Privacy Policy

The protection of your personal data is very important to me. In this privacy policy, I inform you about what data I collect when you use my website, how I process it, and what rights you have.

Personal data is only collected when you voluntarily provide it (e.g., via the contact form) or when it is technically necessary for the operation of the website (e.g., IP address, usage data).

Data Controller

The data controller for this website is the entity named in the Imprint. A data protection officer is not appointed, as the requirements under Art. 37 GDPR are not met.

Cookies and Local Storage

This website uses cookies and similar technologies (e.g., localStorage) to improve functionality, save your preferences, and analyze website usage. Cookies are small text files stored on your device. localStorage is a similar mechanism where data is stored locally in your browser.

Legal Basis

The use of cookies and similar technologies is governed by § 25 TDDDG and Art. 6(1)(a) GDPR. Non-essential cookies (e.g., for analytics) are only set with your explicit consent, which you can provide through the cookie banner.

Technologies Used

Consent Storage (localStorage)

• Purpose: Storage of your cookie preference (accept/reject).
• Storage location: localStorage in the browser.
• Retention: Until you change your settings or clear your browser data.

Analytics Cookies (PostHog)

With your consent via the cookie banner, cookies and localStorage entries from PostHog are set. The consent covers all features described under Extended Analytics: detailed device information and recognition of returning visitors. These features serve a unified purpose — analyzing and optimizing the user experience — and are provided through a single service (PostHog) as a data processor.

The following cookies and localStorage entries are set upon consent:

Name	Type	Purpose	Retention
ph_phc_*_posthog	Cookie	Session and user identification for returning visitors	1 year
ph_* (various)	localStorage	Persistence of analytics settings and user recognition	Until browser data is cleared

Without consent, no cookies or localStorage entries are set by PostHog. All data is held exclusively in the browser’s working memory and discarded when you leave the page.

Managing Cookies

You can change your cookie settings at any time via the Cookie Settings link in the footer. Additionally, you can manage or delete cookies and localStorage data through your browser settings.

Note: Disabling analytics cookies has no impact on the functionality of the website.

Use of Contact Form

Purpose of Processing

When you use the contact form, you may voluntarily provide personal data such as your name (optional), email address, and message. This data is collected solely for the purpose of responding to your inquiry. The form is protected by Cloudflare Turnstile; the data this involves is processed by Cloudflare as an independent controller, as described in the Website Security and Bot Protection section below.

Types of Data Collected

• Name (optional): To personalize responses, if provided.
• Email Address (required): To enable communication and provide a response.
• Message (required): The content of your inquiry or message.

Legal Basis for Processing

When you submit the contact form, the processing of the data you provide is based on your consent (Art. 6(1)(a) GDPR) and on my legitimate interest in receiving and responding to inquiries (Art. 6(1)(f) GDPR). Where your inquiry concerns a contract or a service, the processing is additionally based on the performance of, or steps taken prior to entering into, a contract at your request (Art. 6(1)(b) GDPR).

Data Retention

Personal data submitted through the contact form is deleted after the inquiry has been resolved, unless legal retention obligations apply.

Data Sharing

The information you submit through the contact form will not be shared with third parties without your explicit consent, except as required by law or via the data processor (Proton Mail) described below.

Email Service Provider

Form submissions are forwarded via Proton Mail (Proton AG, Route de la Galaise 32, 1228 Plan-les-Ouates, Switzerland) as a data processor. Only your name, email address, and message content are transmitted. Proton AG is subject to Swiss data protection law, which is recognized by the European Commission as providing an adequate level of data protection. Further information: https://proton.me/legal/privacy

Security

All information submitted via the contact form is transmitted over a secure connection (SSL/TLS) to ensure your data’s confidentiality and integrity.

Web Analytics

Use of PostHog

This website uses PostHog, an analytics platform, to understand usage behavior and improve the functionality, usability, and performance of the website. PostHog is operated on servers in the European Union (EU) to meet GDPR requirements for data processing.

Usage Data Without Consent

Based on my legitimate interest (Art. 6(1)(f) GDPR), I collect pseudonymous usage data without cookies and without user profiles. No cookies are set and no personal user profiles are created. Recognition across sessions does not take place.

With each page view, the following data is transmitted to PostHog, which processes it exclusively on my behalf (Data Processing Agreement pursuant to Art. 28 GDPR):

• Page views and interactions: pages visited, clicks, scroll behavior
• Device category: whether you are using a mobile device, tablet, or desktop — derived from the HTTP User-Agent header, which your browser automatically transmits with each page request
• Performance metrics (Web Vitals): loading times (LCP), layout stability (CLS), and interaction delay (INP) for detecting technical issues
• Functional events: usage of website features such as form submissions
• Approximate location: country and region — your IP address is used server-side by PostHog for location derivation and then discarded

In this mode, no screen resolutions, viewport sizes, or time zones are read via JavaScript. Browser type and operating system are derived server-side from the HTTP header, not collected client-side.

I use this data exclusively in aggregated form to analyze usage patterns and functional workflows. No merging with other data sources or identification of individual persons takes place.

• Legal basis: Legitimate interest in improving and technically monitoring the website (Art. 6(1)(f) GDPR). My interest is to improve the functionality and usability of the website, not to identify or profile individual users.
• Purpose: Improvement of website functionality, performance monitoring, analysis of usage workflows (funnels).
• Retention: 12 months. After this period, the data is automatically deleted.

Extended Analytics (With Consent)

With your explicit consent (Art. 6(1)(a) GDPR) via the cookie banner, the following additional data may be collected:

• Detailed device information: screen resolution, viewport size, and other browser characteristics to optimize the display across different devices.

