$ cat privacy.txt
This privacy policy explains which personal data we process when you visit this website, for what purposes and on what legal basis, and what rights you have. We keep data collection to the minimum needed to run the site.
As of June 2026.
The controller responsible for the processing of personal data on this website within the meaning of the GDPR is:
Jan Henning GünzelEmail: contact@jan-guenzel.de
You can find the full contact details in the imprint.
This website is hosted by Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA). When you access the site, your browser automatically transmits data that Vercel stores in server log files: your IP address, the date and time of the request, the page requested, the referrer URL, and your browser and operating system. This processing is necessary to deliver the website reliably and securely and to defend against attacks. The legal basis is our legitimate interest in a secure and functional website (Art. 6 (1)(f) GDPR). Vercel processes this data on our behalf as a processor (Art. 28 GDPR); processing may take place in the USA (see “Data transfers to third countries”).
We do not use tracking or advertising cookies. We only store data on your device that is technically necessary for functions you request: your theme, colour scheme and language preference (in localStorage and a cookie sent back to the site), a cookie that records you have already been counted by the visitor counter so you aren't counted twice, and — only if you sign in — a signed, httpOnly session cookie. None of these contain tracking identifiers. Storing strictly necessary information is permitted under § 25 (2) TDDDG; the associated processing rests on our legitimate interest in providing the requested functions (Art. 6 (1)(f) GDPR).
You can sign in to the message board with your GitHub account; this is entirely optional. When you do, we ask GitHub only for your public profile (scope read:user) and store a signed, httpOnly session cookie — no password and no email address. The processing happens at your request to enable sign-in; the legal basis is your consent, given by starting the sign-in (Art. 6 (1)(a) GDPR). You can withdraw it at any time by logging out, which deletes the cookie. The login is operated via GitHub, Inc. (88 Colin P. Kelly Jr. St, San Francisco, CA 94107, USA).
If you post a message on the board, we store your public GitHub username, display name, avatar URL, GitHub user id, the message text and the time of posting. This data is shown publicly on the board and is used to display contributions and count distinct contributors. The legal basis is your consent through posting (Art. 6 (1)(a) GDPR). You can edit or delete your own messages at any time; deleting a message removes it from the board. Please do not post anything you would not put on a public page. Messages are stored in a Neon Postgres database (a service of Neon Inc.), provisioned through the Vercel platform.
Our hosting provider Vercel and the sign-in provider GitHub (a Microsoft company) may process data on servers in the USA. Where this happens, the transfer is safeguarded either by the providers' certification under the EU-US Data Privacy Framework or by EU standard contractual clauses pursuant to Art. 46 (2)(c) GDPR. Avatar images shown on the board are loaded directly from GitHub's servers, which means your IP address is transmitted to GitHub when those images load.
Server log files are stored only for a short period for security purposes and are then deleted or anonymised. Board messages remain stored until you delete them or the board is taken offline. Preference and counter cookies expire after at most one year or when you clear your browser storage; the session cookie is deleted when you log out or when it expires.
This site uses TLS (HTTPS) encryption for all connections to protect the transmission of your data.
Under the GDPR you have the following rights regarding your personal data:
Right to object: where we process data on the basis of our legitimate interests (Art. 6 (1)(f) GDPR), you have the right to object to that processing on grounds relating to your particular situation (Art. 21 GDPR).
You also have the right to lodge a complaint with a data protection supervisory authority if you believe the processing of your data infringes the GDPR. You may contact the authority responsible for your place of residence or the one responsible for the controller.
To exercise your rights, contact us using the address in the imprint.
We may adjust this privacy policy so that it always reflects current legal requirements or changes to the site's functions. The version published here applies to your visit.