Admin:Docs IT Know-how. Documented. Shared.
Legal

Privacy Policy

This Privacy Policy explains the nature, scope, and purpose of the processing of personal data when visiting this website. Processing is carried out in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

1. Infrastructure and Hosting

Hybrid gateway routing with VPN protection

To ensure availability, stability, and security we operate a multi‑layer, privacy‑friendly infrastructure:

  • Technical entry point (gateway) Public access to this website is provided via a server of Hetzner Online GmbH Industriestr. 25, 91710 Gunzenhausen (Germany). This server only provides a static IP address and routing.
  • Encrypted transport (VPN) The connection between the gateway server and our internal infrastructure is established exclusively via an end‑to‑end encrypted VPN connection. Direct access from the Internet to internal systems is technically excluded.
  • Data processing agreement A compliant data processing agreement (DPA) pursuant to Art. 28 GDPR exists with Hetzner Online GmbH. Only technically unavoidable, transient connection data is processed.
  • Legal basis Art. 6(1)(f) GDPR (legitimate interest in a secure, stable, and technically controlled provision of the online offering)

2. Server configuration and strict log minimization

OpenResty / Nginx

We strictly follow the principle of data minimization pursuant to Art. 5(1)(c) GDPR. Our web server is configured so that personal data does not arise in the first place:

💡 No access logs: Logging of access is completely disabled (access_log off;). No IP addresses, user‑agent strings, referrers, or requested URLs are stored.


💡 Strongly reduced error logs: Error logs are written only at level crit (critical). These logs serve system reliability only and contain no personal data.

3. Transport encryption

SSL/TLS, HTTP/3 (QUIC) and HSTS

Your data is transmitted exclusively in encrypted form:

  • HTTPS / SSL‑TLS The website is accessible only via encrypted connections.
  • HTTP/3 (QUIC) Modern protocol architecture with integrated encryption and improved security.
  • HSTS (HTTP Strict Transport Security) Your browser is instructed to allow only encrypted connections to this domain.

4. Web analytics

Umami – hardened self‑hosted setup

For purely statistical evaluation we use the open‑source tool Umami in a maximally privacy‑friendly configuration:

  • Self‑hosting: The Umami instance runs entirely on our own infrastructure. No data is transferred to third parties.
  • No IP tracking (DISABLE_IP_TRACKING=1) IP addresses are neither stored nor processed.
  • No cookies (DISABLE_TRACKING_COOKIE=1) No tracking or identification cookies are set. Returning page views are recorded only via an anonymous, rotating hash that does not allow personal identification.
  • Do‑Not‑Track respected (RESPECT_DNT=1) If your browser has “Do Not Track” enabled, your visit is completely ignored.

💡 Legal basis: Art. 6(1)(f) GDPR (legitimate interest in anonymous, statistical analysis for technical optimization)

5. No third‑party resources

Zero‑external‑requests policy

This website loads no content from external servers:

  • Local fonts: All fonts (e.g., web fonts or icons) are delivered locally from our own server.
  • No CDNs, no APIs: No content delivery networks, Google services, or comparable third‑party providers are used.

This prevents your IP address or browser data from being transmitted to external entities.

6. Contact by e‑mail

If you contact us by e‑mail, we process the data you provide (e.g., e‑mail address, name, message) exclusively for handling your request.

  • No disclosure to third parties
  • No use for advertising purposes
  • Deletion after the purpose has been fulfilled, unless statutory retention obligations apply

💡 No automated decision‑making or profiling takes place.

💡 Legal basis: Art. 6(1)(b) GDPR (pre‑contractual communication) or Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries)

7. Your rights as a data subject

You have the following rights under Art. 15–21 GDPR:

  • Access to stored data
  • Rectification or erasure of incorrect or unlawful data
  • Restriction of processing
  • Objection to processing

⚠️ Important note Since we neither store IP addresses nor use tracking, there is generally no personal data about you. Information is therefore usually only possible for data you have actively provided (e.g., by e‑mail).

8. Right to lodge a complaint with a supervisory authority

If you believe that the processing of your data violates data protection law, you have the right under Art. 77 GDPR to lodge a complaint with a competent data protection supervisory authority.

Privacy policy status: January 30, 2026