Privacy policy

This privacy policy explains how we collect, use, and protect your personal data under the EU General Data Protection Regulation (GDPR) and related German data‑protection rules.

Controller

Name: Volodymyr Siedykh

Address: Lerchenweg 8, 68789 St. Leon-Rot, Germany

Email: hello@vladimirsiedykh.com

We do not have a designated data protection officer. For privacy requests, contact us at the email above.

Data we collect

We only collect personal data that is necessary for communication, service delivery, and website security. We use cookies and similar technologies where needed (see the cookies section below).

When you use contact or project forms:

  • Full name and business email
  • Company name and phone number (optional)
  • Project details, business goals, and requirements
  • Service preferences, timelines, and budget ranges
  • File or document URLs you share (optional)
  • Technical metadata: IP address, user agent, referrer URL

Contact and quote requests are handled via email. Project briefs are stored in our database to manage your request.

Legal basis: Art. 6(1)(b) GDPR (pre‑contractual communication)

Technical metadata: Art. 6(1)(f) GDPR (legitimate interest in website security and abuse prevention)

Guide notifications:

  • Email address and guide title
  • Source information (optional)
  • Technical metadata: IP address, user agent, referrer URL

Legal basis: Art. 6(1)(a) GDPR (consent) and TDDDG §25(1) where applicable

Technical metadata: Art. 6(1)(f) GDPR (legitimate interest in preventing abuse)

Tool reviews and feedback:

  • Reviewer name and email
  • Rating and review text (optional)
  • Verification tokens to confirm ownership of the email

If a review is published, we display the name you provide and the review text. We never publish your email address.

Legal basis: Art. 6(1)(a) GDPR (consent for publication) and Art. 6(1)(f) GDPR (legitimate interest in moderation and abuse prevention)

Newsletter subscription:

  • Email address and subscriber name (optional)
  • Subscription preferences and interests
  • Email verification and unsubscribe tokens (security)

Legal basis: Art. 6(1)(a) GDPR (consent, double opt‑in)

When you schedule appointments (Cal.com integration):

Our site embeds a scheduling widget provided by Cal.com. The widget loads directly from Cal.com's servers; any information you enter (e.g., name, email, selected time slot) is transmitted to and processed by Cal.com under their own privacy policy.

Important: Cal.com may process booking data outside the EU/EEA, including in the United States, depending on their infrastructure.

More info: https://cal.com/privacy

Legal basis: Art. 6(1)(b) GDPR (contract performance for appointment scheduling)

Automatic technical data:

  • IP address, user agent, referrer, and timestamps
  • Rate limiting data to prevent abuse
  • Security tokens for form protection
  • Country-level hints for cookie consent policy

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in website security, functionality, and legal compliance)

Cookies and tracking technologies

We use cookies and similar technologies for essential functionality and, where allowed, for analytics and performance monitoring. You can manage your preferences in the cookie banner or via the “Cookie preferences” link in the footer.

Essential cookies:

  • Consent storage - Saves your cookie choices
  • Security tokens - Protect forms and prevent abuse
  • Booking functionality - Required if you use the Cal.com scheduling widget

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in website functionality and security), and TDDDG §25(2) where applicable

Functional analytics (consent where required):

  • Google Analytics 4 - Page views, user behavior, and website usage analytics. Uses Google Consent Mode v2 to respect your privacy choices.
  • Vercel Analytics - Page views and user behavior tracking to understand how visitors use our website
  • Vercel Speed Insights - Performance monitoring and Core Web Vitals tracking to optimize site speed

Legal basis: Art. 6(1)(a) GDPR (consent)

Geographic consent policy: In the EU/EEA, UK, Switzerland, and other strict-consent regions, analytics are disabled until you opt in. In opt‑out regions (for example, the US and Australia), analytics may load by default with a notice and an easy opt‑out. Global Privacy Control (GPC) is honored and forces all tracking to be denied.

Managing cookies:

You can change your cookie preferences at any time via the “Cookie preferences” link in the footer. Clearing your browser storage will also reset the banner.

Purpose of data processing

Your personal data is used to:

  • Respond to inquiries
  • Schedule meetings
  • Communicate with you about your project
  • Send requested notifications and newsletters
  • Moderate and publish reviews you submit
  • Maintain security and prevent abuse

We do not use your data for advertising without explicit consent.

Whether providing data is required

Some form fields are required to process your request (for example, name and email). If you do not provide required information, we cannot respond or deliver the requested service. Optional fields are clearly marked and can be left blank.

Children

Our services are not directed to children under 16. We do not knowingly collect personal data from children.