• Returning visitor recognition: cookies and localStorage for recognizing returning visitors.

• Purpose: Detailed analysis and optimization of the user experience.

• Withdrawal: You can withdraw your consent at any time via the Cookie Settings or your browser settings.

Opt-Out

You can manage the analytics features via the Cookie Settings. Additionally, you can enable the “Do Not Track” feature in your browser to limit data collection.

Further Information

For more details about PostHog and its privacy practices, visit their privacy policy: https://posthog.com/privacy

Hosting

Hosting Provider

This website is hosted on Cloudflare Workers, a service of Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). Cloudflare operates the infrastructure on which this website runs and serves its content, processing data as a data processor pursuant to Art. 28 GDPR.

Data Processed

With each access to this website, the following data is automatically processed:

• IP address
• Date and time of the request
• HTTP request data (URL, method, status code)
• Browser and device information (User-Agent, Referrer)
• TLS/SSL connection data

Legal Basis

The processing is based on my legitimate interest (Art. 6(1)(f) GDPR) in operating a secure and functional website. Processing is limited to technically necessary connection data that is unavoidable with each page request. Without this processing, providing the website would not be possible.

Log Retention

The connection and diagnostic data listed above is processed by Cloudflare in the form of request logs. These logs are retained in accordance with Cloudflare’s retention policies and are used solely for operational and security purposes.

Data Transfer

Cloudflare, Inc. is based in the USA, a third country within the meaning of the GDPR. Cloudflare is certified under the EU-US Data Privacy Framework (DPF) and has additionally concluded Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR. A Data Processing Agreement (DPA) applies through the Cloudflare Customer DPA, which automatically covers all Cloudflare customers.

Further Information

Further details on data processing by Cloudflare can be found in their privacy policy: https://www.cloudflare.com/privacypolicy/

Website Security and Bot Protection

Use of Cloudflare

This website uses services from Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA) for DNS management, DDoS protection, and web application firewall (WAF). All traffic to this website passes through Cloudflare’s network, which acts as a reverse proxy and caching layer. Cloudflare additionally hosts and serves this website, as described in the Hosting section above.

Data Processed

With each access to this website, the following data is processed by Cloudflare:

• IP address
• HTTP request data (URL, method, timestamp)
• Browser and device information (User-Agent, Referrer)
• TLS/SSL connection data

This data is processed to deliver the website, protect against DDoS attacks, and ensure operational security.

Legal Basis

The processing is based on my legitimate interest (Art. 6(1)(f) GDPR) in operating a secure and functional website. Processing is limited to technically necessary connection data that is unavoidable with each page request. Without this processing, reliable delivery of the website would not be possible.

Data Transfer

Cloudflare, Inc. is based in the USA, a third country within the meaning of the GDPR. Cloudflare is certified under the EU-US Data Privacy Framework (DPF). Additionally, Cloudflare has concluded Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR. A Data Processing Agreement (DPA) applies through the Cloudflare Customer DPA, which automatically covers all Cloudflare customers.

Further Information

Further details on data processing by Cloudflare can be found in their privacy policy: https://www.cloudflare.com/privacypolicy/

Cloudflare Turnstile (CAPTCHA)

This website uses the CAPTCHA service Cloudflare Turnstile to distinguish between human users and automated access (bots). This protects forms from abuse and spam.

Data Processed

When using Cloudflare Turnstile, the following data may be collected and processed:

• IP address
• Browser and device information
• Interactions with the CAPTCHA (e.g., mouse movements, clicks)

The data is used exclusively for CAPTCHA verification and is not processed for advertising purposes.

Legal Basis

The use of Turnstile is technically necessary to ensure the functionality of forms (§ 25(2)(2) TDDDG). The transmission of data to Cloudflare is based on my legitimate interest in protecting forms from automated abuse (Art. 6(1)(f) GDPR).

Data Transfer

Cloudflare processes Turnstile data as an independent controller in accordance with their Turnstile Privacy Policy. Cloudflare, Inc. is certified under the EU-US Data Privacy Framework.

Further Information

The retention period of data collected by Turnstile is governed by Cloudflare’s retention policies. Further details can be found in the Turnstile Privacy Policy and the general Cloudflare Privacy Policy.

External Links

You may find links to external websites on my site. I am not responsible for the content or privacy practices of these external sites; the respective operators are.

Your Rights

Under the GDPR, you have the right to:

• Access your personal data (Art. 15 GDPR)
• Rectification of incorrect or incomplete data (Art. 16 GDPR)
• Erasure (“right to be forgotten”) of your personal data, subject to legal obligations (Art. 17 GDPR)
• Restriction of Processing, under certain circumstances (Art. 18 GDPR)
• Data Portability, allowing you to receive and reuse your personal data across different services (Art. 20 GDPR)
• Object to the processing of your data for direct marketing or on grounds relating to your particular situation ( Art. 21 GDPR)
• Withdraw Consent at any time if processing is based on consent (Art. 7(3) GDPR)

To exercise any of these rights, or if you have any questions regarding your personal data, please contact me at the address provided in the Imprint.

Right to Lodge a Complaint

If you believe your personal data is being processed unlawfully, you have the right to lodge a complaint with a supervisory authority under Art. 77 GDPR. In Germany, you can typically contact the data protection authority of the federal state where you reside or where the alleged infringement occurred.

Automated Decision-Making

No automated decision-making, including profiling, pursuant to Art. 22 GDPR takes place on this website.

Contact

If you have any questions regarding data protection, you can contact me anytime at the contact address: contact@kuegler.dev