Privacy Policy

Status: April 2026. Reflects GDPR, TDDDG (German Telecommunications-Digital-Services-Data-Protection-Act, formerly TTDSG) and DDG (Digital Services Act, formerly TMG).

1. Controller

Controller per GDPR Art. 4 No. 7:
Nawinn Gutzeit, address see Imprint.
Email: datenschutz@stackschmiede.de

2. Hosting

Hosted by Hetzner Online GmbH in Falkenstein (Saxony, Germany). A Data Processing Agreement per GDPR Art. 28 is in place.

3. Endpoint access (§ 25 TDDDG)

This site sets no cookies that aren't strictly necessary for delivering the requested service. No § 25 TDDDG consent is required. Exception: an optional localStorage entry persisting your theme choice (light/dark) — strictly necessary per § 25 (2) No. 2 TDDDG.

4. Analytics (Plausible)

Plausible Analytics (Plausible Insights OÜ, Estonia, EU). No cookies, no plain-text IPs, no fingerprinting. Aggregated page views only. Legal basis: GDPR Art. 6(1)(f). No consent required.

5. Contact form and email

Submitted data goes to kontakt@stackschmiede.de and is stored on my own mailserver (Postfix/Dovecot) on the same Hetzner server in Falkenstein. No external mail provider, no third party sees the contents. Legal basis: Art. 6(1)(b) or (f). Deletion after request resolution or after 3 years.

6. Spam protection (Cloudflare Turnstile)

Cloudflare Turnstile (Cloudflare Inc., DPF-certified). No cookies, no fingerprinting. Anonymous token to Cloudflare. Legal basis: Art. 6(1)(f). US transfer only as technically required (DPF-certified).

7. Self-hosted fonts

Inter, JetBrains Mono, Instrument Serif served from this server — no Google Fonts CDN, no third-party connection on page load.

8. Server location and third-country transfers

All processing in EU/EEA (Hetzner DE incl. own mailserver, Plausible EE). No third-country transfers — except Cloudflare Turnstile (DPF-certified).

9. Your rights

• Access (Art. 15)
• Rectification (Art. 16)
• Erasure (Art. 17)
• Restriction (Art. 18)
• Portability (Art. 20)
• Objection (Art. 21)
• Complaint to supervisory authority (Art. 77)

10. Automated decisions / profiling

No automated decision-making per Art. 22 GDPR, no profiling. AI models used on this site only for content preparation, not visitor analysis.

Legal note: Reflects requirements known as of April 2026 (GDPR, TDDDG, DDG, DSA references). Final review recommended before go-live.