Service providers and data processing

We use vetted service providers for hosting, email delivery, scheduling, analytics, and security. Depending on the provider, data may be processed in the EU/EEA and the United States. Where international transfers occur, we rely on appropriate safeguards (for example, the EU‑US Data Privacy Framework or Standard Contractual Clauses) and provider data‑processing terms.

Supabase (database storage)

Project briefs, reviews, newsletter subscriptions, and guide notification requests are stored in Supabase. Supabase processes data in the region configured for our project.

Privacy policy: https://supabase.com/privacy

Resend (email delivery)

We send transactional emails and newsletter verification via Resend. Resend is a US provider and offers transfer safeguards under its data‑processing terms.

Privacy policy: https://resend.com/legal/privacy-policy

Vercel (hosting, CDN, analytics)

Our website is hosted on Vercel. Server logs, performance telemetry, and analytics (if enabled) may be processed in the EU and the US, depending on Vercel’s infrastructure.

Privacy policy: https://vercel.com/legal/privacy-policy

Upstash (rate limiting and cache)

We use Upstash Redis for IP‑based rate limiting and short‑term caching. Data is stored in the region configured for our Upstash database.

Privacy policy: https://upstash.com/trust/privacy.pdf

Cal.com (appointment scheduling)

The booking widget is provided by Cal.com. When you schedule a meeting, Cal.com processes your booking data under its own privacy policy and may transfer data to the US.

Privacy policy: https://cal.com/privacy

Google Analytics 4 (website analytics)

When enabled, analytics data is processed by Google LLC. We only load Google Analytics where consent is required and do not use it for ad personalization or ad signals.

Privacy policy: https://policies.google.com/privacy

Data retention periods

We keep personal data only as long as necessary for the purpose it was collected and for legal or business recordkeeping. If we cannot provide an exact period, we use the following criteria:

Business communications:

  • Contact forms and project briefs: retained for the duration of our discussions and a reasonable period afterward for documentation and follow‑up
  • Email correspondence: retained while the business relationship is active or until you request deletion

Marketing communications:

  • Newsletter subscriptions: until you unsubscribe or withdraw consent
  • Unsubscribed contacts: retained in a suppression list to honor your opt‑out

Reviews and feedback:

  • Review submissions: retained while pending verification, moderation, and publication; removed upon request unless we must keep a minimal record for abuse prevention

Security and technical data:

  • Rate‑limiting data: short‑lived and expires automatically based on the rate‑limit window
  • Server logs and security tokens: retained briefly to investigate issues and prevent abuse

Third‑party managed data:

  • Booking data (Cal.com): retained under Cal.com's own policies
  • Email delivery logs (Resend): retained for delivery and security purposes under Resend's policies
  • Analytics data: retained under Google and Vercel settings and policies

Your rights under GDPR (Art. 15–22)

You have the following rights regarding your personal data:

Right of access (Art. 15)

Request a copy of all personal data we hold about you, including processing purposes and recipients.

Right to rectification (Art. 16)

Correct any inaccurate or incomplete personal data we have about you.

Right to erasure (Art. 17) - "Right to be forgotten"

Request deletion of your personal data when there's no legitimate reason for continued processing.

Right to restrict processing (Art. 18)

Limit how we process your data while disputes about accuracy or legality are resolved.

Right to data portability (Art. 20)

Receive your data in a machine-readable format to transfer to another service provider.

Right to object (Art. 21)

Object to processing based on legitimate interests, direct marketing, or research purposes.

Rights related to automated decision-making (Art. 22)

We do not use automated decision-making or profiling that produces legal or significant effects.

Right to withdraw consent

For processing based on consent (cookies, newsletter), withdraw consent at any time without affecting past processing legitimacy.

How to exercise your rights:

To exercise any of these rights, contact us at hello@vladimirsiedykh.com with your request and proof of identity. We will respond within one month of receiving your request.

Supervisory authority

If you believe we are violating data‑protection laws, you have the right to contact:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden‑Württemberg (LfDI BW)
Lautenschlagerstraße 20, 70173 Stuttgart
Email: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de/

Security measures

This website uses SSL encryption (HTTPS) to protect data in transit.

International data transfers

Some service providers are based outside the EU/EEA, which can result in international data transfers.

Transfers to the United States:

  • Cal.com (booking data): Cal.com may process booking data in the US under their privacy policy.
  • Google Analytics 4: Analytics data may be processed in the US. We only enable it where consent is required and rely on provider safeguards.
  • Resend and Vercel: Email delivery and hosting services may involve US processing depending on their infrastructure and subprocessors.

Where applicable, transfers rely on the EU‑US Data Privacy Framework or Standard Contractual Clauses under GDPR Chapter V.

Updates to this privacy policy

We may update this policy to reflect legal or technical changes. Material changes will be communicated through our website or email if you've subscribed to our newsletter.

Last updated: January 17, 2026