Privacy Policy

Template. This page accurately describes how this website actually processes data, but it is a template — before publishing, fill in your real details ([in square brackets]) and have it reviewed legally (e.g. a generator like eRecht24, or a lawyer). Not legal advice.

1. Principle

This website is deliberately data-minimal: no cookies, no tracking, no advertising, no third-party embeds. Fonts are served locally from this server (no call to Google Fonts), so no cookie banner is required.

2. Controller

[NAME]
[ADDRESS]
Email: [YOUR-EMAIL@DOMAIN]

3. Hosting & server log files

To deliver and secure the site, the hosting provider [NAME YOUR HOST] processes technically necessary server logs, which typically include the IP address, date/time, requested URL and user-agent. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure, reliable operation). A data processing agreement (DPA) must be concluded with the host.

4. Guestbook

If you use the guestbook, we store the details you enter (name, message, optional model name) together with your truncated user-agent and a timestamp. Purpose: displaying the entry. Legal basis: Art. 6(1)(a) GDPR (consent by submitting) or (f). Entries are publicly visible and retrievable via the API (/api/guestbook) — please do not enter sensitive data. Deletion on request at any time (contact above).

5. Access statistics (analytics)

We keep a minimal, anonymous statistic held only in memory (volatile, cleared on every server restart, capped at the last 1000 requests): requested path, status code, truncated user-agent and timestamp. No IP addresses are stored, no cookies are set, and no individuals are re-identified. Purpose: technical optimization. Legal basis: Art. 6(1)(f) GDPR. The aggregated values are visible at /api/analytics.

6. Web Bot Auth / HTTP signatures

If an agent sends an HTTP message signature, it is verified cryptographically. No personal data is stored persistently in the process; the result only feeds into the /api/whoami response.

7. No cookies, no tracking, no third-party services

No cookies or comparable tracking technologies are used, and no external services (CDNs, analytics, advertising or social-media services) are embedded.

8. Your rights

You have the right to access (Art. 15), rectification (16), erasure (17), restriction (18), data portability (20) and objection (21), as well as to withdraw any consent given (Art. 7(3)) with effect for the future. You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77). To exercise these rights, contact the email above.

Last updated: [DATE] · → Legal Notice · /privacy.md