Privacy Policy

Last updated: August 20, 2025

1. Controller

David Liebermann
Burgstraße 43
06114 Halle (Saale), Germany
Email: mailto:hallo@davidliebermann.de

No data protection officer has been appointed because the legal requirements are not currently met.

2. Provision of the website via Cloudflare Worker

This website is delivered as a Cloudflare Worker (provider: Cloudflare, Inc., USA / Cloudflare Ltd., UK). When the site is accessed, technically necessary data are processed:

IP address, timestamp, requested URL/path
User-Agent, referrer
security/firewall events where applicable

Purposes: Secure and performant operation of the website, caching, prevention of abuse.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and efficient provision).

Recipients/third-country transfer: Processing may also occur in third countries (e.g., USA). Transfer is based on appropriate safeguards (e.g., EU Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework). A data processing agreement (Art. 28 GDPR) is in place with Cloudflare.

Retention period: Cloudflare typically retains logs only for a short period; we do not store them beyond that.

3. Cookies and similar technologies (TTDSG)

Current status: This website does not use cookies.

Note: If security- or function-related Cloudflare cookies (e.g., with active bot management or challenge procedures) become necessary in the future, their use will be based on Sec. 25(2) No. 2 TTDSG (strictly necessary) in conjunction with Art. 6(1)(f) GDPR. Non-essential cookies (e.g., for analytics/marketing) would only be set after consent (opt-in) and would be explained here separately.

4. Server log files

When accessing the website, server log data are processed automatically (see Sec. 2). Legal basis: Art. 6(1)(f) GDPR. Retention period: short-term for troubleshooting and security, then deletion or anonymization.

5. Contact

When you contact us (e.g., by email), we process your details (sender address, content, metadata) to handle your inquiry.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual/contractual communication) and/or Art. 6(1)(f) GDPR. Retention period: until your request is completed and in accordance with statutory retention periods.

6. Use of external AI services (API calls)

For certain features, requests may be forwarded server-side by the Cloudflare Worker to external AI providers. The content you enter (prompts) and technical metadata are processed in this context.

Possible recipients/providers:

OpenAI (USA) – API use; contractual safeguards (DPA/SCC); according to the provider, no use of API content to train standard models where contractually excluded.
Anthropic (USA) – API use; DPA/SCC; recognized security/compliance standards.
Meta – Llama API (USA) – API use; according to the provider, prompts/outputs submitted via the API are not used to train the underlying models.
Replicate (USA, if used) – execution of models/inference jobs.

Purposes: Provision of the expressly requested (AI-assisted) features.

Legal bases: Art. 6(1)(b) GDPR (contract/performance) for features initiated by you; additionally Art. 6(1)(f) GDPR (optimized provision). Please avoid entering sensitive personal data where possible.

Third-country transfer: Transfers to the USA may occur; safeguarded via SCC and—where available—DPF certifications.

Retention period: We do not store prompts/outputs beyond what is necessary for the feature; providers may retain processing logs for a limited time (see their privacy notices).

7. Data sources & duty to provide data

We generally receive data directly from you (usage/inputs). There is no legal obligation to provide data; however, without technically necessary data, the use of the website is not possible.

8. Additional categories of recipients / processing on behalf

Cloudflare (CDN/edge/Worker)
AI providers as per Sec. 6
Domain/forwarding service provider (dogado/CloudPit) – in the case of pure forwarding without content processing

Data processing agreements pursuant to Art. 28 GDPR are in place with processors.

9. Retention

Personal data are stored only as long as necessary for the respective purposes or as required by law. Afterwards, the data are deleted or anonymized.

10. Your rights

Subject to legal requirements, you have the right of access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and to object to processing based on Art. 6(1)(e) or (f) (Art. 21). You may withdraw consent at any time with effect for the future (Art. 7(3)).

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the member state of your habitual residence, place of work, or the place of the alleged infringement.

11. Security

We implement appropriate technical and organizational measures (e.g., TLS encryption, hardened edge configuration, access/firewall controls). Nevertheless, data transmission on the internet can have security gaps.

12. Updates to this policy

This privacy policy is updated whenever the services used or the legal situation changes. The current version is available on this page.