skip to content

privacy

privacy notice

This site is built deliberately minimal: no cookies, no tracking, no analytics, no third-party fonts. The personal data that is processed nonetheless is documented below — fully, honestly, and concretely.

last updated · 7 May 2026

1 · controller

Controller within the meaning of Art. 4 (7) GDPR and §5 TMG for the operation of this website:

name
Christian Gluch
address
Münchner Straße 14
85614 Kirchseeon
Deutschland
email
christian@cg-labs.dev
phone
+49 152 33529699

For requests under Art. 15–22 GDPR and any other data-protection inquiries, the direct route is datenschutz@cg-labs.dev; mail to that address is processed only for data-protection matters.

2 · principle

cg-labs.dev deliberately avoids cookies, tracking pixels, analytics, ad networks, social-media widgets, and external CDN resources. The fonts JetBrains Mono, Inter, and Instrument Serif are self-hosted via next/font at build time; no connection to Google Fonts or other third parties is made when you load this site.

Personal data is processed only to the extent technically necessary to deliver the site and to handle your contact inquiries.

3 · server logs

When you access this site, the reverse proxy (Caddy) processes the following data in a log file for the duration of technical delivery:

  • IP address of the requesting device
  • date and time of the request
  • HTTP method, requested URL, and status code
  • referrer URL and User-Agent string
  • amount of data transferred

Legal basis is Art. 6 (1) (f) GDPR. The legitimate interest is the secure and stable operation of the site (delivery, error diagnosis, abuse prevention). Logs are deleted automatically after 7 days; the data is not merged with other sources.

4 · hosting

This site is hosted with Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen (location: Falkenstein, Germany). A data processing agreement under Art. 28 GDPR is in place. Processing takes place exclusively in data centres within the European Union.

Delivery is encrypted over TLS (HTTPS) with current cipher suites; HSTS is enabled.

5 · contact form

The contact form at /contact collects the following data:

  • name (required)
  • email address (required)
  • company (optional)
  • message text (required)

For spam protection, your IP address is also held in server memory for time-limited rate limiting (sliding 15-minute window, max 5 requests per IP) and is included in the notification email sent to me. A hidden honeypot field is used to detect bots; submitted data is not stored client-side in local storage or cookies.

Submission happens encrypted (HTTPS) via a server action to my mail server. I use the data exclusively to process and, where appropriate, reply to your inquiry.

Legal basis is Art. 6 (1) (b) GDPR (steps prior to entering into a contract, or contract performance) and/or Art. 6 (1) (f) GDPR (legitimate interest in efficient handling of business inquiries and protection of the form against abuse).

Data is retained as long as it is needed to handle the request — typically while the inquiry and any resulting engagement are active and no retention obligations apply. Statutory retention periods under tax and commercial law (up to 10 years per §147 AO, §257 HGB) remain unaffected.

6 · email and phone

If you contact me directly by email (christian@cg-labs.dev) or phone (+49 152 33529699), the same applies as for the contact form. The data stays with me and is processed only to handle your request. Legal basis is Art. 6 (1) (b) or (f) GDPR.

7 · processors

The following service providers process personal data on my behalf under a data processing agreement per Art. 28 GDPR:

  • Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen — site hosting and server logs.
  • Heinlein Hosting GmbH (Mailbox.org), Schwedter Straße 8/9 A, 10119 Berlin — sending the notification email and inbox for incoming contact inquiries.

Both providers are based in Germany; processing takes place within the European Union.

8 · cookies, tracking, third countries

This site does not set cookies and does not use local storage for tracking or analytics purposes. No analytics tools (Google Analytics, Plausible, Matomo, etc.), advertising pixels, social-media widgets, or external CDNs are used.

No personal data is transferred to third countries outside the EEA. Should that ever change, this notice will be updated accordingly before any such transfer begins.

9 · your rights

Under Art. 15–22 GDPR you have the right at any time to:

  • access the personal data stored about you (Art. 15)
  • rectify inaccurate data (Art. 16)
  • erasure / “right to be forgotten” (Art. 17)
  • restriction of processing (Art. 18)
  • data portability in a structured, common format (Art. 20)
  • object to processing based on legitimate interests (Art. 21)
  • withdraw any consent given, with effect for the future (Art. 7 (3))

Send requests informally to datenschutz@cg-labs.dev. Proof of identity may be requested if there is reasonable doubt as to the identity of the requester.

10 · right to object

To the extent that I process personal data based on legitimate interests under Art. 6 (1) (f) GDPR, you have the right to object to that processing at any time. If, after your objection, I cannot demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing does not serve the establishment, exercise, or defence of legal claims, I will stop the processing.

11 · right to lodge a complaint

You have the right to lodge a complaint with a data-protection supervisory authority — in particular at your habitual residence or the place of the alleged infringement. The authority competent for this site is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18, 91522 Ansbach, Germany
www.lda.bayern.de

12 · changes

This notice will be updated whenever the feature set of the site or the third-party services in use change. The version published on this page applies; you can find the version date at the top of this page.