changes are effective when the updated version is posted on this page. Please review it periodically. The date at the top indicates when it was last revised.

Contact

If you have any questions about this Privacy Policy or wish to exercise your rights, you can contact me by e-mail at hey.jannic@outlook.com.